Skip to main content
About CyAdviso

Who is CyAdviso?

CyAdviso is a specialist cybersecurity advisory practice registered in Latvia (SIA CyAdviso, reg. 40203253216). It provides virtual CISO (vCISO) services, DORA compliance programmes and ICT risk management to EU-licensed financial entities — Electronic Money Institutions (EMIs), Payment Institutions (PIs) and Crypto Asset Service Providers (CASPs). Engagements have operated under EU financial-sector supervision. CyAdviso was founded in 2020 and is led by Andrey Gubarev, CISO for EU fintechs.

Legal nameSIA CyAdviso
Founded2020
RegistrationLatvia · reg. 40203253216 · EU VAT LV40203253216
Clients servedEMIs · PIs · CASPs — EU-regulated
Regulator contextEU financial-sector supervision
FocusDORA · ICT Risk · Outsourcing Oversight · Evidence · Board Reporting
LocationRiga, Latvia — serving fintechs across the EU
Contactinfo@cyadviso.com
The CISO behind CyAdviso

Andrey Gubarev — CISO for EU fintechs

Andrey Gubarev is the founder of CyAdviso and its lead CISO. He has worked in cybersecurity for over 20 years (since 2001) and has held CISO-level roles since 2008. He specialises in ICT risk management, outsourcing oversight, evidence management and board-level security reporting for EU-licensed financial entities. He holds CISM and CDPSE certifications from ISACA, and SABSA Foundation from the SABSA Institute.

  • 20+ years in cybersecurity
    CISO since 2008
  • 3 certifications
    CISM · CDPSE · SABSA
What We Deliver

Four disciplines. Three entity types.

Each engagement is scoped to the frameworks your licence requires — no generic standard, no sector-wide template.

  • ICT Risk Management

    Governance framework, risk register, asset classification and management-body oversight — sized to your entity under DORA proportionality principles.

  • Outsourcing Oversight

    Article 30 contractual provisions, Register of Information, supplier criticality rationale and concentration-risk view — built to hold up at every supervisory review.

  • Evidence Management

    Traceable controls, after-action reports, board packs and evidence indices — structured so the same control questions stop coming back.

  • Board Reporting

    Decision-ready security governance — the management body receives what they need to act on and what the regulator expects to see documented.

Electronic Money Institutions (EMIs)

ICT risk framework, DORA readiness, evidence cleanup and board reporting for EMIs licensed under the EMD2/PSD2 regime and within DORA scope from January 2025.

Payment Institutions (PIs)

DORA programme delivery, supplier oversight, incident classification and regulator liaison for PIs of all sizes — including DORA-proportional scoping for smaller entities.

Crypto Asset Service Providers (CASPs)

Shared evidence model for DORA operational resilience and MiCA cybersecurity obligations — scoped to avoid duplication between the two frameworks.

EU-licensed entities we serve

EUElectronic Money InstitutionsEMI
EUPayment InstitutionsPI
EUCrypto-Asset Service ProvidersCASP

Client names are withheld by mutual agreement; engagements have operated under EU financial-sector supervision.

Advisory firms and compliance consultancies — see CyAdviso’s partner programme.

Track Record

What the engagement history looks like

10+companies across Europe — EMIs, PIs, CASPs
EUDORA, MiCA & NIS2 regulatory regimes
“Within 90 days, our framework was documented, defensible, and the regulator stopped repeating the same control questions.”
CEO · EU-licensed EMI
“Zero ICT governance documentation to a board-approved framework and a regulator-ready evidence pack.”
Managing Director · Payment Institution

See how these engagements look in practice →

Direct references available on a discovery call with mutual consent. Client details are anonymised — NDA maintained across all engagements.

Enough to scope an engagement?

A 15-minute scoping call covers your entity type, current ICT evidence state and what an engagement looks like in practice.

Or email directly: info@cyadviso.com

Get in touch

Ready to talk about your ICT risk posture?

Start with the 3-minute DORA readiness check, or book a 15-minute scoping call. No commitment.

Or email directly: info@cyadviso.com