Skip to content Skip to footer

For Canada's public service · continuity, doctrine, practitioner experience

Continuity by Design

Practice that survives turnover. Every analyst, advisor, and integrity officer who joins the file briefs upward from the same evidence base as the team before them — self-paced, current, and visible to leadership at the role level.

A Live Bench, Not a Library

Ask Visor a hard question and get an answer grounded in SME casework. When the file needs more, open a direct thread with the SME behind it — included in your membership, with no new engagement to stand up.

Doctrine From Lived Casework

Every module is anonymised casework from practitioners who worked the file — insider risk, foreign interference, investigative interviewing, OSINT, and crisis leadership — with cross-jurisdiction practice from CANZUK and allied services.

Canadian flag - Garuna Group CANZUK operations
Garuna Group social icon
Australian flag - Garuna Group CANZUK operations
New Zealand flag - Garuna Group CANZUK operations
United Kingdom flag - Garuna Group CANZUK operations
Public Sector Membership

Canadian-built doctrine, built to outlast the rotation.

A doctrine library built from lived Canadian casework, Visor to interrogate it, and the practitioners behind it one message away. Pressure-test an option before it goes upward — every answer comes back attributed to a named SME, on the record.

Why these modules?

This lineup is built from thousands of lived-experience insights I’ve extracted from interviews with three of Garuna Group’s anchor subject-matter experts — and shaped by the operational problems they’ve been called on to solve, repeatedly, across their careers.

Where their case files keep landing

Each module sits where a real operational pain point meets an SME who has actually operated through it.

Try asking Visor
Foundation Library · Live Now
Advanced Lineup · Building Now

Decision-Making Under Uncertainty

Intelligence Frameworks for Security Leaders

Decision frames for the moment your team has to commit — to a recommendation, a posture, an option — before all the evidence has arrived. OODA, Cynefin, and recognition-primed models indexed against lived incidents, so the call has a defensible spine.

Ruari Nicholson Lead SME Ruari Nicholson
Building now

Insider Threat Detection

Pattern Recognition to Early Intervention

Pattern recognition and bias-audit method translated for the public-service trusted-workforce challenge — catching privileged-access drift before it lands as a paragraph in the next foreign-interference inquiry.

Ruari Nicholson Lead SME Ruari Nicholson
Building now

EQ, CQ & IQ

The Intelligence Triad in Cross-Cultural Workplace Investigations

Cross-cultural investigative tradecraft for a workforce that brings together Indigenous, Francophone, Anglo, and immigrant context — separating where each layer of intelligence matters from where it fails the file.

Arjun B. Lead SME Arjun B.
Building now

Cargo Theft

From Crime to Curriculum

Convoys, supply chains, and critical-infrastructure resilience read through the lens of practitioners who actually move the load — transferable to defence logistics, emergency response, and Crown corporation supply security.

Todd Moore Lead SME Todd Moore
Building now

The Crisis as Live Laboratory

Iterative Adaptation Under Pressure

Treating an unfolding event as a doctrine generator — what to capture inside the incident so the next team facing the same file does not start from zero.

Ruari Nicholson Lead SME Ruari Nicholson
Building now

Triaging Threat Actors

Decision-Making Under Resource Constraint

Severity-tiering threat actors and concentrating finite operational capacity — the same triage problem central agencies face every fiscal, made teachable to operational commands and policy advisors.

Ruari Nicholson Lead SME Ruari Nicholson
Building now
A glimpse from inside the library
Ruari Nicholson Former CSIS Director General (Atlantic Region) · Partner at Garuna Group
Intelligence & National Security · Mental Model

Identifying underlying motivations — recognition, grievance, legacy — holds stronger under operational pressure than financial incentives. Reframing engagement from a transactional focus on money to one about access shifts the asset’s self-perception from informant to partner, and that single reframing survives the long-cycle handler turnover.

Arjun B. Partner at Garuna Group · Cross-Cultural Workplace Investigations
Cross-Cultural Intelligence · Mental Model

CQ mastery moves from context — Indigenous foundations — through definition and application in healthcare to operationalisation in the workplace. Treat it as a layered competency, not a single concept. When investigators collapse the layers they default to surface compliance and miss the actual interaction pattern that produced the harm in the first place.

Todd Moore Subject-Matter Expert at Garuna Group · Asset Protection & Cargo Theft
Organised Cargo Theft · Mental Model

Breadcrumb tracking history gives police evidentiary “reasonable and probable grounds” for a search warrant — especially when the device pings an industrial area or warehouse the load was never scheduled to be at. That single chain of pings is what converts a stolen load into a prosecutable case rather than an insurance write-off six weeks later.

How coverage works for your team Tell us your real-world question. We map it to a module, name the SME behind the answer, and the membership becomes your documented decision trail.
Workplace Investigation Interview
You ask

We’ve received a workplace complaint involving parties from different cultural communities. We need an investigation method that holds up under external review.

You get back

Cross-Cultural Workplace Investigations module · lead Arjun B. A layered CQ interview frame — Indigenous context, healthcare application, workplace operationalisation — that your investigator can run on Monday.

Why it matters

A documented, culturally-competent method gives the investigation file the defensibility a Human Rights Tribunal record or section-264 challenge demands.

Insider Risk Assessment
You ask

An employee with privileged system access has triggered several anomalies. Before we act, we need a structured way to assess motivation and intent.

You get back

Insider Threat Detection module · lead Ruari Nicholson. Motivation triage that does not collapse to financial-only signals, plus a bias-audit checklist for the assessor.

Why it matters

Documented intent assessment before termination action lowers wrongful-dismissal exposure and gives counsel a clean record.

Crisis Leadership Stand-Up
You ask

We are inside an active incident. Our team needs a decision framework we can apply right now — not after the incident closes and an external review is convened.

You get back

Decision-Making Under Uncertainty module · OODA, Cynefin, and recognition-primed frames indexed by category, with first-hand notes from lived national-security incidents.

Why it matters

Reliance on a named, structured decision frame survives the briefing-note record, the after-action review, and the ATIP / FOI release. The brief upward writes itself.

Asset Protection & Cargo Theft
You ask

We have had repeat cargo losses. Insurance is paying out, but cases are not progressing to prosecution. We would like to build evidentiary protocols our drivers and operations teams can follow.

You get back

Cargo Theft module · lead Todd Moore. Breadcrumb-evidence chain doctrine that converts a write-off into “reasonable and probable grounds” for a warrant.

Why it matters

Documented case-build doctrine satisfies your duty of care to the board on a known, recurring loss centre.

Coverage Not Yet in the Lineup
You ask

Our area of need is not on the current module list — for example, open-source intelligence on a counter-party in a transaction, or a specialist regulatory area we operate within.

You get back

Tell us. We leverage the One Horizon Network to onboard a vetted subject-matter expert and add the coverage to your map — inside the membership term, not a separate engagement.

Why it matters

Your coverage map grows with your operational risk, not behind it — and the request itself becomes part of the paper trail.

Accountability Frame · FAA · TBS Guidance · Provincial & Municipal Equivalents

Across the Canadian public service — federal, provincial, municipal, agency, and Crown corp — the record matters as much as the call. Under the Financial Administration Act, Treasury Board direction, and their provincial and municipal equivalents, a defensible decision is one taken in good faith on a structured, informed process, with the evidence base named — the standard Auditors General, committees, ombudspersons, and inquiries return to when they review the file. Visor keeps that paper trail for you: what your team asked, what came back, and the named SME behind every answer — ready for the after-action review and the ATIP / FOI release.

What You Will Learn
  • 01 Brief Defensibly Carry foreign-interference, insider-risk, OSINT, and crisis doctrine from raw operational signal into briefing notes, decision memos, and risk advice that hold up under external review.
  • 02 Apply Under Pressure Run governance and decision frames against live incidents and contingency scenarios — so the options your team puts forward hold up when the file moves faster than the consultation cycle.
  • 03 Hand Off Cleanly Carry context across staff rotations, election cycles, and machinery-of-government changes — so the file does not restart every time the team turns over.
  • 04 Coordinate Across Mandates Move response across departments, agencies, Crown corporations, and provincial, municipal, and CANZUK counterparts using shared doctrine your teams already run — not ad-hoc workarounds.
Membership

Memberships are priced per participant so you only pay for active users. Member questions shape the roadmap: new SME-led modules ship against the pressures your teams flag, from foreign interference and insider risk to AI-era security threats.

Per Participant $ 1,306 / annual
Start Public Sector Membership Annual access · billed by invoice · roadmap shaped by member priorities
  • Full course library — three foundation courses live; modules unlock as they ship
  • Threat & Regulatory Watch — curated news refreshed every six hours; daily policy and incident feeds
  • Research, Frameworks & Coverage Map — vetted briefs plus which SMEs cover your priority domains
  • Direct line to lead SMEs — reach the experts behind your courses straight from your dashboard
Visor — What's inside a module
What's in a module?

A module is a focused unit built from one practitioner's casework: short audio lectures, curated briefs and decision frameworks, and anonymised case studies — each closing with the practitioner-level takeaway: what worked, and what they would change next time. Built for self-paced study between meetings.

Around the library sits the live layer. Visor answers your team's questions grounded in the contributing SMEs' Canadian and CANZUK casework, every claim cited to a named contributor and role — and when a question outgrows the chat, your team opens a secure in-platform thread with that SME directly.

The catalogue follows your questions. If a domain you need isn't covered, submit the gap and we route it to the closest SME in the network — or recruit against it — inside your membership term. Quarterly live advisory sessions round it out: small-group discussions with the practitioners whose work shaped the modules your team runs.

Try asking Visor