Skip to main content

About Cyentrix

Threat-informed cybersecurity assurance — built for the way real defence happens.

Cyentrix is a continuous assurance platform for CISOs, security leads, internal audit and GRC teams. The live threat feed maps emerging campaigns to MITRE ATT&CK TTPs, the controls that mitigate them, and the audit programs that prove whether you're exposed. Run an audit, score yourself, fix the gaps — and re-run when the threat evolves.

  • Threat-informed live feed → audits
  • ATT&CK-aligned TTP-mapped controls
  • Continuous re-run as threats evolve
  • Independent no vendor sponsorships
Analyze a threat Browse the library
68 Audit programs
593 Reusable controls
16 Quick assessments
12 Risk categories

The engine

Threat → TTP → Control → Audit → Score.

One workflow connects every part of the platform. A threat lands in the feed, gets mapped to MITRE ATT&CK TTPs and defensive controls, becomes a runnable audit program, and produces a risk score with a remediation register. Re-run when the threat evolves.

Live threat feed

Real breach reports, ransomware leak-site posts, initial-access broker sales and CVE disclosures — auto-rolled into canonical threat patterns. Each pattern stays current as new incidents matching it appear.

Browse threats →

Audit programs

Runnable, scored programs across 12 categories — Identity, Cloud, AppSec, OT/ICS, AI Security, Compliance. Assembled from your mapped controls or built by curators — fully deterministic, no AI black-box. Risks, controls, testing procedures and evidence templates included.

Browse programs →

Risk Dashboard

Aggregated view of every audit you've run — overall risk rating, top failed controls, threats with open gaps, due-soon retests. Built for continuous assurance, not point-in-time PDFs.

Open dashboard →

Pricing

Free to try. Professional to run continuous assurance.

Community is fully runnable — pick a threat, run the audit, get a score. Professional unlocks the operational tools you need when Cyentrix becomes part of your weekly workflow.

Community

$0/forever

  • Public threat feed
  • View threat → TTP → control mappings
  • Browse all public audit programs
  • Run 3 audits / month
  • Basic risk score on every run
  • No PDF exports
  • No custom programs or controls
Sign up free
Most popular

Professional

AED 107/month

≈ $29 USD · charged in AED · cancel any time

  • Everything in Community
  • Unlimited audit runs
  • Build custom audit programs
  • Add custom controls + testing procedures
  • PDF + Word exports on every run report
  • Risk Dashboard — gaps + retests
  • Individual use (team workspaces with MSSP tier)
See all plans →

All plans run on a deterministic rule-based engine. No AI black-box deciding which controls matter.

How we work

Editorial principles, not marketing slides.

Cybersecurity guidance is split between vendor white papers and 500-page frameworks. Cyentrix lives in the middle — practical, prioritised, tool-agnostic.

No vendor pay-to-play

When we recommend a tool, it's because we'd use it. We don't accept paid placements in programs, articles or assessments.

Plain language

Cyber jargon serves no one. If we use a technical term, we explain it. If we use an acronym, it's defined inline the first time.

Prioritisation over completeness

"Do these three things first" beats "here are 200 controls to consider." Every program leads with the controls that move risk the most.

Refreshed as threats evolve

Programs are versioned and re-issued. The AI Security category is the obvious example — but the same applies to cloud, IR and OT as the landscape shifts.

Open to feedback

Every program ships with a contact link. Spot a gap or a wrong call? Email us — we read everything, and corrections land in the next version.

Built from real incidents

The audit programs are written from years of incident response and security operations work — what we've actually seen go wrong, not what a framework says might.

Who's behind it

One operator. No team. No investors.

Cyentrix is run by Mustafa Ahmed — a cybersecurity practitioner with years inside threat intelligence, incident response and security operations at scale.

The site is independent and self-funded by Pro subscriptions. No outside investors, no vendor sponsorships, no growth team pushing engagement metrics.

Honest about the trade-off: small-team beats big-team for editorial focus, but it means no 24/7 support team. We answer email within a day or two.

Email Mustafa →
Founder note
"Most cybersecurity tools are either toys for hobbyists or quarter-million-dollar platforms for Fortune 500 companies. Cyentrix is for everyone in the middle — the IT director, the GRC manager, the consultant — who needs to actually run an audit, not just talk about one."
Mustafa Ahmed Founder · Cyentrix

For consultancies + MSSPs

If you're an audit firm or MSSP and want to use the Cyentrix library across client engagements — with branded reports, multi-client workspaces and a white-label flow — email us with team size + use case. We'll send a quote. No sales sequence; one email, one reply.

Email about white-label →