NEWAI Security & Governance advisory now open — including ISO/IEC 42001 (AI Management System) readiness.See how
Savannah Research Labs seal
SAVANNAH RESEARCH LABS
SECURITY · PRIVACY · ENCRYPTION
SAVANNAH RESEARCH LABS INC. — VANCOUVER · TORONTO

Security leadership, engineered like research.

We take companies from zero to audit-ready. vCISO leadership, compliance programs across eleven frameworks, and applied security R&D — advised by a founder with a peer-reviewed publication record, not a slide deck.

Message on WhatsApp+1 647 861 6440
PhD, UBC
Electrical & Computer Engineering
16 papers
Peer-reviewed, ACM & IEEE venues
11 frameworks
From SOC 2 to FedRAMP
3 sites
West Vancouver · Richmond Hill
Savannah Research Labs — lion seal
INCORPORATED IN BRITISH COLUMBIA · BC1402762 · EST. 2023
SOC 2ISO 27001ISO 42001FEDRAMPGOVRAMPTXRAMPHIPAAHITRUSTPCI-DSSGDPRCCPA
SOC 2ISO 27001ISO 42001FEDRAMPGOVRAMPTXRAMPHIPAAHITRUSTPCI-DSSGDPRCCPA
WHAT WE DO

Eight practices. One accountable lab.

Every engagement is led by the principal — the person who writes your roadmap sits with your auditors.

01
vCISO Services
Fractional executive security leadership — strategy, board reporting, and full ownership of your security program.
02
Compliance as a Service
SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST, PCI-DSS, GDPR, CCPA — scoped, implemented, audit-ready.
03
Public-Sector Readiness
FedRAMP, GovRAMP and TXRAMP authorization strategy, gap assessment and continuous monitoring.
04
GRC Platform Enablement
Vanta, Drata and Secureframe — selection, rollout, evidence automation and continuous compliance operations.
05
Risk & Vendor Management
Living risk registers, third-party due diligence and vendor security reviews your customers can inspect.
06
M&A Security Due Diligence
Pre-acquisition posture assessment, remediation costing and post-close security integration.
07
R&D & Software Engineering
Contract research and secure software development — anomaly detection, ML systems, autonomous platforms.
08
Training & Workshops
Security awareness programs, engineering deep-dives and incident-response tabletop exercises.
VCISO ENGAGEMENTS

Three ways to hire a CISO.

Billed monthly on a quarterly commitment. Taxes extra.

ESSENTIALS
$3,500/ month
For startups that need a security program — and a named security leader — for the first time.
+Security program assessment & 12-month roadmap
+One framework track (SOC 2 or ISO 27001)
+Policy suite authored and maintained
+Monthly leadership briefing
+Vendor security reviews — up to 5 per quarter
+Direct line to your vCISO
Discuss scope
MOST ENGAGED
GROWTH
$7,500/ month
For companies whose customers are asking hard questions — and whose deals depend on the answers.
+Everything in Essentials
+Two concurrent framework tracks
+GRC platform operated for you (Vanta / Drata / Secureframe)
+Customer security questionnaires & trust page
+Risk register with quarterly reviews
+Incident response plan + annual tabletop
+Audit representation, end to end
Discuss scope
ENTERPRISE
from$15,000/ month
For regulated, public-sector and M&A-bound organizations that need embedded leadership.
+Everything in Growth
+Multi-framework: FedRAMP, GovRAMP, TXRAMP, HITRUST
+Weekly embedded leadership cadence
+M&A due diligence & board advisory
+24/7 incident escalation
+Security hiring support & team mentoring
Request a proposal
PEER-REVIEWED FOUNDATIONS

Advice you can cite.

Our methods for intrusion detection, access control and attack recovery were built and defended in the open — at ACM and IEEE security venues — before they were ever billed to a client.

GOOGLE SCHOLAR PROFILE
Vast library shelving with a small art exhibition in the foreground
2024
DeLorean: diagnosis-guided attack recovery for securing robotic vehicles from sensor deception attacks
ACM AsiaCCS
2021
PID-Piper: recovering robotic vehicles from physical attacks
IEEE/IFIP DSN Best Paper Award
2021
Are you for real? Authentication in dynamic IoT systems
IEEE PRDC
2019
Out of control: stealthy attacks against robotic vehicles protected by control-based techniques
ACM ACSAC
2018
DynPolAC: dynamic policy-based access control for IoT systems
IEEE PRDC
2018
CORGIDS: a correlation-based generic intrusion detection system
ACM CCS · CPS-SPC
Mehdi Karimi, PhD — Founder & Principal, Savannah Research Labs
FOUNDER & PRINCIPAL

Mehdi Karimi, PhD

Mehdi holds a PhD in Electrical & Computer Engineering from the University of British Columbia, where his research on securing autonomous systems — drones, robotic vehicles and IoT fleets — was published at ACM AsiaCCS, ACSAC, CCS workshops and IEEE DSN, including a Best Paper Award.

His career spans post-silicon validation of multiprocessor systems-on-chip to intrusion detection, authentication and access control for dynamic IoT systems. At Savannah Research Labs he leads every engagement personally: vCISO programs, compliance builds and applied R&D, from first assessment to final audit.

VCISOGRCANOMALY DETECTIONAUTONOMOUS SYSTEMSMACHINE LEARNINGIOT SECURITY
CONTACT

Two coasts. One lab.

WhatsAppCall +1 647 861 6440
WEST COAST HQ — MAILING
Unit 1004 – 555 13th St.
West Vancouver, BC V7T 2N8
Canada
EASTERN OFFICE
34 Willett Cres.
Richmond Hill, ON L4C 7W1
Canada
CENTRAL LAB
62 McCallum Dr.
Richmond Hill, ON L4C 7T5
Canada
Savannah Research Labs Inc. — incorporated under the Business Corporations Act (British Columbia) · BC1402762 · est. February 2023
© 2026 · All rights reserved