SYS::STATUS SOC · ONLINE
FR / EN
cl
CostLink Systems
v.2026.05 · soc·mtl
portal
~ / workshop
[01] · THE WORKSHOP · SINCE 1985

Forty years ·
one house.
Always in Montréal.

CostLink began as an IT consultancy on May 21, 1985, on Saint-Jacques Street, in space borrowed from a notary firm. The first invoice covered the installation of a Novell server. The first cyber engagement arrived in 2008 — incident response for an insurance client.

Today the workshop operates a 24/7/365 operations centre from Montréal. Thirty-four people — analysts, responders, compliance advisors, red team. One site. No offshore subcontracting. Everything is here.

about.json · public
FoundedMay 21, 1985
NEQ191432-4
Legal formInc. · private
Ownershipindependent
Headcount34
SitesMontréal · sole HQ
Shifts3 · 24/7
Operating languagesFR-QC · EN-CA
Active clients62
Annual renewal rate94 %
40yrs
since 1985
18yrs
in cyber · 2008
8yrs
24/7 centre · 2018
62
active clients
94%
annual renewal
[02] · HISTORY

$ history --reverse

1985 · May
Costanza & Linkletter · IT systems consultancy
Pierre Costanza and Marie Linkletter open a firm on Saint-Jacques Street. Specialty: Novell LAN deployment for Quebec SMBs. First client — a Lanaudière agricultural cooperative.
1992
TCP/IP shift · enterprise Internet opens
First Internet gateway deployments for professional firms. Formal launch of infrastructure management offering.
1998
First managed firewall · "security" enters the catalog
Check Point Firewall-1 in production for a law firm. First engagement where security is explicitly named.
2008
Cyber pivot · first incident response engagement
An insurance client suffers an intrusion. CostLink is called in — three days of investigation, identification of an employee compromised by targeted phishing. After this engagement, the team formally adds "incident response" to the catalog.
2011
First SIEM engagement · Splunk, then Elastic
Monitoring becomes continuous — first 16/5, then 16/7. SOC team starts with three analysts.
2015
In-house red team formed
Recruitment of three OSCP-certified penetration testers. First red team engagement — accounting firm, physical infiltration + domain admin in 11 days.
2018 · September
24/7/365 shift · current operations centre opens
Current operations centre inaugurated — Place Victor-Hugo, Sud-Ouest Montréal. Three full shifts. "MDR" replaces "monitoring" in all contracts. Eleven analysts in first year; seven still in post today.
2020
Law 25 pivot (ahead of schedule)
Anticipation of Quebec's new personal-information obligations. Internal policy refresh and compliance offering rebuild upon Bill 64 announcement. First formal Law 25 engagement delivered at sanction.
2022
First municipal engagement · 800k residents covered
Public-sector engagement marks expansion into municipalities. Major incident prepared and managed in 2024 documented in a white paper available on request.
2024
vCISO program launches
For organizations wanting a security director without a full-time hire. Seven engagements after six months — referred mostly by cyber insurers.
2026 · Today
MDR platform v5.2 · thirty-four people
Forty years of firm, eighteen years in cyber, eight years of 24/7. Thirty-four people operate the whole — no subcontracting, no partner firm doing the work in our name.
[03] · PRINCIPLES

$ principles --operational

Six operational principles — what makes a CostLink engagement different from a generic MSP. Written into our contracts. They hold when clients try to negotiate otherwise.

// 01 — HUMANS
Humans. Always.

No alert leaves the centre without an analyst seeing it. No blind automation calling a client executive at 3 AM. If we call you at night, someone here already confirmed it's worth your sleep.

// 02 — MONTRÉAL
The shift is in Montréal.

No offshore subcontracting. No "partner SOC" covering the nights from Manila. All three shifts are at 1470 Place Victor-Hugo. When you call, this is where we pick up.

// 03 — PROOF
Everything is documented. Signed. Dated.

The monthly report isn't a raw alert dump. It's the dossier you'll present to your auditor, regulator, board of directors. Signed by a name and a title, not "the CostLink team".

// 04 — YOUR TOOL
No forced change.

You already have an EDR license? We operate it. Your SIEM is in place? We plug in. We never force an editor change without a clear operational benefit — your existing investment matters.

// 05 — EXIT
The exit door stays open.

No engagement locks you into our stack beyond the contractual commitment. Your data, your policies, your evidence stay yours. The export transition is documented up front and contract-included.

// 06 — VIABLE
Schedules that work.

Three full shifts, predictable rotation, full-time weeks. Rare in North American SOC. That's why seven of the original eleven analysts are still here after eight years — and why analysis quality doesn't drift.

[04] · COMPOSITION

$ team --by-role

// 01
12
SOC Analysts · 3 shifts

Tier 1 and Tier 2. Three full shifts seven days a week. GCFA, GCIH, GREM, GMON. Seven members in post since 24/7 launch in 2018.

// 02
5
IR responders

Tier 3 team — endpoint, network, cloud forensics. CISSP, GCFA, GCIH, ENCE. On-site Greater Montréal in under 4 hours.

// 03
5
Red team · offensive

Five OSCP holders — two OSCE, two OSEP, one CRTO. Pentests and red team delivered without subcontracting. 43 engagements last 12 months.

// 04
4
Compliance advisors

CIPP/C, CISA, ISO 27001 Lead Auditor, CRISC. Law 25, ISO 27001, SOC 2, PCI-DSS, NIST CSF.

// 05
3
Platform engineering

Detection writing, automations, Splunk/Sentinel/Elastic integrations. Tenant portal maintained. 412 384 events/day ingestion pipeline.

// 06
5
Direction · administration

Executive, operations, advisory, finance, recruitment. All bilingual. Present in person at quarterly committees.

// MEDIAN TENURE
6.2 years in the team
North American SOC median · 1.8 years
open roles
[05] · NEXT STEP

Forty years of experience.
Four weeks to prove it.

The initial assessment is free and uncommitted. A director walks through your environment, hands you a report and a roadmap. Best way to judge without pressure — the conversation, the diagnostic, and whether we're the right team for you.

request the assessment our methodology