Cynomi Exec To MSSPs: Virtual CISO Services Is ‘One Of The Top Two That Offers Very High Margins’
Joseph F. Kovar
‘Our platform contains all the C- level know-how and automatically sees your cybersecurity gaps and compliance gaps of your clients. And we enable that as a full multitenancy platform since we’re a 100 percent channel company,’ says Royi Barnea, Cynomi’s vice president of channel sales.
MSSPs that bring virtual CISO services to their customers will not only find new opportunities to help improve their security but will also see significantly improved margins.
That’s the word from Royi Barnea, vice president of channel sales at Herzliya, Israel-based Cynomi, which provides vCISO-as-a-service capabilities to MSSPs and consultants at scale.
Barnea Monday told an audience of MSPs and MSSPs at this week’s XChange NexGen conference in Houston, hosted by CRN parent The Channel Company, that there are several misconceptions about vCISO services. These include assumptions that it is only about compliance and controls, or that smaller or midsize businesses don’t need to worry about compliance issues, he said.
“vCISO services enable you to really understand what’s going on in your clients’ environments,” he said. “What is sensitive for one client and not for others? What are the cybersecurity gaps or even compliance gaps? And how to automatically create and generate a framework that can address those gaps, set up a full plan with full guidance to basically reduce cybersecurity gaps and compliance gaps, and increase the cybersecurity posture of your clients.”
Cynomi, in a recent survey of MSPs and MSSPs it did with a third-party company, found that only 19 percent are currently offering vCISO services today, but 86 percent said they are planning to offer or add vCISO services by the end of 2025, Barnea said.
In the survey, 39 percent of MSPs and MSSPs said they are looking at vCISO services as a way to expand their cybersecurity offerings, 36 percent said it was to improve their operations and efficiency, and 32 percent said it was to improve their profitability.
The survey also asked what benefits the MSPs and MSSPs expected to get from offering vCISO services, Barnea said. About 44 percent cited vCISO services as an easy upsell, 43 percent said it would increase margins, and 42 percent said it would improve customer security, he said.
“We all know that the main traditional services—endpoints, EDRs [endpoint detection and response], email security, gateways and firewalls are a great offering today,” he said. “But I’m hearing from each and every one of you when I’m meeting with you that margins are getting lower and lower. There’s huge competition. Let’s be honest, the majority of service providers are offering those today, and the margins are getting low. vCISO ... is one of the top two services that offers very high margins.”
When it comes to vCISO services, Cynomi’s platform is cybersecurity-first and compliance-first, Barnea said.
“And you all know that if you’re compliant, it doesn’t mean you’re secured,” he said. “And if you’re secured, that doesn’t mean you’re compliant. Cynomi is the only platform that basically covers both sides of the coin. And we do that with an automated platform.”
Many MSSPs and MSPs are concerned that they might need deep CISO knowledge to offer vCISO services, Barnea said.
“I’ll be honest,” he said. “You do need some cybersecurity understanding and security awareness. But you do not need to be a full CISO to operate our platform and provide those services.”
Because every customer is different, Cynomi has a unique on-boarding process that asks 15 to 18 questions an AI-based wizard uses to automatically populate the relevant domains and framework for that specific customer.
“Our platform provides them the ability to generate a risk mitigation plan, test mitigation plan, [all] fully automated,” he said. “Our platform contains all the C- level know-how and automatically sees your cybersecurity gaps and compliance gaps of your clients. And we enable that as a full multitenancy platform since we’re a 100 percent channel company.”
The idea of offering vCISO services is something Portland, Ore.-based MSP Tech Heads has been pushing, and Barnea brought up some important points, said Earl Poland, director of IT operations for TechHeads.
“Most of our clients, who are small to medium-size businesses, are actually asking for that type of advice,” Poland told CRN. “So we’re in the process of adding it. We’ve actually got someone on staff that has done some of that work for us more on the professional services side. We’re now working on the MSP side of the business.”
The kind of advice an MSP with vCISO experience can offer customers is key, Poland said.
“Our customers don’t know what they don’t know,” he said. “And they’re actually coming to us and saying, ‘Why didn’t you tell me? Why didn’t you educate me?’ Which is a great problem to have, rather than them saying, ‘Why are you trying to sell me something?’ So the approach we’ve been taking is really educating them. And we’ve seen that paying off in that respect. We’re getting a lot more revenue, software licensing and services because of it.”