Mission fit
The organization should be clearly serving the public good, civil society, community resilience, education, care, or another mission where technical failure has outsized consequences.
Community Program
Cynaxus reserves a meaningful share of its calendar each year for pro-bono and reduced-fee work with mission-driven organizations. This is not symbolic volunteering. It is real cybersecurity, infrastructure, resilience, and AI-governance help for teams doing public-good work under real budget pressure.
Why this exists
The organizations most likely to serve vulnerable populations, critical local services, civic participation, or public-interest missions are often the least able to afford senior technical counsel. They still hold sensitive data. They still depend on cloud platforms, identity systems, endpoints, and vendors. They still get phished, ransomed, and audited.
Community exists because writing a check is not our highest-value contribution. Our highest-value contribution is experienced operators doing the work: stabilizing exposed systems, hardening weak processes, guiding leadership through ugly decisions, and leaving behind something the organization can actually sustain.
We prioritize work where a targeted intervention can materially improve resilience: an under-resourced nonprofit needing a security baseline, a civic-tech team handling sensitive information, a school-adjacent program facing vendor risk, or a community institution hit by an incident without a bench to respond.
How the Program Works
The Community program is intentionally structured around focused engagements. We look for work that can create a measurable improvement in resilience, decision quality, or operational control without creating a long dependency the organization cannot sustain.
Organizations We Prioritize
Capabilities We Apply
The goal is not to create dependence on us. The goal is to move an organization from exposed and undersupported to materially more resilient, with documentation and decisions it can keep using after the engagement ends.
What We Can Do
Targeted cybersecurity assessments, control reviews, and pragmatic risk prioritization for organizations that need to know what matters first.
Playbooks, response planning, tabletop support, and decision guidance so a small team is not improvising during its worst day.
Post-incident guidance, backup and restore posture review, and operational triage for teams trying to recover from disorder quickly.
Plain-English guidance for executive directors, boards, and program leaders making technical decisions without deep in-house bench strength.
Practical guardrails for mission teams experimenting with AI tools while trying to protect sensitive data, public trust, and legal obligations.
Independent judgment on tools, vendors, and managed-service relationships when an organization needs clarity before it signs or renews.
Selection Principles
The organization should be clearly serving the public good, civil society, community resilience, education, care, or another mission where technical failure has outsized consequences.
We are not optimizing for visibility. We prioritize real operational need, especially where sensitive systems or sensitive populations are involved.
The work should have a realistic path to improving security, continuity, governance, or leadership decision-making in a way the organization can keep using.
We only accept work we can staff to standard. If a need is urgent but outside our capacity, we will say so plainly and try to point the team in a useful direction.
Community vs. Lighthouse
Community
Best when the need is mission-driven, capacity is thin, and a focused intervention can materially improve resilience. Capacity is limited and evaluated case by case.
Lighthouse
Best when the organization fits Lighthouse criteria and needs budget-conscious senior counsel with clearer service lanes, scoped deliverables, and a more repeatable operating model.
Learn about Lighthouse →Tell us what the organization does, where it is exposed, and why Cynaxus would be useful. We accept only a limited number of Community engagements each year, but we review every serious request.