Something is wrong. You can feel it. You just can't see it yet.
Where complexity has outrun visibility
The problems that bring people to GAPASK are rarely the problems they call about.
A system failing every 30 minutes turns out to be a dependency nobody owned.
A technology platform headed for litigation turns out to be a team that stopped trusting each other.
A public safety network running at full capacity turns out to be a router that nobody knew had existed since the 1990's.
The gap is always there. Finding it before it becomes an incident, a lawsuit, or a headline is what we do.
- 98%
- of organizations lack firm-wide cyber resilience — despite ranking it as their top strategic risk.
- PwC Global Digital Trust Insights, 2026
- 1 in 4
- organizations spends more on proactive trust governance than on reactive incident recovery. The rest
- PwC Global Digital Trust Insights, 2026
- 72%
- of health system executives list improving trust as a top priority — yet most cannot measure or demo
- Deloitte Global Health Care Outlook, 2025
Who calls us
Not a title. A situation.
You are responsible for systems you cannot fully see. You have passed the audits. You have the monitoring tools. And you still cannot say with confidence that things will hold when it matters most.
- The vendor assessments tell you what the vendor wants you to know.
- The compliance reports tell you what you did right last year.
Nobody is telling you where the gaps are right now.
We bring visibility and trust back to complex, high-stakes systems across telecom, connected services — including health and energy — cloud, and public safety — working with organizations worldwide, and supporting federal and provincial agencies across the National Capital Region and Ontario.
We work with organizations, technology operators, and complex institutions — in public service, private enterprise, and research — wherever complexity has outrun the governance of it.
How we think about trust
Trust is not a reputation. It is a behavior — observable, measurable, and governable if you treat it as an engineered property rather than a cultural aspiration.
GAPASK models trust across three interdependent properties that together determine whether a system earns the confidence placed in it:
- its capacity to resist and recover,
- its capacity to adapt and continue, and
- its capacity to demonstrate and prove that it is behaving as promised.
These properties are not independent. Governing one without governing all three produces systems that are secure but not resilient, or compliant but not dependable.
These were not security failures. They were governance failures.
How we start
Most engagements begin with an Outcome Alignment Review — a structured assessment of where your systems' designed behavior diverges from what they actually do under operational conditions.
It produces a findings document, not a vendor recommendation. From there, organizations typically move to architecture advisory, regulatory positioning, or standards alignment work — depending on what the review surfaces.
Rajesh Murthy — GAPASK
- 35+
- Years across the full system lifecycle
- conception through field operations
- 2
- Active IEEE standards chair
- IEEE 2944 and IEEE 2933.2
- 6
- Industry sectors
- Telecom, Energy, Cloud, Health, Manufacturing, Public Safety
Chair, IEEE 2994 (IoT Security Assessment Frameworks) and IEEE 2933.2 (TIPPSS Framework for Clinical IoT and Remote Subject Monitoring).
Peer reviewer, IEEE Transactions on Neural Networks and Learning Systems and Springer Complex Intelligent Systems.
Contributing author across seven published book chapters including — Advanced Technologies for Humanity and Maritime Transportation Systems, New Prairie Press / Kansas State University Libraries.