Hardening Genetec Security Center: The Baseline I Deploy
A practical hardening baseline for a Genetec Security Center deployment. Windows server baselines, Defender exclusions d...
Indexed across articles, news, KB updates, knowledge base, books, learning, and tools. Press Esc to close.
// NETWORK AND SECURITY EXPERT · INDEPENDENT CONSULTANT AND ADVISOR · Ontario, Canada
Hans Study is an independent network and security consultant and advisor based in Ontario, Canada. Boutique work in controls, security systems, and the infrastructure underneath them. Hardening and tuning specialist for Microsoft Windows, Cisco, Aruba, and Genetec. Clients engage Hans when the problem is complicated and they need someone who will tell them what is true, not what is profitable to say.
// ENGINEERING
The delivery side of the practice. Design, review, troubleshoot, harden, and stabilize the systems and networks an operation runs on. Independent of reseller and integrator incentives. Not a reseller, not an integrator. I work with integrators and end clients to make the system work for them.
Independent Genetec consulting. Architecture review, sizing, federation, deployment oversight, and troubleshooting. Not a reseller, not an integrator. No license revenue.
Learn more →Vendor-agnostic design and review across Genetec, C-CURE, Milestone, Avigilon, Axis, and Bosch. The system and the network it runs on, treated as one problem.
Learn more →Design and gap assessment for access control, CCTV, and integrated physical security. From threat model to a specification an integrator can build to.
Learn more →Most platform problems are network problems wearing a costume. Topology, segmentation, routing, and wireless designed properly from the start, not bolted on later.
Learn more →Segmentation, the iDMZ, passive monitoring, and secure remote access applied in a way that respects how plant systems actually run.
Learn more →Physical-layer work is cheap to fix at design and expensive after construction. Pre-construction review catches it before it becomes an installed fact.
Learn more →Integrated facility systems advisory, owner's representative services, and commissioning oversight for complex physical security and technology projects.
Learn more →For integrators on complex bids and practitioners closing a knowledge gap. An independent technical voice on a project already in progress.
Learn more →// ADVISORY
The leadership and strategy side. Fractional CISO, security and technology strategy, defence supply chain compliance, and the OT, IT, and physical security boundary. Independent, with nothing to sell you but the advice.
Retained, part-time security leadership for organizations without a full-time CISO. Strategy, board reporting, program ownership, risk, and incident oversight.
Learn more →Independent strategy for the decisions that are expensive to reverse. Roadmaps, architecture direction, platform selection, and due diligence. Project-based and vendor-neutral.
Learn more →Scoping, gap assessment, and attestation support for Canadian and cross-border defence suppliers. NIST 800-171 since 2019, not a framework I am reading up on.
Learn more →The physical, OT, and IT boundary, assessed and secured by someone who reads both sides. Where a lot of real exposure quietly hides.
Learn more →Independent program and gap assessments against NIST 800-171, NERC CIP, ISO 27001, and CIS Controls, plus architecture, hardening, and project oversight.
Learn more →// ABOUT HANS STUDY
I started the way a lot of people in this field do. Fixing computers for friends and family, then picking up work installing small business networks and CCTV systems. By 2010 that had grown into my own IT firm. What followed over the next fifteen years is where the depth comes from.
I have spent my career working across public sector, defence, public safety, and critical infrastructure environments, designing and integrating the technology those organizations depend on. That includes years working directly in the federal space on mission-critical networks where failure was not an option.
That depth led to teaching at the post-secondary level. Cisco CCNA, Introductory and Advanced Networking, Information Security, and Microsoft Windows Server and Workstation. Teaching is where you find out how well you actually understand something. Mentoring practitioners and integrators is still part of the work today.
Today I consult independently across Canada and the United States on enterprise networks, OT and ICS security, physical security systems, and ICAT design. The technical writing and the tools on this site come out of that consulting work, not the other way around.
Enterprise networks, cybersecurity, and physical security. Each understood well enough to advise on, and to see how decisions in one affect the others. Most consultants cover one area. Very few cover all three independently.
Across sectors and project types, including the ones that went sideways before I helped fix them. That experience is how I catch risks early, before they become expensive problems on a live project.
My recommendations do not change based on who is selling. I work with most of these vendors and my read on them is candid. Where they have done something right, and where they have not. What you get is an honest assessment of what fits the environment.
A recommendation that ends at the design phase is a document, not advice. The goal is a system that performs in the field. That means I stay engaged through delivery and stay available when the integrator hits something unexpected.
// GENETEC SECURITY CENTER
Architecture review, sizing, federation, hardening, and post-deployment troubleshooting on Security Center. Not a Genetec partner. No license revenue. Start with a structured Health Check, or read the field writing first.
// STUDY BYT3S
A practical hardening baseline for a Genetec Security Center deployment. Windows server baselines, Defender exclusions d...
The security controls an operational technology network actually needs, applied in a way that respects how plant systems...
FortiBleed wasn't a firewall flaw. It was a pile of reused, never-rotated credentials with a brand name attached. The le...
// CONTACT
If you have a project coming up, a system that is not performing the way it should, or an upcoming procurement that needs independent technical input, reach out directly. No minimum project size. No retainer required.
Two tools run by default to help me understand how the site is used. You can turn either off at any time. Cloudflare's server-side analytics is always on and never sees your identity.