Bryan Onel’s father was a locksmith, and Onel describes himself as the digital equivalent. His hobby growing up was ethical hacking. He studied artificial intelligence at university and later turned that hobby into his profession. He spent a decade performing penetration tests for more than 150 companies across all sectors. During that time, he kept easily breaking into companies that had already passed their security checks.
Onel realized that security often fell into two categories: painful but effective, or painless but ineffective. He observed that most companies were doing the bare minimum in cybersecurity and compliance because it often requires too much work, along with the right tools and talent, to provide effective security defenses.
His clients repeatedly asked if he could provide a solution to their problems, so he decided to try. In 2022, he teamed up with his wife, Ora, and a college friend, Erik Vogelzang, to launch Oneleet. The startup is an all-in-one security compliance platform that aims to help companies obtain their security certifications while also helping them become more secure, faster.
Onel explains that most existing compliance platforms are essentially evidence-collection tools. Users import data from their various products, pay a fee, and then receive a security certificate stating they are secure. He calls the result compliance theatre, where a company is certified on paper but remains vulnerable.
Oneleet is different. The platform includes a suite of security tools such as penetration testing, code scanning, cloud data security, attack surface management, and security training. This provides a better window into a company’s security defenses. Because it is integrated from the ground up, Oneleet can deploy comprehensive security with the click of a button. This saves clients hundreds of hours and eliminates the blind spots that come from managing fragmented tools. Oneleet then partners with independent auditors to provide formal certification reviews.
Recently, Oneleet announced it raised a thirty-three million dollar Series A funding round led by Dawn Capital to help grow the business. Onel described his fundraising process as straightforward. He met Dawn Capital in San Francisco and described an immediate chemistry. He said they already had deep knowledge of the security and compliance space and immediately understood what Oneleet was building, so there was instant alignment.
Other investors in the round include Y Combinator, Dropbox co-founder Arash Ferdowsi, and former Snowflake and ServiceNow chief executive Frank Slootman. Oneleet participated in the Spring 2022 class of Y Combinator, and now two-thirds of the venture firm’s portfolio companies are its clients.
Competitors in this space include Vanta, Secureframe, and Sprinto. Oneleet has reached three million dollars in annual recurring revenue and has raised thirty-four million dollars in total to date. The new cash will be used to expand the engineering team, increase its artificial intelligence capabilities, and find ways to reach more customers. The goal is to end security theatre in compliance at a time when defending against cyberattacks is more important than ever.
Onel stated that artificial intelligence is changing the scale of cyberattacks. He explained that advanced bad actors are automating cyber crimes, which also lowers the bar for novice hackers to launch malicious attacks. He also said companies are being reckless, for example by carelessly using vibe coding tools or giving AI access to business-critical information without the right guardrails. In the world of compliance, companies can use AI to generate fake documentation to make it seem as if the business is more secure than it actually is.
Onel says his company heavily uses AI, which works in the background for threat modeling and other security assessments, and also helps draft policies. However, a human team verifies all information to ensure the client does not see any AI hallucinations. He stated they are responsible about its use.
Onel concluded that good security should be invisible. Companies should spend less time worrying about security and more time building great products. He believes Oneleet has a shot at helping companies defend themselves more effectively than ever before.