Yes, we are seeing that issue. For commercial clients, they're much more flexible. If your company has the right reputation and if you have the right people and skills, you can get those cyber engagements. We do a lot of security assessments and design and cloud security work. The message in terms of what you're able to do with the commercial sector, which is very sizable in Canada, is much more straightforward.
It is a challenge. I have lots of security clearances. It's been simpler for me, but for others, if they don't have enough residency in Canada, they can't get the security clearance. Typically, “secret” is required for most things. It can be “top secret”, but “reliability” isn't often the requirement. You need, I think, a five-to-10-year residency in Canada, and often to be a Canadian citizen. It might be good to look at mechanisms on how we could also do other security checks that would get people to secret and how we could make it much more uniform. There's probably no reason that every government department needs its own clearance process and its own rules. If you're trusted, you're trusted. If the company is trusted, it's trusted.
These are things that probably could be reformed over time. We probably should look at other ways to clear individuals. We have a bit of a brain drain in Canada. We should be recruiting talent from other countries. As we get those people here, we need to be able to get them busy and onto important projects and still give comfort to the government and banking that they have the right clearance and the right background.