Engineer-written.
Not marketing content rewritten by an editor. Every volume is drafted by the senior engineer who runs this work for clients, then edited for length — never voice.
Field Guide · 7 volumes live
Playbooks a senior engineer would hand you.
Not "the ultimate guide to cybersecurity." Narrow, specific problems that 30-100 person companies actually hit — MFA rollouts, SOC 2 timelines, M365 backup that restores, HIPAA/PHIPA, AI governance. Written by the people who run them for clients.
What you can count on
93% of tickets touched within 15 minutes. 100% of after-hours messages acknowledged the same business day. Every engagement staffed by a named senior engineer.
- Vol 01Cybersecurity·10 min read
Rolling out MFA to 40-100 users in Microsoft 365 without a lockout storm
The staged Conditional Access playbook we use on real M365 tenants so a mandatory-MFA rollout doesn’t turn into a week of lockout tickets.
Read - Vol 02Compliance·6 min read
SOC 2 Type II for a 50-person services firm: what 12 months actually costs
A dated breakdown of the real cost to stand up SOC 2 Type II — auditor fees, tool stack, engineering hours, and the six control domains that consume 80% of the effort.
Read - Vol 03Cloud·6 min read
Microsoft 365 backup that actually restores: Veeam vs Dropsuite vs Datto, tested on a real tenant
Microsoft’s native retention is not a backup. Head-to-head restore test of Veeam, Dropsuite, and Datto on a 62-user tenant — RPO, RTO, cost per seat, and which one to pick for which client.
Read - Vol 04IT Strategy·6 min read
Flat-rate vs per-user vs co-managed IT pricing: the 2026 buyer’s worksheet
The three prevailing MSP pricing models compared on real engagement data — when each wins, break-even math, and the hidden line items that move the real cost by 20-30%.
Read - Vol 05Compliance·7 min read
HIPAA + PHIPA for Ontario clinics: the 14 technical safeguards your MSP must implement
A mapped walkthrough of the 14 HIPAA technical safeguards plus the PHIPA parallels that apply to Ontario clinics — specific controls, evidence artifacts, and the audit-readiness checklist.
Read - Vol 06Compliance·6 min read
CIS Controls v8 IG1 in 90 days for a 50-person company
A dated 90-day runbook to implement the 56 CIS Controls v8 Implementation Group 1 safeguards — the baseline your cyber insurance and most SOC 2 auditors effectively expect.
Read - Vol 07AI·6 min read
Shadow AI and Copilot data-residency: the governance policy a 50-person firm can actually enforce
The AI governance policy we roll out on client tenants — approved tools, data-classification gates, Copilot data-residency controls, and the DLP rules that actually detect shadow usage.
Read
How this series works.
Specific enough to act on.
Narrow problems, concrete steps. No "the cybersecurity landscape has never been more challenging" throat-clearing. If a volume doesn’t answer the question you came with, it shouldn’t exist.
Free reading, always.
Nothing gated. No "download the PDF for your email." If you want help after reading, the contact page is one click away — but the content is yours either way.