IT Security & Infrastructure — Calgary & Alberta

Senior IT experience.
Without the enterprise price tag.

Independent consulting for Alberta small businesses — security assessments, cloud and identity reviews, AI risk, and infrastructure work. No managed services contract. No upsell. Just honest advice from someone who's done the work.

Start a conversation See what we do

Based in the Calgary area  ·  Serving Alberta SMBs  ·  Fixed-price engagements  ·  Response within one business day

63%
of organizations have no AI governance policy — staff are using unsanctioned tools with company data right now
64%
of Canadian SMBs haven't fully enforced MFA — the most commonly exploited gap in M365 environments
$6.98M
average cost of a data breach in Canada in 2025, up 10% year over year

What we do

Practical security and infrastructure work, across the full stack

Over a decade working across sysadmin, cloud, identity, DevOps, and security. That breadth means we see problems that narrow specialists miss — and we can actually fix them, not just report on them.

★ Most requested
M365 Security Assessment
A complete review of your Microsoft 365 tenant — identity, email security, Defender configuration, SharePoint permissions, audit logging, and Copilot readiness. Fixed price, plain-language report, prioritized findings.
Entra IDDefenderExchange OnlineDMARCConditional Access
AI Security Review
Find out what AI tools your team is actually using, which ones are putting company data at risk, and how to put simple guardrails in place — before a vendor audit or incident finds it for you.
Shadow AI discoveryCopilot governanceAI use policyData exposure
Identity & Access Management
Active Directory, Entra ID, JumpCloud, Okta — reviews, migrations, and hardening. We've done the full range and can assess what you have or help you move to something better.
Active DirectoryJumpCloudEntra IDSSO / MFA
Cloud Infrastructure Review
Azure, AWS, GCP — security posture reviews, misconfiguration audits, and cost/risk assessments for businesses that have grown into the cloud without a security lens on it.
AzureAWSGCPIAM reviewNetwork security
Email Security & Migrations
M365 and Google Workspace migrations, email hardening, DMARC/DKIM/SPF setup, and anti-phishing configuration. Email is still the top attack vector — and most businesses have it misconfigured.
M365 ↔ GoogleDMARC / DKIMAnti-phishingBEC prevention
Broader IT Security Audits
Not every security problem lives in M365. Endpoint management, network segmentation, backup integrity, PIPA compliance gaps — we assess your full posture and give you a clear picture of where you stand.
Endpoint reviewPIPA / PIPEDABackup & recoverySecurity posture

M365 assessment — what we cover

Every corner of your Microsoft 365 tenant, systematically reviewed

Most tenants are configured once and never revisited. Default settings aren't secure settings. We work through your environment the way an attacker would — and show you exactly what needs fixing.

Identity & Conditional AccessMFA enforcement, legacy auth protocols, admin account exposure, sign-in risk policies
Email securitySPF, DKIM, DMARC configuration, anti-phishing rules, spoofing protections, BEC risk indicators
Microsoft DefenderDefender for Business configuration, safe links, safe attachments, threat detection policies
SharePoint & TeamsExternal sharing settings, guest access exposure, file permission sprawl, anonymous links
Audit logging & complianceUnified audit log status, retention policies, PIPEDA data controls, eDiscovery readiness
Copilot & AI readinessOversharing risks before AI deployment, sensitivity labels, data governance gaps

The AI problem most businesses don't know they have

Your employees are using ChatGPT, Copilot, Grammarly, and dozens of other AI tools to do their jobs. Some of those tools are ingesting client data, internal documents, and confidential communications — with no visibility, no policy, and no paper trail. When a vendor security questionnaire or regulatory audit asks how you govern AI usage, most businesses can't answer.

63%
of organizations have no AI governance policy in place (IBM, 2025)
27%
of employees at small businesses (11–50 staff) use unsanctioned AI tools
44%
of organizations where business units deploy AI without involving IT or security

What you get

Reports written for decision-makers, not IT teams

No raw scan output. No 80-page reports nobody reads. Everything we deliver is written so the person responsible for the business understands the risk — before passing it to whoever does the fixing.

1
Executive summary
Your current security posture in plain language. Overall risk rating, top three issues that need attention first, and context for why they matter to your business. One page, readable in five minutes.
2
Full findings report with severity ratings
Every gap, misconfiguration, or exposure rated Critical / High / Medium / Low. Each finding includes a screenshot of the issue, a plain-language explanation of the risk, and the exact steps to fix it.
3
Prioritized remediation roadmap
A sequenced action list ordered by risk and effort. Fix the high-impact, low-effort items first. Gives your IT person, your MSP, or your internal team a clear task list with no ambiguity.
4
Walkthrough call
We walk through findings with you, answer questions, and make sure the report is actionable for your team. Included with every engagement — because a report nobody understands isn't useful.

Pricing

Fixed-price engagements, no surprises

You know the cost before we start. Scope is confirmed on a free call before any commitment.

Starter
$1,500 CAD
Delivered in 2 business days
  • 5–25 seat tenants
  • Top critical findings
  • MFA & email auth review
  • 1-page executive summary
  • 15-min debrief call
Most common
Full M365 Assessment
$3,500 CAD
Delivered in 5 business days
  • 10–75 seat tenants
  • Complete tenant review
  • All 6 coverage areas
  • Full findings report
  • Remediation roadmap
  • 30-min walkthrough call
Assessment + Remediation
$5,500+ CAD
1–2 weeks end to end
  • Everything in full assessment
  • We implement the fixes
  • Policy & Defender tuning
  • Hardening documentation
  • Ideal without internal IT
Other engagements
Let's talk
Scoped per engagement
  • AI security review
  • Identity / IAM work
  • Cloud infrastructure review
  • Email migrations
  • Broader security audits

Why Icefield IT

Independent. No upsell. Alberta-based.

We're not an MSP looking to put you on a monthly contract. We're not a vendor with a product to push. We do the work, tell you what we find, and leave you better off than we found you.

A decade across the full stack

Sysadmin, cloud, DevOps, identity, security — we've worked across the breadth of it. That means we see problems narrow specialists miss and can speak to your whole environment, not just one piece of it.

🎯
No conflict of interest

We don't sell Microsoft licences or manage your infrastructure. Our only job is to give you an honest picture of where you stand. If your existing setup is fine, we'll tell you that too.

📄
Written for people, not IT teams

Every report is written so a business owner can understand what's at risk and why — before handing it to whoever does the fixing. We don't hide behind jargon.

📍
Alberta business, Alberta clients

Based in the Calgary area. We understand Alberta's regulatory landscape — PIPA, the Protection of Privacy Act — and the pressures facing local businesses in energy, professional services, and construction.

Get started

Tell us about your situation

We'll follow up within one business day to talk through what you need and whether we're a fit — before any commitment.

We'll be in touch shortly.

Usually within one business day. Check your inbox — and spam, just in case.

No commitment required. We confirm scope and pricing before any work begins.