Cynomi Exec On The Value vCISOs Can Bring To MSPs

‘Standardization procedures, allowing something that has built-in CISO knowledge, doesn’t mean we’re replacing the CISO. It means we’ve built the knowledge into it so we can drive labor rates down. You guys can be more involved,’ says Tim Coach, Cynomi’s chief evangelist of community and channels.

MSPs looking to bring virtual CISO services have to start by digging deep into their customers’ operations to go beyond what customers say they need in order to provide what they really need.

That’s the message from Tim Coach, chief evangelist of community and channels at Cynomi, a Tel Aviv, Israel-based provider of virtual chief information security officer [vCISO] technology, who told an audience of MSPs at this week’s XChange March 2026 conference that it is equally important for vCISOs to focus on the security of their customers.

“Security first, compliance by default,” Coach said. “Has anybody in here been through a security audit or certification? Raise your hand. Are you still compliant? You don’t have to be. You can fall out of compliance pretty easily. But if you’re driving to security against a framework, compliance goes by default.”

XChange March 2026 was being hosted by CRN parent The Channel Company this week in Orlando, Fla.

MSPs’ customers also need to know that bringing on a vCISO does not mean replacing their existing CISO.

“Standardization procedures, allowing something that has built-in CISO knowledge, doesn’t mean we’re replacing the CISO,” he said. “It means we’ve built the knowledge into it so we can drive labor rates down. You guys can be more involved.”

Building a vCISO practice, or building any MSP service in general, starts with understanding how to talk with clients, Coach said.

“We’re talking to clients about being advisers, and when you advise someone, you have to talk to them in their language,” he said. “It’s my job to take all the super nerdy stuff we’re doing in the background, all the great content our marketing is creating, and actually translate that into what you guys understand. So I can go super nerdy, but then all of you are going to fall asleep, and I’ll see you on your phones and on your laptops, and then I’ve failed as a speaker.”

It’s the same when talking with customers, Coach said. For instance, an MSP can go to clients and talk about Security Operations Centers, security information and event management, endpoint detection and response, and so on.

“But all they hear is cost,” he said. “And why is that? We’ve done it for ourselves. Because every time we walk into them, it’s how we upsell. What we should be doing is talking about business insurance. ‘If I do these things, I can help assure that your revenue goals for Q4 or in place.’ Oh, ‘revenue.’ They understand that word because that’s the way they talk.”

Quit talking about zeros and ones, Coach said.

“This is what they look at: ‘How am I going to make money?’” he said. “’How am I going to lose money? Where is my risk?’ These are the important pieces of their conversation. So when I say to you you need to be an adviser, you truly need to do that whole, ‘I want to be a trusted adviser.’ This is the way they talk when you step into a boardroom. For anybody that’s been in a C-level conversation and you’re not talking about money, what are you talking about?”

The need for vCISOs is growing because businesses need CISOs, but they are few and far between, which is why Cynomi builds CISO-level intelligence into its platform, Coach said.

Cynomi helps improve MSPs’ ability to grow their security business with vCISO services that can eliminate bottlenecks, Coach said.

The AI-powered platform offers a built-in CISO intelligence co-pilot, complete security program management, standardized delivery across all team members and clients, easy-to-understand executive dashboards, revenue insight mapped to client security gaps, and a short time to value, he said.

It also is designed around Coach’s mantra of security first, compliance as default across over 40 different frameworks.

Looking ahead, Coach said Cynomi is looking to add new frameworks to its platform.

“We’re putting out new frameworks like chiclets,” he said. “I don’t know how they do it in dev, and we got a couple of guys running through that, but if you have one that’s a pretty big impact for you, let us know, and we’ll actually talk to you to see what it’s going to take to get it in for you.”

Also new is a bi-directional API to make it easier to add new integrations to the platform, as well as more agents and more CISO capabilities, Coach said.

“We’re looking at being a fully agentic platform. … Agentic AI now allows you to go on the platform and do quite a bit more, just like the command prompt,” he said. “Or if you’re lazy like me, you have a voice prompt that’s like F5 on your computer that allows you to start talking. It gives you what you’re looking for, or at least a starting point.”

Don Monistere, president and CEO of General Informatics, a Baton Rouge, La.-based MSP and Cynomi channel partner, told CRN that he has seen Cynomi continue to work on its platform.

“They continue to hire incredible people,” Monistere said. “They’ve been very aggressive in the various people that they’ve hired within the channel. I think that’s been real positive. They definitely listen to their customers because a lot of the things that are in their product today we recommended a year ago, and they put it in the framework. We’re very pleased to be a partner.”

Cynomi was a big factor in extending General Informatics’ vCISO capabilities, Monistere said.

“We had three vCISOs that were overloaded,” he said. “We brought in the toolset, and they were able to take on responsibility for more customers, which obviously impacted our margin. vCISOs are not cheap.”