Every great company begins with a story, and OnSecurity is no exception. Behind the innovation and success of OnSecurity stands a team of passionate founders who envisioned a better way to tackle offensive cybersecurity and pentesting challenges.
Today, I’m sitting down with Dave Hewson, one of OnSecurity's co-founders, to discuss his journey- from early interests in technology to the creation of a company that’s reshaping the cybersecurity landscape.
Introducing OnSecurity’s CCO
Dave Hewson is one of OnSecurity’s four founders, entitled CCO at the company. He graduated from the University of Plymouth with a BSc in computer science, however initially always dreamed of being a pilot. “I quickly found out that becoming one was both ridiculously expensive and fiercely competitive. I applied for a fully funded place at British Airways’ cadet training program but didn't get in. Harsh reality check incoming!”
With Dave’s dreams of being a high-flying airline captain temporarily grounded, he instead launched into a career in tech. “I started at a system integration and testing consultancy in the late '90s, where I got hands-on experience with software development, systems administration, and non-functional testing.” He shares. “My interest in hacking and security started long before my working life, but my early career experience reinforced my path, right in the midst of the dot-com boom.”
Outside of work, Dave leads a busy and dynamic lifestyle. He plays competitive tennis, surfs- “long board, none of that shortboard nonsense”- and enjoys going off-piste while ski touring.
“As I mentioned, I did eventually get my pilot's license and held it for many years—so at least I got to scratch that itch.” Dave says, laughing. “Oh, and in case you thought my hobbies were too conventional, I’m also a closet magician and currently trying to master juggling four balls. Progress is… slow.”
Have you always had a passion for tech?
Whether forged from personal or formal learning, most of the OnSecurity team hold some kind of passion for tech- which is why our employees resonate so authentically with our company mission.
Dave says he too has always been incredibly passionate about technology, with a rich history of coding. “I’ve always been a tech geek. My first computer was an Amstrad CPC464, followed by a Commodore Amiga 500, and that’s where my interest in coding and security took off. For those who remember, The Jolly Roger’s Cookbook was my first foray into hacking, phone phreaking, and breaking stuff… for educational purposes, of course!”
He expresses how he was fascinated by how systems could be manipulated- not just for mischief but to push boundaries and make things more secure. On inspirations, one notably sprang to mind: “One of my biggest inspirations was 2600: The Hacker Quarterly, an American magazine that was like a goldmine of underground tech knowledge. Every issue was filled with security research, tricks, and insights.”
“I still remember the first time I got a remote shell on a system—the adrenaline rush, the thrill, the instant realisation that I should probably be very careful with what I was doing. It was like unlocking a secret level in a video game. I was about to break into my new career. Pun intended.”
At what point did you and the fellow founders begin to align your focus on OnSecurity?
Dave met Conor, OnSecurity’s CEO, and Adam, the COO, while working on a significant pentesting project in Saudi Arabia. They were part of a team of contract penetration testers working for McAfee Foundstone.
“Since there wasn’t much to do in the desert during downtime (unless you had a strong interest in sand), we spent a lot of time talking about the security industry—how it was kind of broken and how we could fix it. Tom- the CTO- joined the team shortly afterward, and since we needed someone to actually build our vision into a platform, it all came together.”
Their vision was to revolutionise the management and delivery of pentesting, disgruntled by how the traditional penetration testing process hadn’t changed in 20 years. “It was still seen as some dark art performed by hoodie-wearing hackers who only surfaced at night and were notorious introverts.”
Dave recalls how the traditional approach doesn’t lend itself to how companies operate today. Lengthy email and document exchanges for scoping, lack of communication with pen-testers, bloated quotes with zero transparency, and a 50-page PDF report delivered two weeks after the test that was subsequently butchered and distributed internally. “The whole process was broken, and we knew we could make it better.” He says.
“At first, OnSecurity felt like a pipe dream. We all had successful contract careers, and making the jump to build something from scratch was daunting. But the more we talked about it, the more we realised there was a massive opportunity and we had to give it a shot.”
If you could go back in time and tell yourself how OnSecurity would develop as a company, what do you think past you would say?
Dave takes a minute to think. “Past me would probably say, ‘That sounds awesome, but also like a massive challenge.’ And he wouldn’t be wrong.”
“Bootstrapping a company is tough—really tough. When founders say it’s hard, they aren’t exaggerating. It’s a rollercoaster. The highs are incredible, and the lows… well, let’s just say they test your patience, your sanity, and your caffeine tolerance.” Dave recalls when- in OnSecurity’s inception- the team was a mere few members, grinding long hours to get the first version of the platform out to early adopters. “Persistence,” he says- “and an unhealthy amount of coffee, paid off. We doubled revenue year on year, reinvested in the business, and built an incredible team—many of whom are still with us today.”
It’s affirming to hear that hard work pays off. I can’t help but wonder, after years of such hard-won progress and change, is there anything that has particularly stood out?
“Yes- securing our first round of investment last year was a pivotal moment. The process was long, stressful, and eye-opening, but having external investors believe in our vision and back us was humbling. It allowed us to double our team size, make key hires, and restructure the company for the next phase of growth. Exciting times ahead.”
You and the fellow founders know OnSecurity’s mission better than anybody. What is it that makes us stand out from competitors?
“What makes OnSecurity unique? Well, for starters, we took a process that was stuck in the dark ages and brought it into the modern era.” Dave says proudly. With such a rich tapestry of experience navigating the cybersecurity industry, he is all too familiar with the pains of traditional pentesting.
“Our platform streamlines everything—no more back-and-forth email chains, no more bloated quotes, no more painful procurement processes. Customers get instant, accurate estimates with transparent pricing and flexible payment options. Testing is dynamic, findings are reported in real-time, and our clients can interact directly with testers during engagements. That means no more waiting weeks for a PDF report that is out of date and difficult to action.”
“That sounded like a sales pitch. It wasn’t supposed to be. Sorry.”
Do you have any advice for those just emerging into the tech industry?
Here are a few things Dave says he wishes he knew early on:
“Get hands-on experience”
Certifications and degrees are great, but nothing beats real-world experience. Play with bug bounty programs, capture-the-flag challenges, contribute to open-source projects, or build your own security tools.
“Network”
Join forums, attend conferences, and connect with others in the industry. OWASP meetups and BSides events are goldmines for networking and learning.
“Find your niche”
Cybersecurity is broad—offensive security, defensive security, cloud, forensics, malware analysis… Get exposure to different areas and figure out what excites you. Then, double down and become an expert.
“Just start”
Seriously. The industry needs more skilled professionals, and there’s no better time to jump in than right now. Don’t wait for the right time. Just start.
Dave shares a few final, and inspiring, words for anyone looking to flourish in the industry. “The best advice I can give? Stay curious and never stop learning. Tech, and cybersecurity in particular, moves at lightning speed. Those who stay ahead are the ones who keep up with trends and adapt.”
To learn more about the OnSecurity journey and see just how much we’ve grown as a company, visit our About Us page.
