Product showcase: The Cynomi Virtual CISO (vCISO) platform

Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don’t have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual, human CISO expertise. This makes these services costly and tough to scale – leaving MSPs, MSSPs and consulting firms unable to add vCISO service to their portfolio or scale their existing vCISO services to meet the growing demand.

This is the challenge Cynomi Automated vCISO platform is trying to solve. The company’s AI-powered vCISO platform automatically generates everything a vCISO needs to provide their clients, fully customized for each and every client: risk and compliance assessments, gap analysis, tailored security policies, strategic remediation plans with prioritized tasks, tools for ongoing task management, progress tracking and customer-facing reports.

Cynomi enables managed service providers and consulting firms to provide ongoing vCISO services at scale by automating much of the manual, expert and time-consuming vCISO work, empowering their existing teams.

Let’s take a closer look at the platform:

Setting up and managing multitenant client accounts

Cynomi was designed from the ground up for multitenancy. This means that service providers can offer the Cynomi platform to any number of their clients – managing each separately. The system enables this by letting service providers independently create and manage a separate sub-account for each client. For each client, service providers can create users and delegate roles or ownership within their team.

Cynomi vCISO

Building each client’s cyber profile

To onboard a new client, the service provider fills (together with the client) a series of easy-to-follow proprietary questionnaires.

Onboarding questionnaire

The service provider also runs the Cynomi proprietary scans that assess each client’s external-facing assets – discovering critical vulnerabilities in externally visible IPs and URLs, and covering ports, protocols, encryption types, web sites, web applications, emails, DNS servers and certifications.

Scan Results

Cynomi also enables service providers to conduct scans of internal client assets like Office365, Active Directory and more.

The service provider can drill down into each finding from a scan to see an in-depth description and remediation options. Vulnerabilities detected are automatically added to the account task list, and prioritized according to their severity.

Cynomi vCISO

AI-driven assessment

Based on the questionnaires and scans, Cynomi creates a cyber profile for each client. It then continuously parses the findings from questionnaires and scans against industry-specific security standards, regulatory frameworks, and threat intelligence. The Cynomi technology engine, modeled after the knowledge of the world’s best CISOs, then generates the vCISO dashboard, a single-pane-of-glass view of each client’s overall security posture, including:

  • Overall security posture score
  • Vulnerability and exploit gap analysis
  • Risk score for specific threat vectors
  • Tailor-made cybersecurity policies
  • Actionable, prioritized remediation tasks
  • And more


Tailored security policies

Cynomi automatically generates a set of NIST-based security policies. These are custom-created for each client and crafted to be easy-to-follow and actionable. These policies are completely editable, allowing the service provider to customize them.

On the Cynomi policies dashboard, service providers can view the compliance status for all policies generated, and drill down into the details of each. For example, the access policy screen below shows the client’s score, and allows drill-down into a breakdown of the policy’s requirements.

Cynomi vCISO

Remediation plan with actionable, prioritized tasks

Cynomi automatically creates remediation tasks, with a priority and impact rate of each task. Task types range from technical controls and procedures to configuration of security components and more. Service providers can customize the tasks, changing their priority, and add/remove tasks.


Customer facing reports

Cynomi includes a built-in customer-facing reporting suite. This enables providers to deliver branded, real-time, exportable status and progress reports for customer stakeholders – operations and management alike. These reports show security levels, improvement trends, compliance gaps and comparison with industry benchmarks – helping them easily show the progress you helped them make.

Cynomi vCISO

The Bottom line

Cynomi opens new recurring revenue streams for service providers that don’t yet offer vCISO services. For those that do offer vCISO services, Cynomi enables them to scale these services – without scaling in-house resources, by reducing dependency on manual expert work, and cutting vCISO work to a fraction of the time.

Whatever their current offering, services providers can leverage Cynomi to increase their sales pipeline – leveraging the platform’s comprehensive risk and compliance assessments to drive new opportunities. They can also enjoy more upsells, since Cynomi’s findings and recommendations substantiate and demonstrate the impact of new services and tools.

To learn more about Cynomi, visit

Don't miss