Cybersecurity and compliance that keep pace with your business

CyberUp helps startups, scale-ups, and corporates build and run security and compliance programs that satisfy regulators, pass audits, and support growth — without slowing you down.

Book a Consultation Our Expertise
ISO 27001 GDPR NIS 2 DORA SOC 2 PCI DSS IT SOX PSD2 NIST 800-53 CIS Controls
85% Typical reduction in audit findings within the first 90 days
€100-200K Average savings on implementation, tooling, and audit fees
10+ frameworks From ISO 27001 to DORA — one partner for all your compliance needs

Security programs designed to scale with you

Modular services across strategy, compliance, audit, cybersecurity, and operations. Start with what you need. Scale as your risk posture evolves.

Security Strategy & Virtual CISO

Security strategy, KPIs, and M&A due diligence aligned with board and investor expectations.

Learn more →

GRC & Compliance

ISO 27001, SOC 2, PCI DSS, DORA, and IT SOX — control design, audit preparation, and compliance automation.

Learn more →

Risk & Audit Support

Bridging the gap between auditor language and business reality. Strong evidence delivered for auditors and regulators.

Learn more →

Cloud & DevSecOps

Hardened architectures, secure pipelines, and product security reviews — without slowing delivery.

Learn more →

Security Operations

Incident playbooks, logging and SIEM strategy, vulnerability management, and day-to-day resilience.

Learn more →
Photo of Max Chernousov

Boutique cybersecurity and GRC advisory with hands-on practitioner experience.

Max Chernousov built and led security programs at high-growth tech companies and regulated fintechs, navigating PCAOB, ISO 27001, SOC 2, and DevSecOps at scale. He brings that practitioner mindset to every CyberUp engagement.

CISA / CIA / CEH

View profile on LinkedIn

Background

  • Former Head of Cybersecurity at high-growth tech companies.
  • Ex-Information Security Officer for regulated payments and fintech.
  • Audit lead who has navigated PCAOB, ISO 27001, and SOC 2 reviews.
  • DevSecOps engineer focused on CI/CD guardrails and cloud hardening.
  • ITGC SOX and third-party risk expert.

Practice Areas

IT Risk Management Audit & Assurance Due Diligence & M&A Security Operations Product Security Cloud & Infrastructure Security DevSecOps Enablement

Certifications & Education

  • CISA, CIA, CEH
  • Cisco CyberOps Associate, GCP & AWS security specialties
  • Project management and service management certifications
  • Degrees across computer science, information security, and management
  • Continuous training across NIST, CIS, CSA, and cloud academies

Depth When You Need It

Each service stream combines strategic advisory, hands-on implementation, and knowledge transfer so you stay audit-ready long after the engagement.

Security Strategy & Virtual CISO

Align strategy, roadmap, and KPIs with risk appetite and investor expectations without blocking engineering.

  • Fractional leadership, OKRs, and KPI dashboards for executives.
  • Roadmaps linked to funding rounds, markets, and compliance goals.
  • Investor / IPO due diligence documentation and coaching.

GRC, Compliance & Certification

Streamline ISO 27001, SOC 2, PCI DSS, GDPR, NIS 2, DORA, PSD2, and IT SOX programs without slowing product delivery.

  • Control framework design, policies, and evidence automation.
  • Internal audit prep, readiness assessments, remediation planning.
  • Audit coaching to keep findings minimal and meaningful.

IT Risk Assessment & Audit Support

Risk-based ITGC programs, SOX 404 readiness, and third-party risk management designed for modern stacks.

  • Risk registers, control testing, and remediation tracking.
  • Vendor diligence, SOC report reviews, onboarding playbooks.
  • Executive reporting that drives prioritisation.

Cloud Security & DevSecOps / Product Security

Hardened landing zones, secure SDLC guardrails, and collaborative threat modelling for fast-moving teams.

  • Cloud environment reviews (AWS, Azure, GCP) with NIST/CIS alignment.
  • CI/CD guardrails (SAST, DAST, IaC, dependency scanning) with KPIs.
  • Product security coaching, secure coding enablement, and security backlog prioritisation.

Security Operations & Incident Response

Resilient operations spanning IR playbooks, vulnerability management, and SIEM strategies tuned to your threat profile.

  • Incident response strategy, tabletops, and communication plans.
  • Vulnerability lifecycle management and disclosure programs.
  • Logging/SIEM architecture with dashboards for SOC and leadership.

Ways to connect

Want to book instantly? Use the scheduling link below.

Book a Consultation

Ready to strengthen your security posture?

Book a discovery session to prioritise the next 90 days across compliance, product security, and IT risk. You will receive a prioritised action plan.

Book a Consultation Our Expertise