Businesses need strategic security guidance, but most can’t afford a full-time CISO. That gap is where Cynomi and its MSP partners thrive.
Cynomi’s AI-powered platform combines built-in frameworks, automated assessments, compliance mapping, and tailored roadmaps. It gives MSPs a straightforward, scalable way to show real security leadership and it’s getting noticed across the industry.
The company was founded in 2021 by Israeli cyber veteran David Primor, who previously served as CTO and Head of R&D for Israel’s military intelligence and later the Executive Director of Technology for the Israel National Cyber Directorate. We caught up with Primor at Kaseya Connect Global to discuss how MSPs can scale consulting services and what separates Cynomi from the pack.
Here are the key points from that conversation, edited for clarity and length.
What Are the Challenges that an MSP Might Run into Billing Themselves as a vCISO?
Primor: More and more MSPs and MSSPs would like to expand the services beyond what they are currently providing to the virtual CISO space. That includes everything from risk management, compliance management, and posture management. A vCISO understands their clients’ cybersecurity level and then builds a program to strengthen it. Then this program can be used by the MSP to sell more services and tools.
However, there are big gaps that prevent MSPs from offering consultancy services. One big challenge is that they lack the knowledge. The second is that they don’t have the talent. And the third, it’s very difficult to provide those services at scale. Cynomi helps those service providers with technology that saves them time and enables productivity and scalability.
The platform is very comprehensive but very simple to use. Almost any security or IT expert—not necessarily a CISO—can use the platform and can get results, recommendations, and assessments like a pro.
What’s the Onboarding Process Like with Cynomi?
Primor: First we understand the potential of this MSP: how many customers can it support and how many customers are mature enough to be able to receive those virtual CISO services.
Usually, they start small—we call it land and expand. We teach them the Cynomi platform. We have some additional assets like Virtual Academy which helps from the technical point of view as well as from a business point of view. We’re trying to build an ecosystem of extremely useful content and invest heavily in education.
It’s an easy add because we aren’t replacing anything. We’re just adding more services. You can bundle it in different ways. We help MSPs to understand what is the best way to charge for it. Should you add another service, should you bundle it with an existing service, or should you provide it for free for some time?
MSPs that are using Cynomi see a 20% profit from using it. They say they’re saving more than 50%, sometimes 70%, of the time that these services typically take. And so companies that are choosing Cynomi in the right way with our enablement—I think that the ROI is tremendous.
David Primor
Does Cynomi Map To Common Compliance Frameworks?
Primor: Our platform has its own framework. We map it, of course, to the different other frameworks out there: NIST, CIS, HIPAA, etc. That means it is very uniform. Even if the MSP has several people doing the same kind of work or there is a change in the CISO role, everything remains common, standardized, and easy to use. When you get consistent results, that enables scalability.
We are trying to merge compliance and cybersecurity together.
In many cases, people just want to tick the box. We understand that, but the MSP’s goal is to make the company secured and compliant. The way to do that is to understand the gap and risk, and then translate it to very real actions that the MSP can take to not just be compliant, but to be continuously secure.
What Advantages Are There to Being an Israeli Company in This Space?
Primor: We have lots of cyber talent in Israel. Our security ecosystem produces lots of knowledge and other companies have roots here: Checkpoint, Palo Alto, and others. I also think we are very creative in Israel. Since we are coming from outside of the MSP world in the US, we are not afraid to learn from the community and to adjust.
To work in this market, we have to have a very substantial presence in the US. That’s why our sales and event marketing people are from the US. But the product itself was created in Israel.
With Supply Chain Issues and Tariff Threats, Is Now the Time to Invest in New Cybersecurity Tools?
Primor: Yeah, I think the risk is not using new cybersecurity tools because you need to provide services to stay competitive.
It’s similar to another very common question, “Should I use AI?” Because there are a lot of AI risks. What I can assure you is that Cynomi is a very secure company. We are SOC 2. We are ISO 27001 certified. We are a small company but we have our own CISO. So we take it very seriously.
I think that the fact that there is a gap in the market and because there is no product like us. MSPs want to be different, want to be more efficient, want to make more money. Cynomi is the leading product in the vCISO consultancy space.
You Mentioned AI. How Are Is Cynomi Leveraging It?
Primor: So first, the algorithms for mapping between our framework and the different compliance frameworks. We support about 30 frameworks today.
We have a very tight integration between the different assets within Cynomi as well. So the risks, the compliance requirements, the assets, the processes—everything is connected. And we’re using AI to make the connections. So AI helps us provide a lot of knowledge.
Now, with the new investment that we’ve got, we’re adding many more AI capabilities. Not only from our internal frameworks and insights, but also so the user gets more customized results.
What’s Your Advice to an MSP That Wants to Grow Their Business Significantly This Year?
Primor: We’re seeing the services in the security market grow dramatically. Consulting is a huge part of that…the market size is about $8 billion for these consulting services.
MSPs want better MRR. They want to move from only selling tools and get more revenue from the knowledge that they have. Consultative services are the answer; we see many MSPs getting lots of money from that. Huge companies are finding new revenue in the GRC and compliance consulting world.
When you create a security assessment and see which cyber domains are weaker than others, you can focus on goals with your customers. It creates transparency. When you understand that something is wrong and you can explain it, the customer is more open to investing.
Creating communication and transparency based on cybersecurity assessments, I think it’s the best way for MSPs to get more business.
Any Final Advice to Share with the Audience?
Primor: I think that in the age of AI and with all the third-party risk that businesses have, MSPs should focus on how to secure their customers and make a good business from that. Acting as consultants will serve both themselves and the clients.
