About us

We're a pen-testing company founded by pen-testers

The model was broken

The idea came to us while working on a long project in the Middle East. As self-confessed ‘nerds’ our conversations always came back to problems with the Pen-testing industry. As we talked, the same fundamental problems kept coming up; antiquated engagement processes, cumbersome scheduling, long waits for even longer reports, and above all, terrible value-for-money.

The model was broken.

So, with time on our hands, we plotted a way to fix it. We would cut out the costly overhead of the middleman and allow clients to work flexibly with experienced, quality-assured pen-testers who wouldn’t cost the earth . We knew that without the financial pressure to cram tests into a couple of days, clients and pen-testers could work together over a longer period to achieve a much deeper level of security.

We built the client interface, recruited freelancers we respected, pitched to our first client and haven't looked back...

Dave Hewson

Co-Founder & CEO

Dave has more than 10 years experience in the IT Security industry. Prior to this he held a variety of technical consultancy roles including software development and load & performance testing.

As a result, Dave has a unique understanding of many applications, languages, platforms and technologies which allows him to perform more thorough penetration tests.

Adam Luxford

Co-Founder & COO

Adam has a wealth of experience and expertise gained in over 15 years at all levels of the IT Security Assessment industry. He started out in the Ministry of Defence where he helped establish the MoD’s new Defensive Information Operations Branch.

In 2004 he was accredited as a CESG CHECK Team Leader - the UK's most highly-regarded qualification for a penetration tester and delivered over 300 CESG CHECK IT security health checks for private sector clients.

Conor O'Neill

Co-Founder & Product development

Conor has worked in in IT-security for over ten years. His past experience includes working as a web application and network infrastructure penetration tester at McAfee and Portcullis.

He has held roles as an Incident Response analyst with Barclays, and as an IT security consultant and forensics analyst with Rits Information Security.

Tom Lindley


Tom has been working as a professional web developer for 9 years, with 3 of those spent in the IT Security industry.

He is an experienced developer having worked in both consultancy and development roles. His long term interest led him to the IT Security industry and he's not planning on leaving any time soon.

Gerard O'Donnell


Gerard's background is in Marketing. He has worked in the Financial services, Media and the charity sectors. He has experience in creating engaging communications campaigns for corporate audiences.

He's passionate about creating practical tools that help business to change their behaviour.

We’re Hiring!

We’re always looking for talented penetration testers to join our panel.

So if you’ve got an industry standard qualification (CREST, TigerScheme, OSCP) and five years experience send a CV to: contact@onsecurity.co

Contact us

Get started now

Send us your email and we'll be in touch soon.