Your All-round Cyber-Intelligent Sidekick
Our current features and work in progress
Continous discovery of assets, identities, domains, hosts, IPs, URLs, ports
Network and web assets scanning based on offensive tools, same as used by red teams or attackers
Continous vulnerability management, triage, prioritisation, tracking and alerting
Risk assessment and mitigation tracking. WIP: AI assisted prioritisation and prediction
WIP: Web scan on GDPR, cookies, SSL non-conformance
WIP: Dark-web compromise identity and IP scanner
WIP: Cybersecurity policy pack compliant with recognised standards
Escalation, sharing, alerting, third-party vendor assessments
Solving the puzzle...
Our Journey and roadmap
2019-20 CyberGraph prototype developed, linking discovered Assets, Vulnerabilities and Vendors in a Graph DB. COVID-19 puts the project on hold, re-focusing us on Pentesting as a Service (Pentest.NZ), CyberAwareness Training (CyberScient.com), Threat Intel and Security Operations (MedITAdvisors.com).
2021-22 CISO360 concept and MVP developed. Beta version is used internally and with select partners to manage vulnerability assessments and pentests, vCISO GRC activities and prototyping initial automation and machine learning modules.
v1 "baby" AI
2022 Q4 - v1.0 "baby" AI and concept, colaboration with academia, early-stage investing rounds. Data aquisition, sampling and modeling to predict risks using a hush-hush AI and not too many ifs
v2 "teen" AI
2023 - v2.0 "teen" AI - learning the reality, through simulated games and stories and real-life incidents
v3 "mature" AI
2024-25 - v3.0 "mature" AI - autonomos vCISO
2025 - we discover we already live in a game and technology was never the problem...
We are the Borg
Lower your shields and surrender. We will add your technological distinctiveness to our own. Your culture will adapt to service us. Resistance is futile.
What's interesting about CISO360AI
The motivations, frustrations and changes we are focusing on.
Lowering the burden
Let's face it, big or small team, Governance, Compliance and Risk (GRC) is no fun, at best is an operational burden, usually a tick box exercise and at worst just a policy and prayer. How can we change the approach?
Never trust, always verify!... wishful thinking. What is my actual risk exposure and what risks are acceptable? (internal, third-party)
How can I engage my team, our vendors and clients to address shared cyber-risks?
Leveling the asymetric playing field
Reducing attacker advantages and defenders gaps. What are my significant vulnerabilities, as seen by attackers?
Resources and cost
GRC tools aim for large enterprises/teams and are costly. CISOs are a rare commodity at SME/MSP level. How can we leverage tech to give us an edge?
What are 20% of controls and actions that can cover 80% of my risks? What is my optimum plan? (for my size, obligations, budget, appetite, threat intel)
Frequently Asked Questions
(Cyber)Space, the final frontier. These are the voyages of the CISO360AI team. Its five-year mission: to explore strange new worlds.
Many say exploration is part of our destiny, but it’s actually our duty to future generations.
Can I try CISO360AI?
Absolutely, see call to action
Can I join CISO360AI
We dare you!
Stats... we are aiming for... ;)
$ saved loses