01 — 10
ShadeSec
BAS Cybersecurity Assessment Platform

Security for the
systems that run
every building.

Purpose-built security assessment for building automation systems. Designed for the integrators and operators who manage them.

Stage
Pre-Revenue / Prototype
Focus
Niagara · BACnet · OT Security
Market
BAS Systems Integrators
Geography
Ontario · Quebec · California
02 — The Problem

Buildings are
controlled by
software nobody
is securing.

Commercial buildings run on BAS environments like Niagara and BACnet — controlling HVAC, lighting, access, and fire safety. These systems are increasingly networked, but security assessment tools don't exist for the people who manage them.

75%
of organizations had building management systems
affected by known exploited vulnerabilities
SOURCE — CLAROTY STATE OF CPS SECURITY, 2025
0
Purpose-built security tools available
to the integrators managing these systems
100%
of BAS environments in our pentest experience have
at least one exploitable weakness during reconnaissance
03 — The Gap

The wrong tools,
for the wrong people.

Cybersecurity tools exist — but they're built for security professionals, not building operators. Integrators are the ones asked "is this building secure?" but they have nothing to answer with.

01

Enterprise Security Tools

Nessus, Qualys, Burp Suite — built for security teams. Output requires a security professional to interpret. Integrators won't run them.

02

Vendor-Locked Diagnostics

Tridium's Niagara Security Dashboard only covers Niagara devices. Doesn't assess the broader BAS environment or other protocol stacks.

03

Network-Focused Tools

Optigo's Visual BACnet does BACnet diagnostics for network health and troubleshooting — not security configs, vulnerabilities, or exposure.

04 — Our Solution

A security
assessment
workflow built
for BAS.

Lightweight, vendor-neutral, and purpose-built for integrators. Discover, assess, and report on the security posture of building automation environments — across Niagara, BACnet, and the full control stack.

Discovery

BACnet/IP enumeration, Niagara Fox protocol detection, device fingerprinting, and network topology mapping across the full BAS environment.

Assessment

Insecure configuration checks, default credential detection, protocol-specific risk analysis, and CVE correlation against known BAS advisories.

Reporting

Clear, actionable findings reports designed for operators — not 200-page Nessus dumps. Prioritized by real-world exploitability and impact.

05 — How It Works

From scan to
actionable findings.

Deploy

Lightweight agent or
portable scan appliance
on the BAS network

Discover

Auto-enumerate BACnet
devices, Niagara controllers,
and exposed services

Assess

Run security checks:
configs, credentials,
CVEs, exposure mapping

Report

Generate operator-readable
findings with prioritized
remediation steps

One integrator manages dozens of buildings. A single deployment scales across their entire portfolio — making every customer relationship a multiplier.

06 — Competitive Landscape

No one owns the
integrator's security layer.

Capability Nozomi Networks Tridium Niagara Optigo (Visual BACnet) ShadeSec
BACnet device discovery
Niagara assessment
Security-focused checks Partial
Vendor-neutral BACnet only
Built for integrators
Lightweight deployment Built-in
CVE correlation
Operator-readable output
07 — Target Market & Customer

The integrator
is the fulcrum.

BAS systems integrators and commissioning firms managing Niagara and BACnet environments across multiple client sites. One integrator touches dozens of buildings — a single customer gives our tool portfolio-wide reach.

Integrators install and maintain BAS but lack security tools of their own
Cyber insurance is tightening OT security requirements for commercial properties
Building owners are starting to require security assessments in integrator contracts
Optigo already validates that mid-market integrators pay for specialized BAS tooling

Ecosystem Flow

How cybersecurity falls through the cracks

01
BAS vendor builds the platform
02
Integrator installs & configures on-site
03
Building owner hires facility management
Cybersecurity falls between the cracks

Go-to-Market

Design partner → Direct → Channel

Start with 1–2 integrator design partners. Expand through direct outreach in Ontario, then partner with smart-building consultants and OT-focused MSSPs.

08 — Roadmap

From lab
to building.

We've been through the build-test-iterate cycle with Control+S. We know how to ship tooling that people actually use. This roadmap gets us from prototype to real-world validation.

Phase 01 · Now
Customer Discovery
Direct conversations with BAS integrators and commissioning firms. Validate buyer willingness and refine the product shape.
Phase 02 · Q2 2026
Lab Prototype
Working prototype against BACnet/IP and Niagara simulation environment. Core discovery, assessment, and reporting workflow.
Phase 03 · Q3 2026
Design Partner Pilot
Deploy in a real building environment through an integrator partner. Validate findings are useful and actionable in the field.
Phase 04 · Q4 2026
Product & GTM
Productize the tool for repeatable use. Expand to integrator portfolio-wide deployment and channel partnerships.
09 — Team & Traction

Built by practitioners,
not just researchers.

Founder · Product & Technical Lead
ShadeSec — Core Team
A decade of offensive security experience with hands-on BAS assessment in Niagara and BACnet environments. Leads product development, technical architecture, and security research. Built and shipped Control+S, currently in active pilot.
Offensive Security
BAS Pentest
Product Dev
Co-Founder · Business Development
Customer & Market
Handles all customer-facing work, business development, and partnership cultivation. Ensures the product stays close to real buyer needs.
BD & Sales
Partnerships

Strategic Partnership

Everett & Co.

Management consulting firm focused on scaling small businesses. ShadeSec's founder serves as Partner and Head of Technology & Information Security — providing access to go-to-market support, client networks, and connections in California's tech ecosystem.

Existing Traction

Control+S — GRC Platform

ShadeSec's GRC tool is in active pilot with real customer feedback driving iteration. Demonstrates ability to build, ship, and iterate on security tooling. Clients include government, non-profits, and engineering firms across Quebec, Ontario, and the Bay Area.

10 — The Ask

What we need
to move forward.

From the Catalyst Program

  • Connections to BAS integrators and commissioning firms in Ontario's smart infrastructure space
  • Access to mentorship on go-to-market for OT security tooling
  • Introductions to building owners and facility management companies for demand validation
  • Network access to accelerate our design partner search

What We'll Deliver

  • Working prototype with BACnet/IP and Niagara assessment capabilities
  • Validated customer discovery with direct integrator feedback
  • At least one design partner pilot in a real building environment
  • Clear product-market fit signal: do integrators buy proactively, or does the push come from building owners?
ShadeSec Inc.

Exactly what's needed.
Where it's needed.

Practical cybersecurity tools built close to the actual need. We focus on automation and abstraction so practitioners have the best tools to accomplish their security goals.

Web shadesec.com
Partnership Everett & Co.
Regions Ontario · Quebec · Bay Area