BREAKING
PlainID Series C: $75M, led by Insight Partners, Dec 2021 Total funding to date: ~$100M Co-founders: Oren Ohayon Harel, Gal Helemski, Dmitry Tuchinsky HQ: Tel Aviv-Yafo, 94 Yigal Alon Street OEM partner: SAP PBAC: Policy Based Access Control Prior role: Deputy CISO, Bank Hapoalim Alma mater: Ariel University
The Profile · Vol. I · Cybersecurity

Oren Ohayon Harel

The co-founder who spent a decade watching identity governance rot inside an Israeli bank, then left to build a policy engine for everything that comes after login.

Oren Ohayon Harel
THE FRAME. A founder who prefers the word "authorization" to "identity," photographed in the flat, unglamorous light of enterprise software. He picked the boring half of the acronym on purpose.
§ 01

The Lede

Oren Ohayon Harel runs a company whose product decides, four million times a month, whether some employee, contractor, API call, microservice, or - lately - LLM agent is allowed to touch a given piece of data. This is not a job people write magazine profiles about. It is also, if you squint, the actual plumbing of zero trust: the part that happens after the login prompt goes away and the interesting question begins.

PlainID, which Harel co-founded in Tel Aviv in 2014 with Gal Helemski and Dmitry Tuchinsky, sells what the identity industry calls policy-based access control, or PBAC. In December 2021, Insight Partners led a $75 million Series C. Total funding sits near $100 million. The company employs roughly 95 people across Israel and New York, has an OEM deal with SAP, and now positions the same policy engine as the enforcement layer for AI agents - a use case that did not exist when the company was founded but that reads, in hindsight, like the point.

$100M
Total Funding
2014
Company Founded
95+
Employees
3
Co-Founders
§ 02

Who He Is Now

Harel is 32 in the last dossier that bothered to list an age, which means he founded PlainID in his early twenties, which means someone at Bank Hapoalim let a very young engineer sit in the Deputy CISO chair, which tells you something about the reputation he had already built by then. He came up on mainframes at Bezeq, moved into security consulting at Taldor, and then to Bank Hapoalim, where he ran cross-organizational security projects at the sort of scale where you learn, quickly, that the hard part of identity is not who somebody is. It is what they are permitted to do once you have decided.

The insight that became PlainID is the one most CISOs would recite if you woke them at 3 a.m.: access rules live in a spreadsheet, or in an application, or in fifty applications, or in someone's head. Nobody has a single, queryable, auditable view of "who can touch what, and why." XACML, the OASIS standard from the mid-2000s, described a solution. Almost no one implemented it. Harel and his co-founders built the company that did.

The bet paid off slowly. PlainID spent its first few years explaining an acronym. By 2021, "PBAC" was on Gartner slides and the round from Insight Partners closed at $75 million, with Viola Ventures and existing backers rolling. VentureBeat framed the raise as PlainID reducing "identity and access policy chaos," which is polite journalism for the thing every enterprise architect quietly panics about at 2 a.m. before an audit.

What Harel is working on now is the same problem with different customers. When LLM agents started asking to touch enterprise data on behalf of users, the authorization question got sharper: which agent, acting on whose behalf, is allowed to read which row of which table? PlainID's positioning shifted to include AI agents and LLM data access. The engine did not have to. That was the point of building it right the first time.

Authorization built for the next decade of digital expansion. - PlainID mission line, under Harel's watch
§ 03

The Route Here

EARLY CAREER
Mainframe Security Expert, Bezeq. Responsible for system security and maintenance on Israel's national telecom mainframe estate.
MID-CAREER
Security Consultant, Taldor. One of Israel's leading IT services firms; broad exposure to enterprise security architecture.
PRE-2014
Deputy CISO, Bank Hapoalim. Ran large-scale cybersecurity projects and teams at one of Israel's largest banks.
2014
Co-founds PlainID with Gal Helemski and Dmitry Tuchinsky. Bet: PBAC becomes a category.
2018 - 2020
PlainID scales from a niche standards vendor into an authorization platform. OEM discussions with SAP begin.
DEC 2021
$75M Series C led by Insight Partners. Company reports 100%+ ARR growth and 80% customer growth for the year.
2022 - PRESENT
Positioning expands beyond apps and APIs into data lakes, microservices, and AI agent authorization.
Funding, cumulative (USD, approximate)
Seed / Early
~$3M
Series A
$11M
Series B
$25M
Series C
$75M
2021 growth signals (reported)
ARR growth
100%+
Customer base
+80%
SAP OEM
Signed
§ 04

Three Details

The mainframe apprenticeship

Harel's first serious security work was on Bezeq mainframes. This is meaningful. Mainframe security is where you learn that access control is a graph problem, not a policy problem. It is also where nobody gets famous. The people who work on it are the ones later found rebuilding the industry from the outside.

Also an angel

Public startup registries list Harel as an active Israeli angel investor in early-stage deals. This is the founder version of "keeps up with the neighborhood." It also gives him a running feed of what the next generation of security founders is trying, which is a useful moat for a CEO who otherwise ships a fifteen-year-old standard.

The two cities

Tel Aviv-Yafo for R&D. New York for the customer base. Harel splits time between them, which is the way most Israeli enterprise founders end up living once the go-to-market moves west. He does not post a lot about it. He does not post a lot, period.

Enabling organizations to simply and securely govern, administer and control who can access assets across their digital landscape. - Harel, on the $75M Series C, December 2021
§ 05

Why It Matters (Briefly)

Every enterprise software wave adds a new place data can leak. Cloud added misconfigured buckets. Microservices added east-west traffic no firewall sees. SaaS added a shared responsibility model most companies never read. LLMs added a data-egress channel that speaks English. The authorization layer is the one control that generalizes across all four, because the question is always the same: this thing, on behalf of that person, is asking for this resource - yes or no?

PlainID is not the only company selling an answer. It is, however, one of the earliest and the only one whose founding CEO spent a decade in a bank's Deputy CISO chair watching the problem accrete. That is not a differentiator that shows up in a G2 grid. It shows up in how the product is shaped.

§ 06

Where To Find Him

Share this profile