← All Builds DAY 4 OF 30

CompliancePulse

Cyber Security / MSP — Continuous Compliance · Docker MCP servers · Microsoft Graph (O365) · AWS Lambda · Postgres + pgvector · Claude Sonnet 4.5 + Haiku 4.5 via Bedrock · Cognito · Stripe · 80h build
LIVE https://cybersavi.com/compliance-pulse

Day 4 of 30

Back to the CyberSavi cluster. CompliancePulse is live — and unlike everything else launching this month, it’s already in revenue.

CompliancePulse is the spine of the CyberSavi MSP operating system. It calls out to and gathers from every other product in the family — pulls the gap inventory from SecureStackScan, fires training assignments into CyberSavi Academy, watches the dossier and perception signal off CyberSavIQ, syncs AI-policy posture to GovernAI — and turns all of it into one continuous-compliance posture per end-client tenant. Every other CyberSavi product is an arm. CompliancePulse is the body.

As of today, the MSP partners can enroll with us at cybersavi.com/compliance-pulse providing framework coverage across NIST 800-171, CMMC L2, SOC 2 CC, HIPAA and ISO 27001.

What it does

The vCISO economics problem in three sentences: an MSP can run a one-time security assessment for an SMB client in maybe 4 billable hours. Continuous compliance — the actual work that earns the vCISO retainer — is dozens of hours a month per client, most of it tedious, most of it not visible to the client until something breaks. At $99-199 per end-client per month, the MSP cannot afford to do it manually.

CompliancePulse is the operating layer that makes the $99-199/end-client/mo math work — and it makes it work across the family, not just inside one product.

What that looks like, concretely. CompliancePulse runs a Docker MCP server per client tenant, ingests Microsoft 365 / Google Workspace configuration, and watches for control drift in real time. When it sees something — a new external sharing rule, a deactivated MFA, an unmanaged device joining — it doesn’t just log it. It calls the rest of the OS:

  • Inbound from SecureStackScan: the original gap inventory and the as-built infrastructure diagram. CompliancePulse picks up where the assessment left off, with every finding already scored and explained.
  • Outbound to CyberSavi Academy: the user who failed the MFA gets the MFA training module assigned the same day. Training is a remediation action, not a calendar event.
  • Bidirectional with CyberSavIQ: dossier and LLM-perception signals on owners and key staff feed the personal-risk picture; CompliancePulse routes them into the same evidence package the auditor sees.
  • Outbound to GovernAI: every AI-policy violation lands in the same continuous-evidence stream as the SOC-2 / CMMC / HIPAA controls. One posture, one auditor view, one bill.

Per detection rule, the policy citation is published. Per cross-product hook, the contract is published. The MSP buys CompliancePulse once. Each end-client gets a tenant. The vCISO sees fifty clients in one dashboard, sorted by what’s broken right now — and can trace any flag back to its policy source in two clicks.

Why Day 4

Two reasons.

Already in revenue. Not “AWS Deployed with OU.” Not “Coded.” Revenue. Paying customers. Real channel partners running it on real client books. That’s a different Day-N story than the rest of the month. Days 1–3 framed the thesis (channel motion, autopilot economy, public build). Day 4 shows what the thesis looks like once it’s working in production with real money attached.

The marketing surface goes public today. CompliancePulse has been running under WinterMedia auth with a small set of MSP partners. As of this morning, cybersavi.com/compliance-pulse is open: framework coverage matrix, published pricing ($99–199 per end-client / month, on the page in dollars, no quote-request gate), the hub-and-spoke architecture, and an operator-side walkthrough. Cold-readers land on cybersavi.com; existing customers and partners sign in at pulse.cybersavi.com.

The Velocity Process notes

What Claude Code handled: the entire Docker MCP server architecture (one container per client tenant, isolation enforced at the network and IAM layer), the Microsoft Graph integration, the control-drift detection logic, the evidence-package generator, every line of the multi-tenant Postgres + pgvector schema, the Stripe per-end-client billing flow.

What required human judgement: the choice to use Docker MCP rather than a lambda-per-client architecture (more expensive, but the auditor-explainability of “your tenant runs in its own container with its own credentials” is the moat), the call to make every detection rule explainable down to the underlying policy citation (most competitors hide the rules; we publish them), and the decision to ship the Microsoft 365 connector first and Google Workspace second (60% of SMB tenants are M365-first, and shipping both at once would have meant neither was great).

What broke: the first version of the control-drift detector flagged every external-share-link change as a violation, including the legitimate ones the client had explicitly approved. The fix was a per-client allowlist with a rolling 90-day attestation expiry — when the auditor’s review window opens, the allowlist gets a fresh review automatically. ~3 hours of human design, 90 minutes of Claude Code implementation.

The CyberSavi family arc — and why CompliancePulse is the spine, not the second app

The first version of this week’s narrative read sequentially: assess, comply, train, extend, govern. That was wrong. The right way to read the CyberSavi family is hub-and-spoke.

  • Day 1: SecureStackScan finds the gaps in an SMB’s stack — and feeds them into CompliancePulse.
  • Day 4 (today): CompliancePulse is the operating system. It calls out to and gathers from the other four.
  • Day 5: CyberSavi Academy receives training assignments from CompliancePulse and reports completion back into the evidence stream.
  • Day 6: CyberSavIQ feeds personal/reputation signal on owners and key staff into CompliancePulse’s per-tenant risk picture.
  • Day 8: GovernAI receives AI-governance posture and policy hooks from CompliancePulse and writes back AI-control state to the same evidence package.

Same channel. Same buyer. One coherent operating system at per-end-client economics. By Day 8 the audience will have seen five ventures from one operator team — but they’ll also have seen the architecture that makes them one product, not five.

What’s next this week

  • Day 5 (Tue May 5): CyberSavi Academy — cybersaviacademy.com — training layer.
  • Day 6 (Wed May 6): CyberSavIQ — personal/reputation extension.
  • Day 7 (Thu May 7): Theme essay — EU AI Act 2026 / regulatory tailwind.
  • Day 8 (Fri May 8): GovernAI launch — closes the cluster.

Want to talk

If you run an MSP / vCISO / fractional CISO desk and want to evaluate CompliancePulse against your current stack — book 30 minutes. The product is in revenue and the channel intake is open.

Email signup on the home page is wired to GHL — no noise, just the build.

Live Product →