Cybersecurity and compliance that keep pace with your business

CyberUp helps startups, scale-ups, and corporates build and run security and compliance programs that satisfy regulators, pass audits, and support growth — without slowing you down.

Book a Consultation Our Expertise
ISO 27001 GDPR NIS 2 DORA SOC 2 PCI DSS IT SOX PSD2 NIST 800-53 CIS Controls
85% Typical reduction in audit findings within the first 90 days
€100-200K Average savings on implementation, tooling, and audit fees
10+ frameworks From ISO 27001 to DORA — one partner for all your compliance needs

Security programs designed to scale with you

Modular services across strategy, compliance, audit, cybersecurity, and operations. Start with what you need. Scale as your risk posture evolves.

Security Strategy & Virtual CISO

Security strategy, KPIs, and M&A due diligence aligned with board and investor expectations.

Learn more

GRC & Compliance

ISO 27001, SOC 2, PCI DSS, DORA, and IT SOX — control design, audit preparation, and compliance automation.

Learn more

Risk & Audit Support

Bridging the gap between auditor language and business reality. Strong evidence delivered for auditors and regulators.

Learn more

Cloud & DevSecOps

Hardened architectures, secure pipelines, and product security reviews — without slowing delivery.

Learn more

Security Operations

Incident playbooks, logging and SIEM strategy, vulnerability management, and day-to-day resilience.

Learn more

IT & Security Audit

Independent IT and security audits for compliance readiness, investor assurance, and ongoing control validation.

Learn more
Photo of Max Chernousov

Boutique cybersecurity and GRC advisory with hands-on practitioner experience.

Max Chernousov built and led security programs at hyper-growth tech companies and regulated fintechs, navigating PCAOB, ISO 27001, SOC 2, and DevSecOps at scale. He brings that practitioner mindset to every CyberUp engagement.

CISA / CIA / CEH

View profile on LinkedIn

Background

  • Led security strategy, roadmaps, and M&A due diligence at hyper-growth tech companies.
  • Built ISO 27001, SOC 2, and regulatory compliance programs in regulated fintech and payments.
  • Designed ITGC, third-party risk, and SOX 404 programs — guiding teams through PCAOB and external audits.
  • Hardened cloud infrastructure and CI/CD pipelines with DevSecOps guardrails across AWS and GCP.
  • Established security operations and incident response capabilities from the ground up.
  • Delivered independent IT and security audits for boards, investors, and regulated industries.

Practice Areas

IT Risk Management Audit & Assurance Due Diligence & M&A Security Operations Product Security Cloud & Infrastructure Security DevSecOps Enablement GRC Regulatory Compliance Incident Response Third-Party Risk Management Data Privacy & GDPR Business Continuity Security Architecture Identity & Access Management Vulnerability Management SOX IT Controls Security Awareness & Training

Certifications & Education

Core certifications

  • CISA Certified Information Systems Auditor
  • CIA Certified Internal Auditor
  • CEH Certified Ethical Hacker

Specialisations

  • Establishing IT and security operational foundations
  • Preparation for audit, due diligence, and M&A
  • Crisis management in IT and security

Depth When You Need It

Each service stream combines strategic advisory, hands-on implementation, and knowledge transfer so you stay audit-ready long after the engagement.

Security Strategy & Virtual CISO

Align strategy, roadmap, and KPIs with risk appetite and investor expectations without blocking engineering.

  • Fractional leadership, OKRs, and KPI dashboards for executives.
  • Roadmaps linked to funding rounds, markets, and compliance goals.
  • Investor / IPO due diligence documentation and coaching.

GRC, Compliance & Certification

Streamline ISO 27001, SOC 2, PCI DSS, GDPR, NIS 2, DORA, PSD2, and IT SOX programs without slowing product delivery.

  • Control framework design, policies, and evidence automation.
  • Internal audit prep, readiness assessments, remediation planning.
  • Audit coaching to keep findings minimal and meaningful.

IT Risk Assessment & Audit Support

Risk-based ITGC programs, SOX 404 readiness, and third-party risk management designed for modern stacks.

  • Risk registers, control testing, and remediation tracking.
  • Vendor diligence, SOC report reviews, onboarding playbooks.
  • Executive reporting that drives prioritisation.

Cloud Security & DevSecOps / Product Security

Hardened landing zones, secure SDLC guardrails, and collaborative threat modelling for fast-moving teams.

  • Cloud environment reviews (AWS and GCP) with NIST/CIS alignment.
  • CI/CD guardrails (SAST, DAST, IaC, dependency scanning) with KPIs.
  • Product security coaching, secure coding enablement, and security backlog prioritisation.

Security Operations & Incident Response

Resilient operations spanning IR playbooks, vulnerability management, and SIEM strategies tuned to your threat profile.

  • Incident response strategy, tabletops, and communication plans.
  • Vulnerability lifecycle management and disclosure programs.
  • Logging/SIEM architecture with dashboards for SOC and leadership.

IT & Security Audit

Independent IT and security audit programs built for audit committees, investors, and regulators — from ITGC and controls testing to full security posture reviews.

  • IT General Controls (ITGC) audit, testing, and remediation tracking.
  • Security posture assessments and gap analysis against ISO, NIST, and CIS benchmarks.
  • Pre-audit readiness reviews and evidence preparation for external auditors.

Ways to connect

Want to book instantly? Use the scheduling link below.

Book a Consultation

Ready to strengthen your security posture?

Book a discovery session to prioritise the next 90 days across compliance, product security, and IT risk. You will receive a prioritised action plan.

Book a Consultation Our Expertise