Orvin is an information security consultant who is a partner of the Procyon Security Group, focusing on information security management, governance, business processes and compliance.

Orvin is particularly adept at connecting and relating business requirements to technical requirements, and vice versa. His breadth of conceptual technical knowledge supports development of corresponding business requirements and needs, including networks, operating systems, databases, and application development.

orvin-lau-security-consultantHe provides security consulting services to a wide variety of clients, including health care organizations, financial institutions, brokerage firms, professional regulators, manufacturing companies and transportation companies. In 2016 he was invited by the BC Government’s Office of the CISO to join its Provincial Security Advisory Council.

Orvin is experienced in the following frameworks and standards:

  • ISO 27001 and 27002

Approach and Partners

As of October 2020, Orvin is now a partner of the Procyon Security Group.


Certified Information System Security Professional

Certified Information Systems Security Professional (CISSP®)

CISSP is an internationally recognized information security credential held by information security professionals who develop policies, standards, and procedures and manage enterprise-wide implementations.
More information on CISSP:


Certified Information Security Manager (CISM®)

The CISM certification program is specifically developed for experienced information security managers and professionals with information security management responsibilities.
More information on the CISM is available through the following websites:

SABSA Chartered Architect at Foundation Level

SABSA Chartered Architect at Foundation Level (SCF)

Sherwood Applied Business Security Architecture (SABSA), is a proven framework for Enterprise Security Architecture and Service Management used by numerous global organizations. A SABSA Certification symbolizes professional proficiency in all aspects of enterprise security as delivered by the SABSA.
More information on SABSA is available through the following websites:

Certified in Risk and Information Systems Control

Certified in Risk and Information Systems Control (CRISC™)

The CRISC designation certifies professionals who have knowledge and experience in identifying and evaluating risk and in designing, implementing, monitoring and maintaining risk-based, efficient and effective information system controls.

Payment Card Industry Professional (PCIP)

Payment Card Industry Professional (PCIP)

The Payment Card Industry Professional (PCIP) is an individual qualification in payment security information. It provides professionals with the tools to build a secure payment environment and help your organization achieve Payment Card Industry (PCI) compliance.