Gneiss Group delivers practical, scenario-based security awareness training for Canadian mid-market firms in regulated industries. Built around how your teams actually work, not generic slide decks.
Scenario-driven sessions your team will actually remember. We use narrative-based techniques to make threat recognition feel real, covering phishing, social engineering, AI-assisted attacks, and more.
Live incident simulations for leadership teams. Structured around real-world scenarios including ransomware, data breach response, and regulatory notification timelines. Built to surface gaps before a real incident does.
Training programs aligned to Canadian privacy law obligations including PIPEDA, Quebec's Law 25, and incoming Bill C-27 requirements. Documented, defensible, and audit-ready.
Fractional security leadership for organizations that need strategic direction without a full-time hire. We help you build policy, manage risk, report to the board, and make the right security investments at the right time.
Generic training doesn't change behaviour. We build sessions around your people, your systems, and the real threats facing your industry.
Who we work with
Law firms and in-house teams handling privileged client data and regulatory filings.
Investment managers, advisors, and fintechs navigating OSC and FINTRAC obligations.
Clinics, health networks, and digital health companies managing sensitive patient records.
We work primarily with mid-market organizations, typically 50 to 500 employees, where the security team is small or shared and training has to count.
Gneiss Group is a boutique security awareness consultancy based in Vancouver, BC.
Founded by a security executive with a background building and securing SaaS products, Gneiss Group brings hands-on experience leading security teams, managing risk budgets, and seeing firsthand how often the human layer is the one that breaks, not the tools.
We exist because mid-market companies in regulated industries need security awareness training that's actually grounded in how threats work today, including AI-assisted phishing, deepfake voice attacks, and increasingly convincing social engineering. Most off-the-shelf training isn't built for that.
We build sessions around story and consequence, not bullet points. People retain what they engage with.
Whether you're preparing for an audit, responding to a board ask about AI threats, or just know your team needs better training, reach out and we'll figure out if we're a fit.
Canada's privacy landscape is shifting fast. Quebec's Law 25 is already in force. Bill C-27 is moving through Parliament. Organizations that build defensible training programs now are ahead of the compliance curve, rather than scrambling to catch up when enforcement ramps up.