As a cybersecurity advocate, founder, and technology leader, Marko Sarunac’s career is a story of continuous evolution, driven by a passion for innovation and community contribution. His journey began with hands-on technical roles, from pulling wires and managing systems at TELUS to architecting foundational B2B e-commerce platforms. This deep-seated technical expertise forms the bedrock of his strategic approach to security.
For over 25 years at Quality Wholesale Ltd., Marco has grown with the company, progressing from Senior Systems Architect to Director of Technology, and now to his current role as Chief Information Security Officer. In this capacity, he has led transformative projects, including a company-wide SAP implementation and multinational e-commerce deployments that prepared the company for scalable growth.
Complementing his corporate leadership, Marco wears multiple hats as a founder and mentor. His entrepreneurial drive led him to establish IncudoLABS, which provides specialized cybersecurity risk and compliance services, and Expiscor, which offers expert witness services for legal matters involving technology.
His commitment to giving back extends to his role as a volunteer mentor with the ISACA Vancouver Chapter, where he helps guide the next generation of cybersecurity professionals. It is through this blend of corporate CISO responsibilities, entrepreneurial ventures, and community mentorship that Marco pursues his ultimate goal: shaping safer cyber habits for all.
THE BUSINESS.
Founded in 2025, IncudoLABS is a Canadian cybersecurity company committed to revolutionizing cybersecurity automation by creating the world’s most advanced compliance-driven security hardening platform. Its mission is to empower organizations of all sizes to master security compliance by transforming complex regulatory standards into simple, automated, and auditable code.
The company’s flagship product, the upcoming Orion’s Forge, will orchestrate compliance-driven security hardening across frameworks including CIS, NIST, PCI-DSS, SOC 2, and GDPR. This platform bridges the gap between regulatory requirements and technical implementation through innovative research and experimental development. Orion’s Forge integrates with the open-source Orion’s Belt library of vetted remediation playbooks, while Anvil agents execute hardening actions securely, creating a complete closed-loop system from compliance requirements to verified implementation.
IncudoLABS champions a zero-trust architecture that keeps customers in full control of their infrastructure, building tools that enhance security teams rather than replace them. Its commitment to community is demonstrated through Orion’s Belt, the open-source initiative that fosters collaboration and shared knowledge in cybersecurity automation.
Recently launched in public beta, QRBolt represents a breakthrough in QR code security and management. This industry-leading platform addresses the proactive security awareness and protection segment with features that set new standards for digital safety. QRBolt’s advanced URL reputation scanning technology builds and protects brand reputation by automatically detecting and flagging malicious links before users interact with them. The platform ensures codes remain functional indefinitely, features vanity URLs for consistent branding, and provides comprehensive analytics to track engagement while maintaining the highest security standards. This solution empowers organizations to maintain secure digital touchpoints while protecting both their brand and users from QR code-based threats.
Built with Canadian “True North” values, IncudoLABS emphasizes privacy-first governance, EU-friendly posture, and international reach. Its solutions serve mid-market and enterprise organizations struggling with manual compliance processes, fragmented security tools, and the growing talent shortage in cybersecurity.
IN HIS WORDS.
“Before the world ran on sleek interfaces and cloud computing, it was built on tangled wires, dial-up modems, and raw ambition. For me, that early digital age was not just a backdrop—it was my training ground. I began as a student worker pulling ethernet cables in Vancouver schools and eventually became the founder of IncudoLABS, a cybersecurity firm based in Vancouver dedicated to revolutionizing security compliance.
My path from curious teenager to architect of a national cybersecurity vision has been one of foresight, adaptation, and relentless curiosity — a reflection of how technology itself evolved from hobby to necessity.
My entrepreneurial spark ignited in the late 1990s, born from a simple problem: I had valuable skills but no market access. While working at the Vancouver School Board, I found myself fascinated by the transition from token ring networks to ethernet and spent countless hours devouring every technical book I could find.
With support from my high school computer science teacher, I helped with the school website and ran cables for network upgrades. That hands-on learning inspired my first venture, PC Solutions, where I offered computer repair and tutoring.
In one memorable project, I borrowed a friend’s caravan to buy three skids of computers from a Crown Assets liquidation sale—seventy-five broken machines for $450. I rebuilt twenty-two of them, selling each for $300. It took a month, and I had leftover scraps in my basement for years. I was learning not only how to build computers but how to build opportunity. To attract customers, I posted tear-away flyers in libraries and on lampposts across Vancouver. My first client, a mailman eager to learn about cable internet, validated that a real market existed for the skills I had honed.
FROM STARTUP CHAOS TO CORPORATE STABILITY
That small success opened doors. I became a webmaster for the Vancouver School Board, digitizing course catalogues and working on AS400 systems. But the dot-com boom was too exciting to resist. I joined a startup building e-commerce sites and experienced the energy and chaos of startup life. When the bubble burst, I faced a choice: risk it all again or pursue stability. I accepted an offer from ISM-BC—a joint venture between IBM and BC Tel that would soon become TELUS—and spent the next nine years learning the inner workings of large organizations. Those years were formative. I worked on enterprise systems, participated in leadership programs, and saw firsthand how innovation could coexist with inefficiency. The biggest lesson came from observing how security was often treated as an afterthought—rushed in at the end instead of built into the foundation. That insight would eventually shape my entire mission.
RETURNING TO ENTREPRENEURSHIP
Despite a demanding corporate role, the entrepreneurial fire never went out. I began consulting part-time for a friend’s wholesale business, balancing two careers for nearly a decade. Eventually, I had to choose: climb the corporate ladder or take full control of my creativity. I chose freedom and joined Quality Wholesale, a growing distributor of horticulture supplies. Over time, I helped transform the company from a small retailer into an international operation and now serve as its Chief Information Security Officer.
During that evolution, I identified a major opportunity in the growing Voice over IP market and founded SPOC Business Solutions to provide small businesses with affordable, enterprise-grade communications. The technology worked perfectly—but the venture taught me an invaluable truth. It does not matter how advanced your product is if you cannot communicate its value to your audience. A recycling company does not care about the intricacies of VOIP—they only want to know if it works and what it costs. That experience reinforced the importance of empathy and communication in technology.
THE PRICE OF EXPERIENCE
My journey came with sacrifices, especially in formal education. While my peers were earning degrees, I was in server rooms learning through experimentation. I studied from library books, compiled Linux kernels, and pursued knowledge long before universities offered formal courses. I eventually took advanced programs at world-renowned institutions, but I never earned the “paper.” The real lessons came from solving problems in real time. That non-traditional path shaped my leadership philosophy: expertise is proven through results, not credentials.
As I moved from solo projects to leading teams, I realized that success depends on trust. Learning to delegate was my biggest challenge—it felt like giving up control. But empowering others to succeed was transformative. Leadership, I discovered, is less about doing and more about enabling.
BUILDING INCUDOLABS
All of these experiences—the early hustle of PC Solutions, the structure of TELUS, the lessons of SPOC, and the responsibilities of a CISO—culminated in the creation of IncudoLABS. The company was born from a clear and growing problem: organizations struggle to maintain cybersecurity compliance. Frameworks like NIST, SOC2, and GDPR are essential but daunting, especially for small and mid-sized companies. The process of reviewing each framework and implementing the required changes is technically complex and time-consuming.
IncudoLABS was built to close this gap. Our mission is to automate security compliance hardening, shifting organizations from reactive compliance to proactive security. I want companies to achieve certification because they already follow best practices, not because they are scrambling to meet a checklist. We are doing this through two initiatives.
The first, Orion’s Belt, is a free, open-source collection of security scripts for small businesses, students, and hobbyists—a way to make cybersecurity accessible to everyone.
The second, Orion’s Forge, is an enterprise-grade platform that automates and scales security hardening for large organizations. With our prototype and MVP complete, we are now preparing for the next phase of growth.
A CANADIAN MISSION
My vision extends beyond building a successful company. I want to establish a Canadian cybersecurity automation platform that reflects the values of innovation, collaboration, and trust. Canada’s digital economy depends on cybersecurity as a pillar of national security and prosperity. Through IncudoLABS, I aim to strengthen Canada’s place in the global cybersecurity ecosystem by developing tools that make compliance simpler, stronger, and inherently secure.
I am currently seeking strategic partners and pre-seed investors who share this vision—people who see the value in building a globally competitive cybersecurity company on Canadian soil. IncudoLABS is more than a business; it is a commitment to digital resilience, a belief that technology should empower, not endanger.
From the tangled wires of my early days to the complex code of today, I remain driven by one mission: to build trust into the very architecture of our digital future.”
Follow Marko and his journey at @incudolabs.
Author Profile
- This story is created in collaboration between Helen Siwak and the featured subject. As the founder and publisher of Portfolio.YVR Business & Entrepreneurs Magazine, Helen works closely with entrepreneurs to share their paths of innovation, resilience, and growth. Each story in this series is co-developed through interviews and first-person insights, blending authentic voices with Helen’s editorial expertise to highlight the remarkable individuals shaping British Columbia’s business landscape.
Latest entries
PORTFOLIO.YVRDecember 19, 2025Shawn Miller: Redefining Modern Wedding Ceremonies Through Young Hip & Married
PORTFOLIO.YVRDecember 19, 2025Rebecca Biernacki: Redefining Compassionate In-Home Care with EverKind Home Support
PORTFOLIO.YVRDecember 19, 2025Jess Singh: A Novelist Exploring Ambition, Identity, and Self-Belief
PORTFOLIO.YVRDecember 19, 2025Toby Tannas: Cultivating Confidence, Ritual, and Everyday Glow Through LIV Lifestyle
