FAQ · Briefing notes
Questions we hear from security leaders
Direct answers about our services, approach, and what you can realistically expect from a defensive security partnership.
No. We are a defensive AI cybersecurity studio that runs AI-assisted threat detection, alert triage and incident response for client organizations, always with senior analysts in the loop and only on systems we are authorized to monitor. We do not offer offensive hacking, account takeover or password cracking, we do not sell courses, and we are not a general LLM or automation consultancy. "Cyber" means defensive security; "Motion" means threats and telemetry in motion; the .pro TLD is branding only.
No one can make you unhackable — AI produces false positives and can miss things, so human review is essential and outcomes are never guaranteed. Our work helps you see sooner, triage faster and respond with evidence your legal and insurance partners can use.
Discovery calls are typically scheduled within three business days. Formal engagements begin after a signed statement of work and, where required, a mutual NDA. Emergency incident response retainers can activate same-day once pre-onboarding documentation is in place.
Usually not. We complement existing providers by improving detection content, tuning alert routing, and offering specialist response capacity your MSSP may lack. Many clients keep their overnight monitoring vendor and engage us for engineering, hunting, and executive incident support.
By default, client telemetry for analysis stays in Canadian cloud regions. Cross-border transfer requires explicit written consent and a documented lawful basis. Our privacy policy and data processing agreements spell out retention periods, subprocessors, and deletion procedures.
We train supervised models on your historical alert outcomes: true positives, false positives, and escalated incidents. Incoming alerts receive a priority score and contextual enrichment before reaching an analyst. Models are retrained on a scheduled cadence and reviewed by senior engineers. You can inspect feature weights and override any automated decision.
Detection engineering projects are typically fixed-fee based on scope. Retainers are monthly with defined response times and included hours. Incident response beyond retainer limits is billed hourly with pre-agreed rates. We provide written estimates before work begins and flag scope changes immediately.
Yes. We maintain current experience with major SIEM, EDR, and cloud-native logging platforms. Our detection-as-code workflows export to vendor-native formats where possible. We are vendor-neutral in recommendations and will tell you when existing licences are underutilised before suggesting additional spend.
Week one focuses on access provisioning, data flow diagrams, and stakeholder interviews. We document current alert volumes, top pain points, and regulatory constraints. You receive a draft findings memo by end of week two with prioritised recommendations ranked by effort and risk reduction. No production changes occur without your written approval.
Client-facing reports and executive summaries can be provided in French on request for Quebec operations. Standard engagement documentation and detection rule comments are delivered in English unless otherwise specified in your contract.
We decline engagements that primarily involve offensive intrusion against third parties without authorisation, surveillance of individuals without lawful basis, or activities that would contravene Canadian criminal law. Our defensive mandate is explicit in every contract preamble.
Yes. We routinely complete vendor security assessments, provide proof of insurance certificates, and execute client paper where mutual terms are reasonable. Turnaround for standard questionnaires is typically five to ten business days. Non-standard liability caps or indemnities require legal review on both sides.
briefing · faq_session
Still have questions? Our team welcomes direct enquiries.
Contact us