We build government systems. We secure government systems. Same team.

Practitioner-led consulting for federal, state, and healthcare organizations. Offensive security, compliance, IT modernization, and specialized staffing. Two decades of delivery. MBE certified. Four countries.

Book a security readiness call Scope your modernization project
20+ years government IT
$6.6B programme we power
3 direct state contracts
4 countries, one team

TWO PRACTICES

Security and engineering. Under one roof. Because in government, they're the same problem.

We didn't start as a cybersecurity brand. We started inside government agencies — building benefits platforms, modernizing HHS systems, staffing mission-critical projects for state and federal programmes.

Then our clients asked the question that changed the firm: "You built this — can you test it too?"

So we built a security practice. Not by rebranding — by partnering with CREST-certified offensive security operators and bringing them into the work we already do.

Now we deliver both. Security that understands the codebase. Engineering that understands the controls.

CYBERSECURITY + COMPLIANCE

Penetration testing, GRC, vCISO, and compliance programmes.

CREST-certified practitioners. Mapped to NIST 800-53, CMMC, FedRAMP, HIPAA, SOC 2.

Explore cybersecurity →

DIGITAL SERVICES + DELIVERY

AI-first applications, HHS modernization, public sector IT.

Embedded in Canada's $6.6B BDM programme alongside Deloitte and Accenture.

Explore digital services →

WHY CONNVERTEX

Built for the middle.

Too large for boutique shops. Too mission-critical for the Big Four's junior bench. That's where we operate.

Big Four / Systems Integrators

The Consultancy Trap

  • Rotating junior teams
  • 6–12 week delivery cycles
  • Generic compliance appendices
  • Opaque pricing + change orders
  • M&A instability risk

Connvertex

The Right Fit

  • Named senior engineers
  • 3–6 week delivery cycles
  • NIST + CMMC control mapping
  • Fixed-fee, transparent scoping
  • 100% focused on regulated orgs

Niche Security Shops

The Boutique Gap

  • Multi-month waitlists
  • $80K–$200K+ minimums
  • Zero compliance mapping
  • No ongoing support
  • Invisible to procurement

WHAT WE DELIVER

Eleven specialisms. Two practices. One team.

CYBERSECURITY

Penetration Testing

  • Network, app, cloud, and API testing
  • CREST-certified practitioners
  • NIST 800-53 + CMMC control mapping
  • 30-day retest included

CYBERSECURITY

GRC + Compliance

  • NIST 800-53, CMMC, FedRAMP, HIPAA
  • Gap analysis + remediation roadmaps
  • Audit-ready documentation
  • Continuous compliance monitoring

CYBERSECURITY

vCISO Services

  • Fractional senior security leadership
  • Programme ownership, not just advice
  • Board-ready reporting
  • Security roadmap + budget planning

DIGITAL SERVICES

AI-First App Dev

  • AI-native application architectures
  • Full-stack cloud-native delivery
  • API design + microservices
  • DevSecOps pipeline setup

DIGITAL SERVICES

Agentic AI + Automation

  • AI agent deployment + orchestration
  • Workflow automation for government ops
  • LLM integration + RAG pipelines
  • Human-in-the-loop governance

DIGITAL SERVICES

Public Sector IT

  • HHS + benefits platform modernization
  • IBM Cúram / Merative expertise
  • Government programme consulting
  • Legacy system migration
See all 11 services →

WHAT WE BELIEVE

A few things we've learned in twenty years of government IT.

  1. The people who build the system should secure the system.

    Two vendors means two SOWs, two timelines, and zero accountability when something breaks between them.

  2. A report nobody acts on is worse than no report at all.

    We don’t ship findings. We ship fixes. If we identify a gap, we close it — or we build you the plan to close it with dates and names attached.

  3. Small teams with senior people beat large teams with junior ones.

    Every time. In every programme we’ve seen. Forty focused people outship four hundred rotated ones.

  4. Certifications matter when they’re earned, not displayed.

    We’re MBE certified and SAM.gov registered because those are real. We don’t list badges we’re “in the process of” earning.

  5. Government work is not boring work.

    It’s the most consequential technology work there is. Ten million Canadians receive benefits through a system our team helped build. That’s the kind of work worth doing well.

PROVEN DELIVERY

Programmes we've worked inside. Not logos we're borrowing.

FEDERAL · $6.6B PROGRAMME · CURAM/MERATIVE

Canada Benefits Delivery Modernization

Specialized consulting for Canada’s largest federal IT transformation — replacing 20-60 year old legacy systems serving 10+ million Canadians. Working alongside Deloitte and Accenture within the programme team.

$6.6B Programme value
10M+ Canadians served
OAS migrated 2025 milestone

Our role: Curam/Merative platform expertise, technical consulting, delivery support.

STATE HHS · DIRECT CONTRACT · 6 YEARS

State of Utah — eREP Programme

Solution architecture for 40+ member teams across multiple state Health and Human Services agencies. SOAP-based web services, MQ solutions, interface development.

40+ Team members led
6 years Direct contract
Multi-agency HHS scope

May 2006 – October 2012

STATE HHS · DIRECT CONTRACT · BENEFITS MODERNIZATION

State of North Carolina — NC FAST

Consulting and implementation for North Carolina’s Families Accessing Services through Technology programme. Curam/Merative platform delivery.

NC FAST State programme
Cúram Platform delivered
Direct State contract

Ready to talk — or still evaluating?

Start a conversation.

Tell us what you're working on. Security, modernization, staffing — whatever it is, you'll hear back from a senior person within 48 hours. Not a sales rep. Not a chatbot.

Talk to our team →

Learn more first.

We're building out our Insights hub with field notes, readiness guides, and technical briefs from twenty years of government work. Check back soon — or leave your email and we'll send the first one when it's ready.

Browse insights →