Security & Privacy Advisory

Your security executive.
Without the full-time cost.

Fractional CISO advisory, enterprise security architecture, and privacy & risk advisory — for organizations that need strategic security guidance without a permanent hire.

Schedule a strategy session Explore services
Credentials
CISSP SABSA SCF CIPM CIPT
Industry Contributions
Technical Committee Member — Digital Governance Council Developing national information governance standards for Canada
Contributor — OWASP Top 10 Privacy Risks Countermeasures International reference for privacy risk in web applications

Sound familiar?

  • "We need a CISO but can't justify a full-time hire."

    Fractional CISO Advisory →

  • "Every project solves security differently — we have no consistent architecture."

    Security Architecture →

  • "We have a privacy policy, but no real privacy program."

    Privacy & Risk Advisory →

  • "Our regulator is asking security questions we can't answer."

    Fractional CISO Advisory →

  • "We have security products — but nothing holding them together."

    Security Architecture →

  • "We're not sure what CPPA means for our organization."

    Privacy & Risk Advisory →

What we do

Three core service pillars

Each pillar reflects where we have the deepest, most consistent track record — built over two and a half decades of real engagement delivery.

Primary

Fractional CISO Advisory

Senior security advisory on a flexible, engagement-based model. Strategic guidance, frameworks, and recommendations — your team retains decision-making authority and accountability.

  • Security program assessment & roadmap advisory
  • NIST CSF, ISO 27002 guidance
  • Regulatory compliance advisory
  • Third-party & supplier risk advisory
  • Security audit preparation & advisory support
  • Incident response planning guidance
  • C-suite & board-level security reporting support
Strategic Advisory
20 hrs/mo · Guidance & roadmap
Active Advisory
40 hrs/mo · Ongoing program support
Learn more about Fractional CISO Advisory →
Primary

Enterprise Security Architecture

SABSA-based architecture advisory. Business-aligned, framework-grounded, and designed to be implemented by your team.

  • Architecture assessment, advisory & gap analysis
  • OT/IT convergence security advisory
  • Cloud security review
  • Threat modelling

Frameworks & Standards: SABSA · NIST CSF · ISO 27002 · PCI-DSS · CIS

Learn more about Security Architecture →
Advisory

Privacy & Risk Advisory

Dual CIPM + CIPT certification. Privacy integrated into security architecture and operations from the start — not treated as a separate workstream.

  • Privacy Impact Assessment advisory
  • PIPEDA, CPPA, FIPPA, GDPR guidance
  • Threat & risk assessment advisory (TRA, FAIR)
  • Third-party & vendor risk advisory
  • Data breach response planning
  • Privacy Regulator liaison support

OWASP Top 10 Privacy Risks contributor

Learn more about Privacy & Risk Advisory →

Why Sarakinov Consulting

What makes us different

The differentiator is not just seniority — it is the specific combination of SABSA architecture depth, sustained Fractional CISO advisory experience in financial services, and integrated privacy expertise that is genuinely rare in the market.

SABSA Chartered Security Architect

The gold standard for aligning security architecture with business objectives — not just technology. Security that cannot be explained to a business leader has not been designed well.

Sustained advisory relationships — not one-off engagements

Fractional CISO advisory that endures across years, not months. Guidance on security frameworks & standards, audit preparation, supplier risk, and board reporting — with your team retaining full decision-making authority.

Privacy built in from the start

Dual CIPM + CIPT certification means privacy guidance is integrated from architecture through operations. Contributor to OWASP Top 10 Privacy Risks and Technical Committee member of the Digital Governance Council.

Regulated industry fluency

FSRA, OSFI, PCI-DSS, PIPEDA, CPPA, and FIPPA — not as theoretical frameworks, but as lived compliance requirements across 25+ years of advisory engagements in banking, insurance, retail, transit, and government.

Track record

Selected client engagements

A representative sample of engagements across sectors. Client identities are kept confidential in line with our standard practice.

  • Insurance
  • Public transit & OT
  • Retail & payment systems
  • Provincial government
  • Technology

View all client engagements →

Insights

Thought leadership

Perspectives on the topics we work with every day — written for practitioners and decision-makers, not for search engines.

View all insights →

About

Sarakinov Consulting Inc.

Sarakinov Consulting Inc. is an independent information security and privacy advisory firm based in Toronto, Ontario. Founded in 1999, the practice has served private and public sector clients for over 25 years.

Principal consultant Goni Sarakinov brings practitioner-level advisory experience from engagements at major financial institutions, public transit authorities, insurance companies, and government ministries — providing strategic guidance while clients retain full decision-making authority and accountability.

Industry participation includes the Technical Committee of the Digital Governance Council (developing national Canadian standards), contributor to OWASP Top 10 Privacy Risks – Countermeasures, and speaker at events including the Ontario Society of Professional Engineers and conferences on GDPR, blockchain security, and digital marketing.

  • Organizations needing senior security advisory without a full-time CISO
  • Financial institutions, credit unions, and insurers facing regulatory scrutiny
  • Organizations undertaking digital transformation, cloud adoption, or platform modernization
  • Companies facing compliance requirements who need independent, experienced guidance
  • Organizations that want security and privacy built into their architecture from the start

SABSA Chartered Security Architect

The gold standard for business-aligned security architecture advisory.

Sustained advisory relationships

Strategic guidance across years — your team retains full decision-making authority.

Privacy built in, not bolted on

CIPM + CIPT — managerial and technical privacy advisory in one engagement.

Regulated industry fluency

FSRA, OSFI, PCI-DSS, PIPEDA, CPPA, FIPPA — lived compliance advisory experience.

Canada and beyond

Serving clients across Canada and the US; GDPR advisory for international obligations.

Get started

Ready to talk about your security program?

A 30-minute advisory session costs nothing and clarifies a great deal. No sales pitch — just a focused conversation about your situation and where independent security expertise could help.

Schedule a complimentary strategy session Send a message
Download: Is a Fractional CISO Right for Your Organization? Download: Security Architecture Readiness Checklist Download: PIPEDA to CPPA Transition Guide

Serving clients across Canada and the United States