Oneleet is the full-stack cybersecurity platform that makes effective cybersecurity easy and painless. We help businesses stay secure so that they can focus on providing value to their customers.
External link for Oneleet
Atlanta, US
Congratulations Mamal Amini on becoming SOC 2 compliant! It is always a pleasure to work with fellow YC companies, but especially with founders that are security minded like you. Looking forward to upping your security game even more next year! 💪
Exciting news from us! We're now SOC 2 Type II compliant! #GenAI today just like internet decades ago - incredibly powerful, yet we're all responsible to safeguard data with tight security measures.
We're #hiring a new Business Operations Internship in United States. Apply today or share this post with your network.
We're #hiring a new Security Program Engineer in United States. Apply today or share this post with your network.
Oneleet reposted this
Sales for early-stage founders - Pt I Hey there! I'm writing this series for early-stage founders who find sales difficult, because I used to be one of them. Before starting Oneleet, I believed sales required being a slick extrovert with a polished bag of tricks, ready to counter any objection with a clever retort. As if there was a Jedi mind trick that could magically convince people they needed your product, doing a complete 180 from their initial stance. But the reality is different. The truth is this: If you find something you truly care about, and it benefits others, sales is simply talking passionately about why you love what you're building and doing. Often, it's a candid back-and-forth where the frustrations you express resonate so strongly that you'll be interrupted with something like, "YES! That's exactly how I feel! This thing X sucks, and I never understood why nobody was doing anything about it!" Now, I'm no sales guru with vast experience selling across industries and company sizes. Cold calling terrifies me. Cold emailing leaves me staring at a blank canvas for an hour. All the sales I do is through inbound after telling the world what we do and why we do it. I mostly just know how to sell what we built at Oneleet, and I know how to sell it well. Of course, this wouldn't be possible if the product was terrible. I think the first 50% required to do well is to have something people want. The rest is just being passionate about it. And it's working. In just 10 months, we went from $100k to $1.6M in ARR, with a close rate over 60% and $0 spent on sales and marketing. Word of mouth is our primary driver, and we frequently get inbound interest from companies that heard it's great to work with us. People have even told me, "I didn't expect this call to be this much fun!" and "This is genuinely one of the best sales calls I've ever been in." Over the next few weeks, I'll share some of the non-obvious lessons I've learned these past two years selling for Oneleet. The stuff nobody ever told me about, and no book mentioned. Here's a sneak peek of what's to come: - Being genuinely helpful, regardless of whether they buy from you - Making a real connection by sharing founder experiences and showing interest - Why being authentic, even if imperfect, is crucial in sales - Being a teacher and guide, making it easy for prospects to understand the landscape - Sharing your story and explaining why the problem matters to you - Ditching the script for more engaging conversations and insights - Using sales calls as product discovery interviews to learn what your users care about - Being comfortable telling clients it's not a good fit to build trust So stay tuned, and get ready for some raw, unfiltered insights from the front lines of startup sales. It might not always be pretty, but it'll be real.
What do you get when you mix a decade of cybersecurity experience with a knack for explaining complex concepts and a sincere drive to help people? This guy: Reach out to him. He's a great resource and willing to help however he can!
As an early-stage startup, expect to spend ~40-60 hours preparing for a SOC 2 audit. Here's the breakdown: ~ 1/3 - Technical Implementation This requires integration of your startup's technical systems to monitor. For example, if you run AWS, the monitors will make sure you have set it up securely - a process we guide you through from Day 1. Our security engineers will create a custom compliance program that aligns with your business needs and will suggest additional tools to help strengthen your security. Once the correct systems are set up, our platform monitors will run and alert you when they pass or fail. If any failures do occur, don’t worry, we give you detailed feedback to help you understand why and instructions on how to fix them. ~ 1/3 - Policies Policies serve as written guidelines for securely conducting business and prove your commitment to following the best security practices. Writing policies is a major pain in the butt and doesn't follow a one-size-fits-all template - a common misstep that leaves you with policies that don’t make sense, are not consumable, and are not understood by anyone, including you. That is why we help startups write them. ~ 1/3 - Procedures Within your startup, you have to implement certain procedures to make sure you remain secure. A few examples include offboarding employees, granting access to employees for specific services, or whether infrastructure changes require approval. Even if you are an early-stage startup with just 2 founders, setting this up right will save you a lot of time later on when your company grows. I'm here to help if you have questions about the SOC 2 audit process. Happy to walk through your current practices and share tips on how to get your startup set up for success.
Alexandra Marte, Roman Scher, Mohammed Nafees: Bryan Onel staying up late to crank out one last meme for the Slack channel:
Going through photos from the last team offsite and came across this gem. I couldn't resist 😂
Wise words from a wise man. Each call with Founder & CEO, Bryan Onel is packed with information specifically tailored to help make your company more secure.
The SOC 2 framework is flexible, not one-size-fits-all. Why is this important? Because every business has their own security needs that are shaped by factors like market, industry, size, etc. How does this benefit you? The SOC 2 framework is descriptive not prescriptive. This means every business has the flexibility to follow a security program that actually makes them secure. Otherwise, you'll end up wasting time checking meaningless boxes that don't actually help your business. It's the sole reason we kick off with an hour long call instead of asking you to fill out a form. Calls provide context into who you are and how you want to grow the business that a form misses. We have the opportunity to learn about your business and ask questions before building a program. A form will simply spit out whatever it thinks is the best fit based on the information it's given. Reach out if you want some human advice. We're happy to spend some time outlining a program with you. In the meantime, here's a clip from one of our sales calls to give you an idea of how we go about working with companies.
Attention all startup founders. Don't Google or ChatGPT your security questions - Ask Bryan Onel. Even if you're not ready to move on compliance or using another vendor. He just cares about security and making sure you understand it.
I'm getting a quite a few questions from founders about whether to do SOC 2 type 1 or type 2. This is what I tell them: Type 1 - If you are in a hurry and a potential customer demands SOC 2 compliance (type 1 only), you should be able to get it done with 40-60 hours of work and close that deal asap. - Easier lift because it doesn’t require an observation period. Type 2 - Most companies prefer a type 2 report as it demonstrates a more robust compliance program. - If you primarily target enterprise customers or companies operating in more regulated industries, such as fintech or healthtech (HIPAA should also be considered for healthtech) - If your customers have larger security teams, they will often require type 2 because they want to ensure that what you've implemented is consistently adhered to over time. If you're unsure, don't hesitate to reach out. We're happy to help you figure out which is most suitable. A safe option might be to opt for a type 2 and If a customer requires a type 1, just have an audit performed within your observation period (all controls should already be passing), and achieving type 1 compliance should be no problem.