CyAdviso is a specialist cybersecurity advisory practice registered in Latvia (SIA CyAdviso, reg. 40203253216). It provides virtual CISO (vCISO) services, DORA compliance programmes and ICT risk management to EU-licensed financial entities — EMIs, PIs and CASPs. Engagements have operated under supervision of the UK FCA, Bank of Lithuania, Central Bank of Cyprus and Latvijas Banka. CyAdviso was founded in 2020 and is led by Andrey Gubarev, CISO for EU fintechs.

About CyAdviso

Who is CyAdviso?

CyAdviso is a specialist cybersecurity advisory practice registered in Latvia (SIA CyAdviso, reg. 40203253216). It provides virtual CISO (vCISO) services, DORA compliance programmes and ICT risk management to EU-licensed financial entities — Electronic Money Institutions (EMIs), Payment Institutions (PIs) and Crypto Asset Service Providers (CASPs). Engagements have operated under supervision of the UK FCA, Bank of Lithuania, Central Bank of Cyprus and Latvijas Banka. CyAdviso was founded in 2020 and is led by Andrey Gubarev, CISO for EU fintechs.

Legal name	SIA CyAdviso
Founded	2020
Registration	Latvia · reg. 40203253216 · EU VAT LV40203253216
Clients served	EMIs · PIs · CASPs — EU and UK regulated
Regulator context	FCA · Bank of Lithuania · Central Bank of Cyprus · Latvijas Banka
Focus	DORA · ICT Risk · Outsourcing Oversight · Evidence · Board Reporting
Location	Riga, Latvia — serving fintechs across the EU and UK
Contact	info@cyadviso.com

The CISO behind CyAdviso

Andrey Gubarev — CISO for EU fintechs

Andrey Gubarev is the founder of CyAdviso and its lead CISO. He has worked in cybersecurity for over 20 years (since 2001) and has held CISO-level roles since 2008. He specialises in ICT risk management, outsourcing oversight, evidence management and board-level security reporting for EU-licensed financial entities. He holds CISM and CDPSE certifications from ISACA, and SABSA Foundation from the SABSA Institute.

20+ years in cybersecurity
CISO since 2008
3 certifications
CISM · CDPSE · SABSA

What We Focus On

Four areas where CyAdviso delivers

Every engagement is scoped around these four outcomes — not a generic policy pack.

ICT Risk Management
Governance clarity from the management body down — documented framework, risk register, asset classification, management-body oversight. Built for DORA proportionality: scoped to your size, not a generic standard dump.
Outsourcing Oversight
Article 30 contractual provisions, Register of Information, supplier criticality rationale and concentration-risk view across critical or important functions. Audit-ready, maintained between reviews.
Evidence Management
Traceable controls, after-action reports, board packs and evidence indices — structured so the same control questions stop coming back at every supervisory review.
Board Reporting
Decision-ready security governance, not compliance optics. The management body receives what they need to act on — and what the regulator expects to see documented.

Who We Serve

EU-licensed fintechs under regulatory supervision

CyAdviso works exclusively with regulated financial entities — not generic enterprise IT. The work is scoped to the regulatory framework the client operates under.

Electronic Money Institutions (EMIs)

ICT risk framework, DORA readiness, evidence cleanup and board reporting for EMIs licensed under the EMD2/PSD2 regime and within DORA scope from January 2025.

Payment Institutions (PIs)

DORA programme delivery, supplier oversight, incident classification and regulator liaison for PIs of all sizes — including DORA-proportional scoping for smaller entities.

Crypto Asset Service Providers (CASPs)

Shared evidence model for DORA operational resilience and MiCA cybersecurity obligations — scoped to avoid duplication between the two frameworks.

Engagements operated under supervision of

UKFinancial Conduct AuthorityFCA

LTLietuvos BankasBank of Lithuania

LVLatvijas BankaBank of Latvia

CYCentral Bank of CyprusCBC

Client names are withheld by mutual agreement. Regulator context is accurate — substantiated by engagements across these four supervisory regimes.

Track Record

What the engagement history looks like

8+EU fintech engagements — EMIs, PIs, CASPs

4regulatory regimes — FCA · BoL · CBC · Latvijas Banka

“Within 90 days, our framework was documented, defensible, and the regulator stopped repeating the same control questions.”

CEO · EMI licensed by Bank of Lithuania

“Zero ICT governance documentation to a board-approved framework and a regulator-ready evidence pack.”

Managing Director · Payment Institution · Lithuania

Direct references available on a discovery call with mutual consent. Client details are anonymised — NDA maintained across all engagements.

Legal Entity

SIA CyAdviso

Legal name: SIA CyAdviso
Registration number: 40203253216
EU VAT: LV40203253216
Registered in: Republic of Latvia, European Union
Founded: 2020
Service type: Cybersecurity advisory — vCISO, DORA, ICT risk management

CyAdviso provides cybersecurity advisory services. It is not a regulated audit firm or a law firm. Engagements are scoped under written advisory agreements.

Get in touch

Ready to talk about your ICT risk posture?

Start with the 3-minute DORA readiness check, or book a 15-minute scoping call. No commitment.

Book a 15-min scoping call → Take the 3-min DORA Check

Or email directly: info@cyadviso.com