How CA2 Security Increased Revenue and Simplified Security Management for Their Clients

CA2 upgraded their security offering with Cynomi’s vCISO, risk assessment and reporting capabilities. By replacing spreadsheets with Cynomi they were able to reduce costs, open doors to new clients, engage with customer leadership and cut risk assessment times by 40%.


At a Glance


CA2 Security offers vCISO services, consulting, risk and compliance assessments and additional services to companies, ranging from mid-market to enterprises. By taking away the day-to-day management of security, CA2 enables leaders and IT to focus on growth and technology.


  • Cumbersome and incoherent spreadsheets
  • Manual risk assessment and security management processes
  • Lack of visibility into customers’ security and compliance posture
  • Difficulty mapping to security and compliance frameworks
  • Limited ability to engage with new prospects


  • Upgrade to a pre-built and streamlined risk assessment process
  • Use Cynomi’s security and compliance frameworks
  • Build upon Cynomi’s security suggestions
  • Develop and tracking security plans in Cynomi
  • Utilize Cynomi as a risk register for clients
  • Leverage Cynomi’s reports to engage with management


  • Increased profitability
  • Improved efficiency
  • Leadership-level business discussion
  • 40% reduction in risk assessment time
  • Opened doors to new prospects
  • Generated upsell to existing clients


CA2 Security provides a wide range of security services to enterprises, large-sized businesses and the mid-market sector. Their services include vCISO services, consulting on security and compliance readiness, incident response, cloud security and zero trust, security testing, and auditing and compliance management. These services enable CA2 to simplify security risk management for their clients. Leaders can focus on growth and IT can focus on technology, while CA2 takes away the day-to-day management and implementation of security measures and practices.

The Challenge

Before Cynomi, CA2 Security relied heavily on spreadsheets, using them for risk assessments, compliance posture management, and more.

However, managing and tracking these spreadsheets was an exhausting and ineffective. Spreadsheets did not provide the context or visibility that CA2 required to serve their clients. For example, to effectively provide high quality fractional CISO (vCISO) services, they needed comprehensive visibility into what their clients were doing, any security gaps they had and how their clients were progressing with their security plan. Spreadsheets were not able to provide this information or level of detail.

In addition, spreadsheets made it difficult to map their clients’ security and compliance posture to frameworks. The manual process they were using was cumbersome and lacked standardization. It was also hard to track.

The Solution

“The first time I used Cynomi, I knew I had made the right decision.”

– Carlos Rodriguez, vCISO and Cybersecurity Consultant, CA2 Security

CA2 chose Cynomi to support both ongoing vCISO services and one-off risk and compliance assessments. With Cynomi, CA2 can effectively conduct assessments, identify gaps, prioritize tasks, set up security policies, track progress and report to management.

As a first step with all new clients, CA2 uses Cynomi for conducting a risk assessment. In some cases, they also conduct a compliance assessment. The pre-built, streamlined risk assessment flow in Cynomi allows CA2 to easily gather the required data and engage in insightful conversations with the clients. This enables CA2 to easily understand their client’s domain and any gaps, so they can propose adjustments and improvements.

Cynomi also allows CA2 to easily choose the security or compliance framework they want to work on for the assessment. Once the assessment is completed, CA2 can simply download the results in a spreadsheet and send it to the client. The client can then review the frameworks, gaps, nodes, and more information. If a new framework is required, getting its compliance readiness status is a matter of a few clicks.

For vCISO service clients, CA2 then uses Cynomi’s preset policies to set up policies quickly and efficiently, enhancing their security posture.

“Many of my clients either didn’t have any policies or were using outdated ones. The ability to manipulate Cynomi’s preset policies to build new ones is a big win.”

– Carlos Rodriguez, vCISO and Cybersecurity Consultant, CA2 Security

In addition, CA2 uses Cynomi to set up a security plan for vCISO customers, which is based on the assessment. In Cynomi, CA2 can set up tasks, prioritize them and track progress. Cynomi also provides suggestions on how to address compliance or address security gaps in the plan. This makes it easier for CA2 to make security suggestions to IT, since Cynomi simplifies security management and makes it accessible. IT can easily understand what needs to be done.

“When I have a conversation with my client’s IT, the suggestions are right in front of me. It’s very simple and my clients immediately get it.”

– Carlos Rodriguez, vCISO and Cybersecurity Consultant, CA2 Security

CA2 also uses Cynomi as a risk register, allowing cybersecurity and IT to see their current risk at all times.

Finally, CA2 uses Cynomi’s reporting, language and processes to create a report to the executive team. This report is designed for the executive team’s understanding and needs.

“The managing partner of the firm said to me, ‘The report was easy to understand and clearly outlined the risk that the firm faces while providing clear guidance for mitigation plans. This is what we needed.’ Cynomi allows me to have better conversations with executives.”

– Carlos Rodriguez, vCISO and Cybersecurity Consultant, CA2 Security

Most of CA2’s clients also have access to Cynomi, allowing them to track their own security posture and tasks. This also enables CA2 to upsell service hours, helping them analyze findings and track tasks and progress.

The Impact

Cynomi has helped CA2 grow their business and achieve their goals. By using Cynomi, CA2 was able to benefit from:

Increased Profitability

Cynomi allows CA2 to be more efficient, achieving the same results in less hours. This allows for higher profit margins and using that saved time for other revenue-driving projects.

40% Risk Assessment Time Reduction

Cynomi’s streamlined and pre-built risk assessment flow saves CA2 30-40% of the time they previously spent on the assessment process. Instead of manually creating questions and flows, Cynomi provides all the information in a clear, straightforward and sequential manner.

Simplified Security Management

CA2 was looking for a platform that would enable them to replace spreadsheets and simplify their services management. Cynomi provides CA2 and their clients with a central location that shows the security posture, security plan, progress, and more in a straightforward manner facilitating a true business discussion with the client’s executive team. This enables CA2 and their customers to easily understand their status and gaps and prioritize next steps.

“Our clients love Cynomi because it’s very focused.”

– Carlos Rodriguez, vCISO and Cybersecurity Consultant, CA2 Security

New Sales Tool

CA2 has been using Cynomi to engage with prospects. Showing them Cynomi and its capabilities has opened the door for talking with prospects, enabling them to start a conversation with IT, security and even leadership. Cynomi helps shine a professional light on CA2, who can use Cynomi to showcase the gaps and what needs to be done.

“When they see Cynomi, it just clicks and the conversation continues. We’ve converted prospects this way.”

– Carlos Rodriguez, vCISO and Cybersecurity Consultant, CA2 Security

New Upsell Tool

In addition to new prospects, CA2 have been able to upsell to their existing clients. Once their clients have access to Cynomi, CA2 can offer service hours for consulting, reviewing, assessing, and more.

CA2 plans to continue their use of Cynomi, leveraging the platform for providing high quality services for customers. This is due to Cynomi’s capabilities and the service they have received from Cynomi’s team.

“The main thing I’m happy about with Cynomi is that you guys listen. It’s a partnership.”

– Carlos Rodriguez, vCISO and Cybersecurity Consultant, CA2 Security