Hans Study

Hans Study is an independent security leader who works the seam where IT and physical security meet. Most regulated organizations already have a CISO for enterprise IT and a director for physical security. What they rarely have is one person accountable for the converged layer between them, the OT and IP boundary both teams touch and neither fully owns. That's the role Hans fills, on a fractional or virtual basis, scaled to what the program needs instead of a full-time seat. The grounding runs 15+ years deep, across federal, defence, public safety, and critical infrastructure clients in Canada and the US. Capital-project leadership on networks and physical security systems. Architecture and hardening down to the switch and the door. Years teaching Cisco networking and information security at the college level, and field guides written for the integrators who deploy these systems. He holds CISSP among other security and network certifications, and he builds the standards he then holds clients to. He works independent and vendor-agnostic. No reseller agreements, no product line to push, so the recommendation a client gets is the one he'd put his own name behind. A sole practitioner by design, which means the person setting your security direction is the person doing the work, not a junior 2 levels down. Engagements are scoped for government, defence, public safety, and critical infrastructure, the environments where a misconfigured switch and an unlocked door are versions of the same risk. Based in Ontario, Canada, serving clients across Canada and the US.

• Convergence strategy. Owning the security risk that lives between IT, OT, and physical systems, and turning 2 separate programs into one accountable picture.
• Architecture and hardening. Network design, segmentation, and device hardening down to the switch, the camera, and the door controller. Genetec Security Center, access control, and the infrastructure underneath.
• Security program leadership. Setting standards, defining policy for the converged layer, and carrying accountability alongside existing IT and physical security leaders rather than over top of them.
• Independent integrator oversight. Reviewing what vendors and integrators actually deliver against what they promised, with no reseller relationship steering the verdict.
• Critical infrastructure protection. Segmentation, hardening, and resilience for government, defence, public safety, and utility environments where downtime and breach are operational, not just financial.
• Risk and audit readiness. Assessing converged exposure, closing the gaps, and getting the program to a state that stands up to an audit without a scramble.