The people

What they build
Open roles via the TechTO Job Board
No roles on the TechTO Job Board yet.
Hiring? Reach 70,000 Canadian tech readers through the weekly TechTO newsletter.
Post a role on jobs.techto.org ↗Or try their own careers page: feroot.com/careers ↗Listings sync from jobs.techto.org — the only structured source. We don’t scrape career sites.
On the TechTO stage
Ivan Tsarynny of Feroot presents "Value Adding" as an Accelerator
Watch on YouTube ↗How YC Helped Us Raise $2M in 9 Days and Build for Global Scale | Ivan Tsarynny (Feroot, YC W21)
Watch on YouTube ↗Every talk is searchable — ask the archive about Feroot Security ↗
About
Feroot started in 2017 as a privacy and compliance company — Tsarynny told the TechTO audience in 2018 that it launched the year before, when 'very few people knew how to spell GDPR,' and built its early credibility by hosting small, tightly targeted conferences for chief privacy officers rather than blogging. The company ran out of money in 2020 and repositioned into security. What brought it back, Tsarynny said on the TechTO stage in February 2026, was narrowing to one problem: hackers stealing credit card details out of websites. That focus, plus a couple of first customers, got Feroot into Y Combinator on its third application, after two rejections. The product now inspects what runs in the browser on the front end of a site — the scripts, trackers and forms that touch payment and personal data — and turns that into audit-ready evidence for PCI DSS 4.0.1, HIPAA, GDPR, CCPA and other regimes. Feroot's research team is also known outside the security trade press: in early 2025 it found heavily obfuscated code on DeepSeek's login page linking to infrastructure run by China Mobile, a Chinese state-owned telecom barred from operating in the US. The Associated Press reported the finding first and academic researchers at the University of Calgary and UC Berkeley confirmed the link. Tsarynny testified before the US-China Economic and Security Review Commission on data collection by China's tech sector.
Backers
True Ventures led an $11 million seed round announced in February 2022, following a $2.5 million round in July 2021. Feroot went through Y Combinator's Winter 2021 batch; Tsarynny said on stage that his angel investors were CEOs who had already exited their own companies.
Quick answers
What does Feroot Security do?
It inspects the code that runs in a visitor's browser on the front end of a website — third-party scripts, trackers, cookies, payment and login forms — and reports what each one can reach, then turns that into audit-ready evidence for PCI DSS 4.0.1, HIPAA, GDPR, CCPA and other regimes.
Who founded Feroot Security?
Ivan Tsarynny and Vitaliy Lim, in 2017. Tsarynny is CEO and Lim is CTO. It is Tsarynny's second company; before it he was at PostBeyond.
Did Feroot go through Y Combinator?
Yes, the Winter 2021 batch, on the third application after two rejections. Tsarynny told the TechTO audience the company had run out of money in 2020 and repositioned from privacy compliance into security, narrowing to one problem — credit cards being stolen out of websites — which is what got it in.
What is Feroot's DeepSeek research?
In early 2025 Feroot found heavily obfuscated code on DeepSeek's login page containing references to infrastructure run by China Mobile, a Chinese state-owned telecom barred from operating in the US. The Associated Press reported it first; independent researchers at the University of Calgary and UC Berkeley confirmed the link. Feroot did not observe data actively transferring during North American login attempts.
