Field Notes

The blog.

Long-form posts from the ThinSky security team — open-source stack economics, incident response patterns, and the practical realities of running it in production.

• June 10, 2026 · 6 min read

  Security Questionnaires Are a Sales Problem, Not Compliance

  Why vendor security questionnaires stall deals, why aspirational answers backfire at audit time, and how an answer library turns panic into routine.

• December 3, 2025 · 8 min read

  Okta Pricing in 2026: Real Costs and a Flat-Rate Way Out

  Okta pricing explained: 2026 list rates per user, the annual minimum, how SSO costs scale with headcount, and what a flat-rate Keycloak option looks like.

• December 1, 2025 · 7 min read

  Keycloak vs Okta: Identity Management Without Per-User Fees

  Keycloak vs Okta: how open-source IAM ends per-user pricing. Honest feature comparison, cost math, and what a managed Keycloak migration involves.

• November 18, 2025 · 8 min read

  OpenVAS vs Qualys: What Vulnerability Scanning Should Cost

  An honest cost comparison of OpenVAS, Qualys and Tenable for small Canadian businesses — what managed OpenVAS covers, what it costs, and where it doesn't fit.

• November 10, 2025 · 7 min read

  Velociraptor vs CrowdStrike Falcon: Incident Response Cost

  Velociraptor vs CrowdStrike Falcon: an honest feature and cost comparison, plus when managed Velociraptor handles incident response for less.

• November 5, 2025 · 7 min read

  SMB Cybersecurity Budget: Where Your Money Actually Goes

  Where security budgets leak — shelfware, redundant tools, vendor-driven buys — and how Canadian SMBs build a complete open-source stack for a fraction of it.

• October 25, 2025 · 7 min read

  Velociraptor Digital Forensics: DFIR for Small Business

  What DFIR actually is, how the open-source Velociraptor platform works, and what a managed deployment looks like for a Canadian small business.

• October 15, 2025 · 7 min read

  The Canadian Cybersecurity Advantage

  Why working with a Canadian security provider matters: PIPEDA, Quebec Law 25, the US CLOUD Act, and what data sovereignty means for your security stack.

• October 8, 2025 · 8 min read

  CyberArk Alternatives: Why Teams Are Moving to Teleport

  CyberArk renewal sticker shock is real. An honest Teleport vs CyberArk comparison: where each wins, realistic cost framing, and a 60-day migration roadmap.

• September 22, 2025 · 7 min read

  Zero Trust vs VPN: What Zero Trust Actually Requires

  What zero trust architecture actually means, why VPN-based castle-and-moat security fails, and how Teleport implements real zero trust access.

• September 12, 2025 · 9 min read

  Open Source Security for Enterprises: Costs & Stack

  Open source security for enterprises in 2026: tool-by-tool stack (Wazuh, Keycloak, OpenVAS), honest cost ranges vs commercial SIEM/EDR/IAM, and how to migrate.

• September 5, 2025 · 7 min read

  SonarQube vs Veracode: DevSecOps at a Fraction of the Cost

  Veracode's true multi-year cost vs managed SonarQube. What SonarQube covers (SAST), what it doesn't (DAST/SCA), and when the savings make sense.

• August 25, 2025 · 8 min read

  Automated Penetration Testing: The Smart Way to Test

  How automated penetration testing works, what it costs, how it complements an annual manual pentest, and how authorised testing stays safe and legal.

• August 18, 2025 · 8 min read

  Hardcoded Secrets in Code: How to Find Them First

  How API keys and credentials end up in git repositories, the real public incidents they caused, and how automated secrets scanning catches them pre-commit.

• July 15, 2025 · 8 min read

  Wazuh vs Splunk: Stop Paying 5x Too Much for SIEM

  Wazuh vs Splunk cost compared: why Splunk SIEM commonly runs six figures a year and how managed Wazuh delivers the core capabilities for far less.

• June 12, 2025 · 7 min read

  Phishing Training for Employees: Cost, ROI, What Works

  Why annual security-awareness slideshows fail, how phishing simulations change behaviour, and what per-user training really buys. No hype.