Pangea Cyber wants to simplify security for developers with an API approach
![](data:image/svg+xml;charset=utf-8,<svg height="614" width="1024" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Image Credits: Nadezhda Buravleva / Getty Images
When developers are creating a new application, they may build security features over time or take advantage of commercial offerings or open source libraries to implement certain security functions such as authentication or secrets management. Pangea Cyber wants to change that with an API-driven approach to adding security to an application, making it as easy as adding a few lines of code.
The company’s approach has attracted a fair bit of investor attention with over $50 million raised since it launched last year, an amazing amount of funding in a short amount of time, especially in the current funding environment. The latest round is a $26 million Series B.
Company co-founder and CEO Oliver Friedrichs says they decided to offer a security service for developers in the same way that Stripe offers payment services or Twilio offers communications.
“We’re calling this SPaaS. So essentially Security Platform as a Service, where we’re going to be providing dozens of different security building blocks that are all API-driven that developers can easily embed in their applications,” Friedrichs told TechCrunch.
The services start with authentication and authorization as basic building blocks, but then include more sophisticated elements like logging, scanning files for malicious activity, storing secrets and so forth.
“There’s a lot of things that applications need that are securely related. And right now they’re scattered across many open source and a fragmented list of commercial offerings. We’re looking to provide them all in one place,” he said.
There are developer-oriented pieces like Auth0 (acquired by Okta in 2021) providing authorization or HashiCorp providing secrets management, but there hasn’t been this hub of security services aimed specifically at developers, Friedrichs says.
And he believes that developer focus is what separates his company from the pack. “That’s really where this developer-first delivery model is important and unique, and it doesn’t really exist. For decades now, we have built all these traditional shrink-wrapped products for end users across the entire security industry, but we haven’t built things that are API only or API first that can be plugged in by developers,” he said.
The company already has 40 employees as it attacks this problem, and with multiple startups, including Phantom Cyber, behind him, Friedrichs has deep experience in building companies. He says, even with the economic downturn, he believes his company will thrive.
“Cybersecurity is one of those sectors that’s always resilient and always needed. While there’s a correction in valuations, we rarely see people removing cybersecurity. In fact, it continues to grow and evolve,” he said.
He says as he grows the company, diversity is a big priority for him, but even with all his experience as a founder, it remains challenging. “We focus on it deliberately across the management team and across our recruiting team. We have a full-time recruiter in-house, which is unusual for this early stage, as well as outside resources, and we have conscious conversations around it,” he said.
“Now. Is it easy? It’s not easy, right? Despite how hard you try, you can’t always meet those goals. But we are trying and I think that step number one is to make sure that that’s an objective that we do want to meet, [while understanding that] we can always do better.”
Today’s $26 million Series B investment was led by GV with participation from Decibel and Okta Ventures, along with existing investors Ballistic Ventures and SYN Ventures. The company has now raised a total of $52 million. Okta’s participation is noteworthy because, as previously noted, it acquired a developer-driven authorization piece in Auth0.
![](data:image/svg+xml;charset=utf-8,<svg height="125" width="187" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
![](data:image/svg+xml;charset=utf-8,<svg height="112" width="187" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
![](data:image/svg+xml;charset=utf-8,<svg height="105" width="187" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
