About Sarakinov Consulting
Sarakinov Consulting Inc. is an independent information security and privacy advisory firm. We bring senior, practitioner-level expertise to every engagement — developed over 25+ years of advisory work at major financial institutions, public transit authorities, insurance companies, retail, and government ministries.
"Security that cannot be explained to a business leader has not been designed well. Every engagement begins with understanding your business objectives, risk appetite, and regulatory context — not a generic framework checklist."
— Goni Sarakinov, Principal Consultant
The consultant
Goni Sarakinov began his information security career in 1999. Over more than two decades of consulting engagements across financial services, insurance, transit, and government, a consistent pattern emerged: the organizations that implemented security well were the ones where security was connected to business decisions, not layered on top of them. Sarakinov Consulting Inc. was built around that insight.
The practice has always been deliberately independent — no products to sell, no managed services to upsell, no preferred vendors. The only interest in every engagement is giving the client the best possible advisory, grounded in what their specific context requires.
Goni brings 25+ years of experience across financial services, transportation, insurance, retail, and government sectors — always as the person accountable for giving sound security and privacy advice, not as a vendor representative.
Certified Information Systems Security Professional
(ISC)² · Since 2006
The globally recognized gold standard in information security certification — covering security and risk management, asset security, security architecture, network security, identity management, security assessment, and software development security.
SABSA Chartered Security Architect, Foundation
SABSA Institute · Foundation 2012 · Practitioner 2015
SABSA is the industry's most rigorous framework for business-aligned security architecture — requiring demonstrated mastery across every layer from business context through to physical implementation.
Certified Information Privacy Manager
International Association of Privacy Professionals (IAPP) · Since 2018
Covers privacy program management — building, operating, and governing organizational privacy programs. Addresses privacy strategy, operational practices, regulatory compliance, and the organizational structures required to sustain a mature privacy program.
Certified Information Privacy Technologist
International Association of Privacy Professionals (IAPP) · Since 2011
Covers the technical dimensions of privacy — privacy-by-design principles, data lifecycle management, privacy engineering, and the implementation of privacy controls in technology systems and architectures. The technical counterpart to the CIPM.
Technical Committee Member — Digital Governance Council
Participating member of the Technical Committee of the Digital Governance Council (formerly the CIO Strategy Council), contributing to the development of national information governance standards for Canada.
Contributor — OWASP Top 10 Privacy Risks Countermeasures
Contributed to the OWASP Top 10 Privacy Risks – Countermeasures project, the industry reference for privacy risk identification and mitigation in web applications and digital services.
Speaker & Panelist — Industry Conferences
Regular speaker and panelist on information security and privacy topics. Past events include the Ontario Society of Professional Engineers Roundtable on Smart Cities, Privacy & Blockchain, GDPR & Digital Marketing, and Information Security for Small Business.
How we work
Four principles that guide every engagement — from the first conversation to the final deliverable.
Security that cannot be explained to a business leader has not been designed well. Every engagement begins with understanding your business objectives, risk appetite, and regulatory context — not a generic framework checklist.
Shelf-ware helps no one. Every deliverable — roadmap, assessment, policy, architecture document — is written to be implemented and sustained by your team after we are gone. Clear ownership, clear sequencing, and clear rationale for every recommendation.
No products to sell. No managed services to upsell. No preferred technology vendors. Our advisory is grounded solely in what your specific context requires — whether that means recommending a tool we have no affiliation with or telling you that you do not need something a vendor is trying to sell you.
Privacy and security share data flows, controls, architectures, and governance structures. Running them as separate workstreams creates gaps, duplication, and competing frameworks. We advise on both simultaneously — one coherent program, not two parallel ones.
Who we work with
Sarakinov Consulting delivers the most value in specific contexts. These are the situations where our advisory track record is deepest.
Credit unions, community banks, and smaller financial institutions navigating regulatory expectations without dedicated security leadership.
Organizations that have grown to where security needs strategic guidance but are not ready to commit to a full-time executive hire.
Mid-sized insurers and specialty organizations with specific regulatory obligations and complex third-party and technology ecosystems.
Public-sector organizations requiring security and privacy advisory.
Organizations undertaking cloud adoption, platform modernization, or significant digital initiatives that require security architecture embedded from the design phase.
Organizations facing regulatory examinations, IT security audits, or PCI-DSS assessments who need experienced advisory support to prepare and respond.