Who is CyAdviso?
CyAdviso is a specialist cybersecurity advisory practice registered in Latvia (SIA CyAdviso, reg. 40203253216). It provides virtual CISO (vCISO) services, DORA compliance programmes and ICT risk management to EU-licensed financial entities — Electronic Money Institutions (EMIs), Payment Institutions (PIs) and Crypto Asset Service Providers (CASPs). Engagements have operated under EU financial-sector supervision. CyAdviso was founded in 2020 and is led by Andrey Gubarev, CISO for EU fintechs.
| Legal name | SIA CyAdviso |
|---|---|
| Founded | 2020 |
| Registration | Latvia · reg. 40203253216 · EU VAT LV40203253216 |
| Clients served | EMIs · PIs · CASPs — EU-regulated |
| Regulator context | EU financial-sector supervision |
| Focus | DORA · ICT Risk · Outsourcing Oversight · Evidence · Board Reporting |
| Location | Riga, Latvia — serving fintechs across the EU |
| Contact | info@cyadviso.com |
Andrey Gubarev — CISO for EU fintechs
Andrey Gubarev is the founder of CyAdviso and its lead CISO. He has worked in cybersecurity for over 20 years (since 2001) and has held CISO-level roles since 2008. He specialises in ICT risk management, outsourcing oversight, evidence management and board-level security reporting for EU-licensed financial entities. He holds CISM and CDPSE certifications from ISACA, and SABSA Foundation from the SABSA Institute.
-
20+
years in cybersecurity
CISO since 2008 -
3
certifications
CISM · CDPSE · SABSA
Four disciplines. Three entity types.
Each engagement is scoped to the frameworks your licence requires — no generic standard, no sector-wide template.
ICT Risk Management
Governance framework, risk register, asset classification and management-body oversight — sized to your entity under DORA proportionality principles.
Outsourcing Oversight
Article 30 contractual provisions, Register of Information, supplier criticality rationale and concentration-risk view — built to hold up at every supervisory review.
Evidence Management
Traceable controls, after-action reports, board packs and evidence indices — structured so the same control questions stop coming back.
Board Reporting
Decision-ready security governance — the management body receives what they need to act on and what the regulator expects to see documented.
Electronic Money Institutions (EMIs)
ICT risk framework, DORA readiness, evidence cleanup and board reporting for EMIs licensed under the EMD2/PSD2 regime and within DORA scope from January 2025.
Payment Institutions (PIs)
DORA programme delivery, supplier oversight, incident classification and regulator liaison for PIs of all sizes — including DORA-proportional scoping for smaller entities.
Crypto Asset Service Providers (CASPs)
Shared evidence model for DORA operational resilience and MiCA cybersecurity obligations — scoped to avoid duplication between the two frameworks.
EU-licensed entities we serve
Client names are withheld by mutual agreement; engagements have operated under EU financial-sector supervision.
Advisory firms and compliance consultancies — see CyAdviso’s partner programme.
What the engagement history looks like
“Within 90 days, our framework was documented, defensible, and the regulator stopped repeating the same control questions.”
“Zero ICT governance documentation to a board-approved framework and a regulator-ready evidence pack.”
See how these engagements look in practice →
Direct references available on a discovery call with mutual consent. Client details are anonymised — NDA maintained across all engagements.
Enough to scope an engagement?
A 15-minute scoping call covers your entity type, current ICT evidence state and what an engagement looks like in practice.
Or email directly: info@cyadviso.com
SIA CyAdviso
- Legal name
- SIA CyAdviso
- Registration number
- 40203253216
- EU VAT
- LV40203253216
- Registered in
- Republic of Latvia, European Union
- Founded
- 2020
- Service type
- Cybersecurity advisory — vCISO, DORA, ICT risk management
CyAdviso provides cybersecurity advisory services. It is not a regulated audit firm or a law firm. Engagements are scoped under written advisory agreements.
Ready to talk about your ICT risk posture?
Start with the 3-minute DORA readiness check, or book a 15-minute scoping call. No commitment.
Or email directly: info@cyadviso.com