← Sycrion

About the founder

Built by a security engineer
who has been on both sides
of the questionnaire.

M

Miron Velkov

Founder · Security engineer · AppSec · EU

Application security engineer
EU data residency · Frankfurt
Passive external scan only
LinkedIn

I've written vendor security questionnaire responses at 11pm before a deal closes. And I've reviewed external posture data as part of procurement due diligence on incoming vendors. The same gap appeared every time: no clean, sourced, shareable evidence of external security posture.

Sycrion generates that evidence from the same public sources procurement already uses — and structures it into a format they actually read.

The scope is intentionally narrow. Passive external checks only — DNS, TLS, HTTP headers, certificate transparency logs, version banners, path responses, Shodan passive data, NVD references. No internal access. No credentials. No exploitation. What a reviewer sees from outside, organized and documented.

How people use it

Head of Sales · B2B SaaS · 60 employees

€180K deal, logistics firm. Procurement sent a 40-question security questionnaire Tuesday. Needed external posture evidence by Friday. Structured findings with source citations — put directly into the questionnaire response.

CTO · No CISO · Series A platform

First enterprise customer asked for TLS configuration, email authentication, and CVE exposure documentation. Had nothing ready. One scan, one PDF, sent directly to their security team.

Founder · Developer tools · First €200K deal

Didn't know what external signals procurement looks for until we saw our own result. DMARC absent, TLS 1.1 still active, nginx version visible in banners. Fixed all three before the security review call.

What Sycrion is — and is not

Is

  • Passive external assessment
  • Public signal aggregation
  • Evidence report for vendor reviews
  • Structured findings with source attribution
  • Support for questionnaire responses
  • Shareable PDF + verification link

Is not

  • Penetration test
  • Authenticated scanner
  • Compliance certification
  • SOC 2 / ISO 27001 audit
  • Full attack surface management
  • Internal control assessment

Contact

Questions about the product, scan methodology, or data handling — reach out directly.

hello@sycrion.com

Hosted in EU · Frankfurt, Germany · Data never leaves EU infrastructure