oneleet Raises $33M to Revolutionize Security Compliance

From Locksmith’s Son to Cybersecurity Innovator: The Story of Oneleet

Bryan Onel’s father practiced the trade of a locksmith. Interestingly, Onel positions himself as the equivalent professional within the digital realm.

Early Passion for Ethical Hacking

From a young age, Onel pursued ethical hacking as a personal interest. He furthered his education with a degree in Artificial Intelligence, subsequently transforming this hobby into a full-time career. “I dedicated ten years to conducting penetration tests for over 150 organizations spanning diverse industries,” Onel shared with TechCrunch, noting a recurring pattern of easily breaching companies that had already passed security evaluations.

The Cybersecurity Gap

Onel observed that security measures frequently fell into one of two categories: either intensely effective but burdensome, or superficially painless but ultimately ineffective. A significant number of businesses were found to be implementing only the minimum cybersecurity and compliance requirements. This was often due to the substantial effort—and the necessary tools and skilled personnel—required to establish robust security defenses.

Responding to Client Needs

Repeatedly, Onel’s clients requested a comprehensive solution to their security challenges, prompting him to develop one.

The Launch of Oneleet

In 2022, Onel collaborated with his wife, Ora, and former college classmate Erik Vogelzang to establish Oneleet, a unified security compliance platform. The startup’s objective is to assist organizations in achieving security certifications while simultaneously enhancing their security posture at an accelerated pace.

Beyond Simple Certification

Onel explained to TechCrunch that many current compliance platforms primarily function as evidence-gathering tools. Users upload data from their existing systems, pay a fee, and receive a security certificate indicating they are secure.

The Problem with “Compliance Theater”

“This often results in what we call ‘compliance theater’,” Onel stated to TechCrunch. “Organizations may be certified on paper, yet remain susceptible to various attacks.”

Oneleet’s Integrated Approach

Onel asserts that Oneleet distinguishes itself through its integrated platform. It incorporates a range of security tools, including penetration testing, code scanning, cloud data security, attack surface management, and security training. This holistic approach aims to provide a more thorough assessment of a company’s security defenses.

“Due to its foundational integration, we can implement comprehensive security with a single click,” Onel elaborated. “This saves clients considerable time and eliminates the blind spots inherent in managing disparate tools.”

Oneleet also collaborates with independent auditors to facilitate formal certification reviews.

Series A Funding

On Thursday, Oneleet announced the successful completion of a $33 million Series A funding round, spearheaded by Dawn Capital, to support the company’s growth initiatives. Onel characterized the fundraising process as “straightforward,” recounting a meeting with Dawn Capital in San Francisco where an “immediate chemistry” was established.

“They possessed a strong understanding of the security and compliance landscape and quickly grasped our vision for Oneleet, leading to instant alignment,” Onel said.

Key Investors

Additional investors in this round include Y Combinator, Dropbox co-founder Arash Ferdowsi, and former Snowflake and ServiceNow CEO Frank Slootman. Oneleet was a participant in the Summer 2022 cohort of Y Combinator, and currently, two-thirds of the VC firm’s portfolio companies are utilizing its services.

Competitive Landscape

Key competitors in the market include Vanta, Secureframe, and Sprinto. Currently, Oneleet has achieved $9 million in annual recurring revenue and has secured a total of $35 million in funding.

Future Plans

The newly acquired funds will be allocated to expanding Oneleet’s engineering team, enhancing its AI capabilities, and broadening its customer reach. The ultimate goal is to eliminate superficial compliance and strengthen cybersecurity defenses in an era where protection against cyberattacks is paramount.

The Evolving Threat Landscape

Onel emphasized that AI is fundamentally altering the scale of cyberattacks. He cited examples of sophisticated actors automating cybercrimes and lowering the barrier to entry for novice hackers to launch malicious attacks.

Risks and Misuse of AI

He also cautioned against reckless practices, such as the careless use of “vibe coding” tools or granting AI access to critical business information without adequate safeguards. Within the realm of compliance, Onel noted the potential for companies to leverage AI to fabricate documentation, creating a false impression of security.

Responsible AI Implementation

Onel stated that his company utilizes AI extensively, employing it in the background for threat modeling and other security assessments, as well as assisting in policy drafting. However, he stressed that a human team verifies all information to prevent the dissemination of inaccurate or misleading results. “We approach this responsibly,” he affirmed.

“Effective security should be seamless,” Onel concluded. “Companies should dedicate less effort to security concerns and more to developing exceptional products. We are positioned to help organizations defend themselves more effectively than ever before.”

This story was updated to correct inaccuracies regarding ARR.