Cynomi Automated Virtual CISO

Growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. Since most companies this size don't have in-house CISO expertise – the demand for virtual CISO (vCISO) services is also growing. Yet current vCISO services models still rely on manual, humanCISO expertise. This makes these services costly and tough to scale – leaving MSPs, MSSPs and consulting firms unable to add vCISO service to their portfolio or scale their existing vCISO services to meet the growing demand.

This is the challenge Cynomi's Automated vCISO platform is trying to solve. The company's AI-powered vCISO platform automatically generates everything vCISO service providers need to provide their clients, fully customized for each and every client: risk and compliance assessments, gap analysis, tailored security policies, strategic remediation plans with prioritized tasks, tools for ongoing task management, progress tracking and customer-facing reports.

Cynomi enables managed service providers and consulting firms to provide ongoing vCISO services at scale by automating much of the manual, expert and time-consuming vCISO work, empowering their existing teams.

In this review we'll take a deep dive into how Cynomi works, and the potential benefits service providers and consultants can derive from the platform.

Setting up and managing multitenant client accounts

Cynomi was designed from the ground up for multitenancy. This means that service providers can offer the Cynomi platform to any number of their clients - managing each separately. The system enables this by letting service providers independently create and manage a separate sub-account for each client. For each client, service providers can create users and delegate roles or ownership within their team.

Cynomi Automated Virtual CISO

To onboard a new client, the service provider fills the onboarding questionnaire:

Cynomi Automated Virtual CISO

The results of the onboarding questionnaire determine which follow up proprietary questionnaires you'll need to fill for your client

Cynomi Automated Virtual CISO

The service provider also runs the Cynomi proprietary scans that assess each client's external-facing assets - discovering critical vulnerabilities in externally visible IPs and URLs, and covering ports, protocols, encryption types, web sites, web applications, emails, DNS servers and certifications.

Cynomi Automated Virtual CISO

Cynomi also enables service providers to conduct scans of internal client assets like Office365, Active Directory and more.

The service provider can drill down into each finding from a scan to see an in-depth description and remediation options. Vulnerabilities detected are automatically added to the account task list, and prioritized according to their severity.

Cynomi Automated Virtual CISO

MSP staff can drill down into each finding from each scan to see an in-depth description and remediation options. Vulnerabilities detected are automatically added to the account task list, according to their severity. Cynomi also enables service provider to conduct scans of internal client assets like Office365, Active Directory and more.

AI-driven assessment

Based on the questionnaires and scans, Cynomi creates a cyber profile for each client. It then continuously parses the findings from questionnaires and scans against industry-specific security standards, regulatory frameworks, and threat intelligence. The Cynomi technology engine, modeled after the knowledge of the world's best CISOs, then generates the vCISO dashboard, a single-pane-of-glass view of each client's overall security posture, including:

  • Overall security posture score
  • Vulnerability and exploit gap analysis
  • Risk score for specific threat vectors
  • Tailor-made cybersecurity policies
  • Actionable, prioritized remediation tasks
  • And more
Cynomi Automated Virtual CISO

Tailored security policies

Cynomi automatically generates a set of NIST-based security policies. These are custom-created for each client and crafted to be easy-to-follow and actionable. These policies are completely editable, allowing the service provider to customize them.

On the Cynomi policies dashboard, service providers can view the compliance status for all policies generated, and drill down into the details of each. For example, the access policy screen below shows the client's score, and allows drill-down into a breakdown of the policy's requirements.

Cynomi Automated Virtual CISO

Remediation plans with actionable, prioritized tasks

Cynomi automatically creates remediation tasks, with priority and impact rate of each task, via AI algorithms modeled after the knowledge of the world's best CISOs. Task types range from technical controls and procedures to configuration of security components and more. Service providers can customize the tasks, changing their priority, and add/remove tasks.

On the tasks screen below, filters enable account managers to concentrate on specific domains, jump back to tasks that are already in progress or focus on high severity tasks only. All progress is tracked, and tasks completed are automatically reflected in the client's overall security posture score. Cynomi enables drill down into any task for a step-by-step guidance to put a control in place or mitigate a gap.

Cynomi Automated Virtual CISO

Continuous updates

Unlike one-time assessment tools, Cynomi continuously updates all client risk scores, compliance readiness, policies and tasks. Changes to client environments, regulatory regimes and industry threat intelligence are automatically reflected in Cynomi. This assures managed service providers and consultants that Cynomi always presents up-to-date information, and automatically updates policies and tasks – so they don't have to do it themselves.

The Bottom Line

Cynomi opens new recurring revenue streams for service providers that don't yet offer vCISO services, while using their existing staff. For those that do offer vCISO services, Cynomi enables them to scale these services – without scaling in-house resources, by reducing dependency on manual expert work, and cutting vCISO work to a fraction of the time.

Whatever their current offering, services providers can leverage Cynomi to increase their sales pipeline – leveraging the platform's comprehensive risk and compliance assessments to drive new opportunities. They can also enjoy more upsells, since Cynomi's findings and recommendations substantiate and demonstrate the impact of new services and tools. And most importantly, in today's hyper-competitive market, Cynomi helps service providers lower churn with ongoing, strategic services that increase customer trust and satisfaction. To learn more about Cynomi, visit

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.