When developers create a new application, they can build security features over time or take advantage of commercial offerings or open source libraries to implement certain security features, such as authentication or secret management. Pangea Cyber aims to change that with an API-driven approach to adding security to an application, making it as simple as adding a few lines of code.
The company’s approach has attracted quite a bit of attention from investors with more than $50 million raised since its launch last year, an astounding amount of funding in a short amount of time, especially in the current funding environment. The final round is a $26 million Series B.
The company’s co-founder and CEO, Oliver Friedrichs, says they’ve decided to offer a developer security service in the same way Stripe offers payment services or Twilio offers communications.
“We call this SPAaS. So essentially Security Platform as a Service, where we’re going to deliver dozens of different security building blocks that are all API-driven and that developers can easily embed into their applications,” Friedrichs told businessroundups.org.
The services start with authentication and authorization as basic building blocks, but then include more advanced elements such as logging, scanning files for malicious activity, storing secrets, and so on.
“There are a lot of things that applications need that are connected securely. And right now they’re scattered across a lot of open source and a fragmented list of commercial offerings. We try to offer them all in one place,” he said.
There are developer-focused pieces like Auth0 (acquired by Okta in 2021) that provide authorization or HashiCorp that offers secret management, but there hasn’t been such a hub of security services aimed specifically at developers, Friedrichs says.
And he believes that developer focus sets his company apart from the rest. “That’s really where this developer-first delivery model is important and unique, and it doesn’t really exist. For decades, we’ve been building these traditional shrink-wrapped products for end users all over the security industry, but we haven’t built things that are API only or API first that can be plugged in by developers,” he said.
The company already employs 40 employees to address this issue, and with multiple startups, including Phantom Cyber, Friedrichs has extensive experience building businesses. He says, even with the economic downturn, he believes his business will prosper.
“Cybersecurity is one of those industries that is always resilient and always needed. While there is a correction in valuations, we rarely see people removing cybersecurity. In fact, it continues to grow and evolve,” he said.
He says that as he grows the company, diversity is a big priority for him, but even with all his experience as a founder, it remains a challenge. “We are consciously focusing on it throughout the management team and in our recruitment team. We have a full-time recruiter in-house, which is unusual at this early stage, as well as outside sources, and we have conscious conversations around it,” he said.
“Utilities. Is it easy? It’s not easy, right? No matter how hard you try, you can’t always meet those goals. But we’re trying and I think step number one is to make sure that’s a goal is that we want to achieve, [while understanding that] It can always be better.”
The current $26 million Series B investment was led by GV with participation from Decibel and Okta Ventures along with existing investors Ballistic Ventures and SYN Ventures. The company has now raised a total of $52 million. Okta’s participation is notable because, as noted earlier, it acquired a developer-driven authorization piece in Auth0.