OALO Security provides penetration testing services to help businesses identify and fix security vulnerabilities in their websites, networks and applications.
What was the initial spark or idea that led you to start your business?
A friend who had set up their own company suggested I do the same. They talked about the freedom it offered and the control you could have over how things were done. It got me thinking about the changes I wanted to see in the industry and how I could do things differently. At the time I was exploring new opportunities in penetration testing and interviewing with several consultancies, but the idea of starting my own company stayed with me.
That same week I had a final interview with a consultancy. The discussion went well and there was interest on both sides. During the meeting I even mentioned that I was considering setting up on my own. Later that day they made a generous offer, and I took some time to consider it.
Ultimately, I called them back and thanked them for the opportunity, but I knew I would regret it if I didn’t try launching my own business. They understood and told me the door would always be open if I changed my mind.
Can you describe the moment when you realised this idea could become a reality?
While conducting a penetration test for a customer we discovered a critical issue. Although we were working in a development environment, we asked if the live application was configured similarly. They confirmed it was, so we offered to test the live version as well. Our suspicions were right, and the customer was able to fix the vulnerability in both environments. That experience of working collaboratively to address the issue showed me that OALO Security had real potential.
What problem did you see that your business could solve?
We often see clients being sold solutions they don’t really need. At OALO Security we’re committed to having open conversations to identify what clients truly require and then offer options tailored to those needs. We also aim to break down the adversarial relationship that can exist between penetration testers and developers. Developers sometimes see us as a threat as if we’re there to criticise their work. We want to work alongside them to confirm their security posture and where possible help them enhance it further.
Another issue is how companies handle staff who have “failed” – whether by clicking on a phishing link, writing vulnerable code or setting a weak password. Instead of punishment these employees should be educated and supported.
Did you have a “eureka” moment when everything just clicked?
Yes, it goes back to that moment with the client’s live application. We identified the issue together, communicated openly, and resolved it. It made me realise that there’s a real need for a company like ours – one that prioritises collaboration and continuous improvement over blame.
What advice would you give to others seeking their own “lightbulb moment”?
You never know when that moment will come. It can be intimidating and overwhelming at times but there’s a lot of support out there. Look for funding, networking events and communities of like-minded individuals who can help you find your path. Don’t give up. Take stock of what’s already available and think about what you can offer that will truly help people and set you apart.
What does the future hold?
We hope to keep growing both in terms of our team and our partnerships. I want us to continue helping companies show they value their users’ data and are proactive about securing it. Ultimately, I’d love to see a shift in mindset where developers and penetration testers collaborate more effectively to build secure applications.
See www.oalosecurity.com for more information.
