Skip to Main Content
Scotiabank Digital Banking Lab

Security Compass

Security Compass logo
Security & Identity | Toronto, ON | Founded: 2005 | Employees: 150|


Last updated March 25, 2019 | To download a PDF version, click here


Company Overview

Security Compass is a software security company based in Toronto, Ontario that provides organizations with knowledge, training, and technology to create secure software.[1] The company provides advisory, e-Learning and SD elements, an automated software security identification platform.  


Senior Management

Nish Bhalla: Founder, CEO (2005 - Present). Previously: Founder and CEO, SD Elements (2001- Present); Principal Consultant, Foundstone (2001 – 2004); Security Consultant, Infotek Solutions (1998 – 2001); Education: MSc., The University of Sheffield; PGDA, University of Strathclyde; B. Comm, Bangalore University.

Rohit Sethi: COO (2016 – Present). Previously: Vice President, Product Development, Security Compass (2011- Present; Consultant, Deloitte (2004-2006); Business Analyst, ADP (2000-2003). Education: BSc., The University of Western Ontario.

David Rea: CFO (2015 - Present). Previously: CFO & VP Operations, TELoIP Inc. (2008 – 2015); Director of Finance, Bell Canada (2004 – 2008); VP Finance & Operations, C5 Group Inc. (2002 – 2004); Corporate Controller, Burntsand (2001 – 2002); Director of Finance, AT&T Canada (1999 – 2001). Education: MBA, University of Toronto – Rotman School of Management, BA, University of Western Ontario.


Working in the software security space in leading-edge firms such as Microsoft, Nish Bhalla realized there was no software security presence in Canada.[2] He looked to create value and bring his experiences into Canada. Starting as a consultancy offering penetration testing, it now offers its own cybersecurity software and has grown into 5 offices spanning from San Francisco to India.  

[2] Personal Interview with Nish Bhalla, CEO


Founder Nish Bhalla worked to build a company using personal funds.[3] Cash flow in the initial stage was generated by working in personal consulting engagements. Government grants were also utilized, such as IRAP and SR&ED.  However, the company acquired funding from BDC in 2012, for an undisclosed amount.[4]

[4] Personal Interview with Nish Bhalla, CEO

Key Corporate Developments

Sept 5, 2018: SD Elements now features Operational Security Requirements for Microsoft Azure, AWS, Apache
March 19, 2018: Security Compass named winner in 14th Annual Infor Security PG’s 2018 Global Excellence Awards
March 1, 2018: Security Compass and (ICS)² Launch New Certificate Program to raise baseline app security knowledge


Business Highlights


Security Compass offers 3 distinct services:

  • SD Elements – Company unique product that automates software security requirements across the software development lifecycle (SDLC).
  • Advisory – Works with companies to understand their product development cycle and advise in integrating software security into their processes.
  • Training – Offers Personal and enterprise cybersecurity courses on identifying critical security risks


  1. SD Elements
  • Entry Level - Offered as a shared cloud SaaS.
  • Professional - Offered as a dedicated server SaaS.
  • Enterprise - Offered as a Dedicated Server SaaS, or an On-Premise option.
  1. Advisory
  • DevSecOps/ Advisory on a secure Software Development Lifecycle – providing guidance to companies on integrating security testing into their product lifecycles such as static application security testing (SAST).
  • Penetration Testing – Perform a Black, Gray and White box testing of client product to ensure the application is secure of breach.
  1. Training
  • Enterprise – Offers training modules on secure coding on Java, .NET, C++ and ios.
  • Personal – Offers learning curriculum available through online channels, from basic app security to identifying vulnerabilities on popular coding platforms. Classes range from $143–750 USD.


Security Compass uses the knowledge of the logic behind the coding of various languages (C++, Java, .NET) to find critical breaches in software code and offers security solutions as value propositions within their business model. SD Elements is designed to automate the software security identification process.


Security Compass offers demo services for all its product offerings directly available from their website, as well a sales department to promote its consulting/security solution offerings.


Security Compass publishes whitepaper/reports on Application security and compliance. Additionally, the CEO has appeared in various media new segments on security, from BNN and Yahoo Finance on the Equifax Security Breach.[5] The company looks to provide resources, sponsor and speak on security to establish its brand in the cybersecurity space.




Many companies now offer security advisory services for software-based firms. Competitors are listed below:

  1. Veracode – (Burlington, MA) Veracode offers application security solutions for today’s software-driven services. CA Veracode is a platform that offers security solutions by scanning code to find vulnerabilities.
  2. Security Innovation – (Wilmington, MA) Security Innovation offers Software Security Services and Training. They offer an immersive learning environment, where they place users in the position of an attacker.

Corporate Profile Created By: Il Young Chung, Ivey HBA Candidate 2019
Il Young Chung

Connect with Ivey Business School