Oneleet Secures $33M to Revolutionize Security Compliance
▼ Summary
– Bryan Onel transformed his ethical hacking hobby into a professional career, conducting penetration tests for over 150 companies and discovering that many passed security checks despite vulnerabilities.
– He identified that companies often choose between painful but effective security or painless but ineffective measures, leading to minimal compliance and inadequate defenses.
– In 2022, Onel co-founded Oneleet, an all-in-one security compliance platform that helps companies achieve certifications and improve security faster through integrated tools like penetration testing and code scanning.
– Oneleet raised $33 million in Series A funding led by Dawn Capital to expand its team, enhance AI capabilities, and combat “compliance theatre” by providing genuine security.
– Onel emphasizes that AI is escalating cyberattack risks but can be responsibly used in security for threat modeling and policy drafting, with human oversight to prevent errors.
Bryan Onel grew up with a father who worked as a locksmith, a background that inspired him to view himself as a digital version of that trade. His early interest in ethical hacking evolved from a personal hobby into a professional focus after he studied artificial intelligence in college. Over the course of ten years, Onel conducted penetration tests for more than 150 organizations across various industries. He repeatedly found that even businesses that had passed their security audits remained surprisingly easy to breach.
He observed that security solutions typically fell into one of two categories: either they were effective but difficult to implement, or they were simple to use but offered little real protection. Many organizations, he noted, were doing just enough to meet basic cybersecurity and compliance requirements, largely because building strong defenses demands significant resources, specialized tools, and skilled personnel.
After fielding repeated requests from clients for a better approach, Onel decided to take action. In 2022, he joined forces with his wife Ora and a former college classmate, Erik Vogelzang, to launch Oneleet, a comprehensive security compliance platform. The company’s mission is to help other businesses achieve security certifications while genuinely strengthening their defenses in less time.
According to Onel, most compliance platforms on the market function primarily as evidence-collection systems. Users upload data from different software tools, pay a fee, and receive a certificate declaring them secure. He refers to this common outcome as “compliance theatre”, a situation where a company appears compliant on paper but remains exposed to a wide range of cyber threats.
Oneleet takes a different approach. The platform integrates a full suite of security tools, including penetration testing, code scanning, cloud data security, attack surface management, and security training. This gives businesses a clearer, more complete picture of their security posture. Because the system is built as an integrated solution from the start, Onel explains, clients can deploy comprehensive security measures with a single click. This integration saves hundreds of hours of manual work and eliminates the blind spots that come from using disconnected tools.
After implementing these measures, Oneleet works with independent auditors to conduct formal certification reviews.
Recently, the company announced it has secured $33 million in a Series A funding round led by Dawn Capital. Onel described the fundraising process as straightforward, noting that he met the Dawn Capital team in San Francisco and felt an immediate connection. The investors already possessed deep expertise in security and compliance, allowing them to quickly grasp the vision behind Oneleet.
Additional participants in the funding round include Y Combinator, Dropbox co-founder Arash Ferdowsi, and former Snowflake and ServiceNow CEO Frank Slootman. Oneleet previously took part in Y Combinator’s Summer 2022 cohort and now counts two-thirds of the accelerator’s newly added portfolio companies as its clients.
Competitors in the security compliance sector include Vanta, Secureframe, and Sprinto. Oneleet has reached $9 million in annual recurring revenue and has raised a total of $35 million to date.
The new capital will support the expansion of Oneleet’s engineering team, enhance its AI capabilities, and help the company reach a broader customer base. Onel emphasized that the goal is to put an end to security theatre, especially at a time when defending against cyberattacks has never been more critical.
He pointed out that AI is transforming the scale and nature of cyber threats. Sophisticated threat actors are now automating attacks, while also making it easier for less experienced hackers to launch damaging campaigns. At the same time, some companies are taking unnecessary risks, such as relying on unvetted AI coding tools or granting AI systems access to sensitive business data without adequate safeguards. In the compliance space, Onel warned, AI can even be used to fabricate documentation, creating a false impression of security.
Oneleet itself makes extensive use of AI, applying it behind the scenes for threat modeling, security assessments, and policy drafting. However, a human team always verifies the AI’s output to prevent inaccuracies or “hallucinations.” Onel stressed that the company takes a responsible approach to AI implementation.
He believes that effective security should operate invisibly in the background. Businesses should be able to focus on developing great products instead of constantly worrying about their defenses. With its integrated platform and new funding, Oneleet aims to give companies the tools they need to protect themselves more effectively than ever before.
(Source: TechCrunch)
