Skip to main content
Vencer Group
  • Engagement Models
  • M&A IT Services
  • Projects & Procurement
  • Industries

    Six industries. One operator's lens.

    Operator-grade IT for the sectors we've actually run through the cycle.

    All Industries →
    Oil & Gas / Energy

    Calgary is energy. 14 startup IT builds, 4 continents.

    Manufacturing & Distribution

    Fabricators, contract manufacturers, regional distributors.

    Construction & Trades

    GCs, electrical, mechanical, civil, specialty trades.

    Engineering Firms

    Multi-discipline teams, CAD libraries, project files.

    Advisory & Professional Services

    Law, accounting, restructuring, consulting partnerships.

    Healthcare & Pharmacy

    Clinics, multi-location pharmacies, healthcare M&A.

  • What Drives Us
  • Insights

    Operator-to-operator writing across five pillars.

    Blogs, case studies, guides, eBooks, and diagnostic tools. Plus the monthly operator newsletter.

    All Insights →
    Cycle

    Build IT that survives both ends of the commodity curve.

    1 blog · 1 ebook
    Cyber

    Eleven years operating. Zero breaches. How.

    4 blogs · 2 cases · 1 ebook · 1 diagnostic
    M&A

    30+ transactions. Operated, not advised.

    1 blog · 1 guide
    Operations

    Daily IT decisions from an operator perspective.

    5 blogs
    AI

    Practical AI for operators, not AI departments.

    1 case study
    Guides
    1 guide
    eBooks
    2 eBooks
    Diagnostics
    1 free self-assessment tool
Get In Touch

Explore

Engagement Models M&A IT Services Projects & Procurement

Industries

All Industries Oil & Gas / Energy Manufacturing & Distribution Construction & Trades Engineering Firms Advisory & Professional Services Healthcare & Pharmacy What Drives Us General Inquiries

Insights

All Insights Cycle Cyber M&A Operations AI Get In Touch
19 years · 30+ M&A · zero breaches in 11 years
Calgary · Canadian-reaching · Internationally capable

SECURITY · LAST UPDATED 2026-06-07

Security Disclosures

Vencer Group operates managed security for clients across Canada and internationally. We take vulnerability reports seriously, respond quickly, and treat researchers with respect.

Report to security@vencergroup.com

Our security posture

Vencer Group has operated 11 years without a client breach. That's not luck. It's the result of:

  • Multi-tenant isolation - no client data shares a tenant with another client's
  • Vendor-grade EDR on every endpoint we manage (Gartner Leaders Quadrant only)
  • 24/7 NOC/SOC monitoring out of Calgary and Singapore
  • Quarterly Technology Business Reviews with documented control attestation
  • Annual penetration testing and tabletop exercises
  • Zero-trust network architecture as default
  • Documented incident response runbooks (Premier tier)

Vulnerability disclosure

If you've discovered a security vulnerability in Vencer Group's public website, infrastructure, or services, please report it to us before disclosing publicly. We respond to all reports within 5 business days.

How to report

  • Email: security@vencergroup.com
  • PGP key: available on request
  • RFC 9116 advisory: /.well-known/security.txt

What to include

  • A clear description of the vulnerability
  • Steps to reproduce
  • The potential impact you've identified
  • Your preferred name/handle for acknowledgment (or anonymous if you prefer)

What you can expect from us

  • Acknowledgment of receipt within 5 business days
  • An initial assessment within 10 business days
  • Regular status updates while we investigate and remediate
  • Public acknowledgment after remediation (if you wish)
  • No legal action against good-faith researchers following this policy

Scope

In scope:

  • vencergroup.com and all subdomains
  • Public-facing infrastructure
  • Any product or service Vencer Group operates publicly

Out of scope:

  • Client-specific systems Vencer Group manages on behalf of clients (those reports go through the client's incident response process)
  • Third-party services we use (Google, HubSpot, Cloudflare, etc.) - report to the vendor directly
  • Findings that require physical access or social engineering
  • Denial-of-service testing
  • Spam, brute-force, or rate-limit findings

Bug bounty

Vencer Group does not currently operate a paid bug bounty program. However, we recognize researchers who report responsibly and we may issue acknowledgments, references, or small thank-you gestures at our discretion.

Safe harbor

We will not pursue legal action against researchers who:

  • Act in good faith
  • Avoid privacy violations, destruction of data, and interruption of service
  • Do not exploit findings beyond what is necessary to demonstrate the issue
  • Provide us reasonable time to remediate before public disclosure
  • Follow the disclosure process above

Acknowledgments

We credit researchers who report valid security issues in good faith and follow responsible disclosure. If you would like to be acknowledged publicly for a report, tell us in your initial email and we will add you here after remediation.

No public acknowledgments at this time.

QUESTIONS?

We answer in plain English, and quickly. Real humans, real responses.

Contact us
Vencer Group Vencer Group global footprint

Your IT team - wherever your business operates. Calgary-rooted, internationally delivered. 19 years. 30+ M&A transactions. Zero breaches in 11 years.

SERVICES

  • Engagement Models
  • M&A IT Services
  • Projects & Procurement
  • Industries
  • Switch to Vencer

VENCER

  • What Drives Us
  • Careers
  • Insights
  • Contact
  • Privacy Policy

THE OPERATOR'S BRIEF

Operator-to-operator commentary. No vendor noise. What actually works.

No spam. Unsubscribe anytime.

CONTACT

+1 (888) 271-6230
connect@vencergroup.com

700 4 Ave SW #1680
Calgary, AB T2P 3J4
Great Place to Work 2025 Certified Living Wage Alberta Employer
© 2026 Vencer Group Inc. All rights reserved.
Privacy Policy Security Disclosures Terms of Use Terms of Service

SECURITY NOTICE

Verify a Vencer technician.

Cybercriminals impersonate IT providers to phish passwords, MFA codes, or remote-access approvals. Here is how you confirm someone contacting you is actually us, not someone wearing our name.

What Vencer will never do

  • Ask for your password over the phone or by email.
  • Ask you to bypass MFA or approve a code you did not request.
  • Ask for remote access without a ticket number you can reference.
  • Pressure you to act right now. Legitimate work waits for verification.

Three ways to verify

  • Call our service desk (24/7): +1 (877) 883-2716 and ask for the person by name.
  • Email service.desk@vencergroup.com: a real person confirms.
  • Ask for the ticket number and cross-check it in your ticket system before doing anything.

If in doubt: hang up, or do not reply. Reach us through the numbers on this page. We would rather you double-check ten times than get burned once.

Report suspected impersonation to security@vencergroup.com. We investigate every report.

Your security is our operating baseline. Thanks for helping keep it that way.