Bryan Onel’s journey into cybersecurity began in a fitting place — his father was a locksmith, and Bryan often jokes that he became the digital version of one.
Growing up, ethical hacking was more than just a curiosity for him — it was a passion. After studying artificial intelligence at university, he turned that hobby into a career, spending nearly a decade performing penetration tests for more than 150 companies across different industries.
But something didn’t add up. As Onel told TechCrunch, he kept breaking into companies that had already passed their official security audits. That experience led him to a stark realization:
“Security usually falls into two categories — painful but effective, or painless but ineffective.”
Most organizations, he noticed, chose the latter. True security required too much time, money, and specialized talent — so companies often settled for doing the bare minimum to stay compliant on paper.
When his clients began asking if he could build something better, Onel decided to try.
In 2022, he teamed up with his wife Ora and longtime college friend Erik Vogelzang to launch Oneleet, an all-in-one security and compliance platform that helps businesses achieve certifications and strengthen their defenses at the same time.
According to Onel, most compliance platforms today are little more than evidence-collection tools — users upload some data, pay a fee, and get a shiny certificate declaring them “secure.”
“The result,” Onel says, “is compliance theater — you’re certified on paper but still wide open to attacks.”
How Oneleet Stands Apart
Unlike traditional compliance platforms, Oneleet offers a fully integrated suite of security tools — including penetration testing, code scanning, cloud data protection, attack surface monitoring, and security training — giving companies a real-time view of their security posture.
“Because it’s integrated from the ground up, we can deploy comprehensive security with the click of a button,” Onel explained. “That saves clients hundreds of hours and removes the blind spots that come from juggling fragmented tools.”
To complete the process, Oneleet also partners with independent auditors to conduct formal certification reviews, ensuring both compliance and genuine security alignment.
Backed by Major Investors
On Thursday, the company announced a $33 million Series A funding round led by Dawn Capital to accelerate its growth and expand its platform.
Onel described the fundraising process as “straightforward,” noting that he met the Dawn Capital team in San Francisco and felt an instant connection.
“They already had deep expertise in security and compliance and immediately understood what we were building at Oneleet,” said Onel. “There was instant alignment.”
Other participants in the round include Y Combinator, Dropbox co-founder Arash Ferdowsi, and former Snowflake and ServiceNow CEO Frank Slootman.
Oneleet was part of Y Combinator’s Summer 2022 batch and now counts roughly two-thirds of new YC portfolio companies among its customers — a clear sign that Oneleet’s approach is gaining real traction in the fast-evolving world of security compliance.
According to Onel, AI plays a major role in how Oneleet operates behind the scenes. The platform uses AI for threat modeling, security assessments, and even to draft security policies. However, he emphasizes that there’s always a human review layer to ensure accuracy and eliminate AI “hallucinations.”
“We’re responsible about it,” Onel said. “AI helps us scale and automate, but we never let it replace human oversight.”
He added that the ultimate goal is for security to fade into the background — seamless, efficient, and reliable.
“Good security should be invisible,” Onel explained. “Companies should spend less time worrying about security and more time building great products. We have a real shot at helping them defend themselves more effectively than ever before.”
Social Plugin