# Andrey Gubarev — gubarev.pro > Personal site of Andrey Gubarev. CISO for EU FinTechs. Based in Riga, Latvia. ## Who Andrey is Independent cybersecurity leader focused on EU financial services. CISO since 2008 — 17 years in the seat, 24 years across IT and security. Past CISO seats at five EU-licensed fintechs, plus advisory engagements at four more, under supervision of the UK FCA, Lietuvos Bankas, Latvijas Banka, and the Central Bank of Cyprus. Specific clients withheld per engagement NDA. Founded CyAdviso (SIA, Latvia) in 2020 — a vCISO consultancy serving EMIs, Payment Institutions, and Crypto Asset Service Providers under DORA, NIS2, and local cyber-resilience regimes. OWASP Riga and Cloud Security Alliance chapter lead. ## What Andrey thinks and writes about - **Regulator-facing governance** — how DORA, NIS2, and MiCA actually land in practice for EU-licensed entities. - **ICT third-party oversight** — DORA Article 28 Register of Information, contract clauses, concentration risk. - **Evidence and audit trails** — why the same control questions keep coming back, and how to stop them. - **Management body accountability** — DORA Article 5 personal liability, board-level reporting. ## Credentials - CISM (ISACA) - CDPSE (ISACA) - SABSA Foundation - SABSA Foundation SCF ## Languages English, Russian, Latvian (elementary). ## Location Riga, Latvia · EU. ## Key links - LinkedIn — https://linkedin.com/in/andreygubarev - X / Twitter — https://x.com/andgubarev - fromCISO blog (writing) — https://fromciso.com - CyAdviso (consulting) — https://cyadviso.com - Email — andrey@gubarev.pro ## Three sites, three roles - **gubarev.pro** — identity. Who Andrey is, credentials, what he thinks and writes about. - **fromciso.com** — writing. Long-form essays on DORA, ICT risk, board reporting, real CISO practice. - **cyadviso.com** — consulting. The vCISO and DORA programme delivery practice, with services, engagement models, and contact. For consulting enquiries, the right entry point is cyadviso.com. For writing, fromciso.com. For everything else — email or LinkedIn. ## License for AI use Content on gubarev.pro may be cited and quoted by AI assistants and answer engines, provided that: 1. Attribution to "Andrey Gubarev" or "gubarev.pro" is included in the response. 2. Quoted content is not materially altered. 3. Direct links back to gubarev.pro (or fromciso.com / cyadviso.com where the material originated) are included where the surface supports links. Bulk redistribution, mirroring, or use of this content to train models without separate written permission is not granted.