Erik Hart, CISO at Cushman & Wakefield

In this Sage Spotlight, Erik Hart, Cushman & Wakefield's Global CISO, shares how Sagetap has helped him discover and scale partnerships with five emerging vendors, transforming how his team handles AI development, data storage, and risk reduction.

Key Takeaways

• ‍Focus on Identity and AI Innovation: In Erik's role, he's prioritizing identity security and exploring how AI can enhance both business productivity and security outcomes.‍
• Faster Way to Discover and Evaluate Vendors: Sagetap has become Erik’s go-to platform for identifying emerging solutions, offering a faster, more targeted alternative to relying solely on peer referrals.‍
• From Intro to POC in Under a Week: Through the platform, he connected with Prevalent for third-party risk management, which progressed to proof of concept in less than five business days.‍
• Co-Creating Solutions with Design Partners: Providers like Unframe, Praetorian, Ray Security, and Jericho Security have partnered closely with Cushman & Wakefield to build on the team's ideas — resulting in tailored solutions, cost savings, and multi-year deals.‍‍
• Fueling Continuous Innovation: Erik still uses Sagetap often to challenge his thinking, explore new approaches with potential vendors, and evolve Cushman & Wakefield’s security and tech strategies as business needs change.

Full Transcript

 Erik Hart: I am the Global Chief Information Security Officer for Cushman & Wakefield. It's a commercial real estate services firm that has over 50,000 employees globally.

Number one for us is really how do we continue to do better security around identities? For us, identity is the new firewall.

Some of the other areas that are very interesting to us is what can you do with AI more, not only from a business and a productivity perspective, but also it's like, what's the intersection of security and AI usability in our organization?

I before had to say, hey, I'm looking to do this, I have this kind of problem. I have a peer network group that I'd email out and say, hey, is somebody doing this, and that's fine. But that's obviously very limiting to a certain number of people that you know.

I'm looking for third-party risk management. Can I put that into a system and say, well, here's relevant vendors, maybe you should talk to them. That's actually where I started my Sagetap journey over a year ago was, we're looking for a new third-party risk management platform.

I made a profile on Sagetap, put in, I'm looking for third-party risk management vendors. Within a day or less, we got, hey, here's some matches on things.

From having a discussion with the third-party risk management platform we went with, which is Prevalent, in the span of less than five business days, it went from an introduction to a POC because we had an immediate need and they wanted to test it against some of the other ones.

That, to me, has been the impact — that, number one. I also wanna find companies to partner with and be design partners. I met with company Unframe and gave them a challenge. Within three weeks, they came back with a viable business product.

We now have a multi-year, seven-figure-a-year deal with them. It is the number-one leading AI business application, probably, for us in this entire company.

That has been a massive win for our organization that has absolutely, right now, nothing to do with information security. It's about business enablement and AI enablement with business data.

I found another small company, Ray Security, where it's like, we're way over with some of the things we're storing in SharePoint and OneDrive. We wanna move that data.

There's another one where, security aspect to it, but they have a operational, an IT operations, I'll call it, component, where they're able to save us money by being able to say, all this has not been touched in all this time. Move it to lower cost storage, keep it archived for the years that you need to keep it.

We've done a joint design partner agreement, and they're building on our ideas, and then we're getting the benefit back of that at a very reasonable price to avoid a lot of costs.

Like, you know, as I go down the path of, with Jericho Security, and we've talked to them about awareness training, stuff like that.

If you're not a big development shop and you're not a do-it-yourself, how do you find some of these smaller companies that if you give them the ideas, they'll build it, and you both win at the end of the day with the outcomes?

The last one for me is Praetorian. They're kind of an IT kind of assessment, like, penetration testing company. They're really helping us take our vulnerability management program to a new and different level.

They're allowing us to rethink how we do vulnerability management and really help us focus in on, this is what you want to go fix here because it closes all these other things.

I've made a lot of contacts with vendors and some that I have that I'm still talking to them because look, problems are evolving.

I've used Sagetap and some of the vendors to challenge some of my thinking, ask questions, and build some of that. And that's leading to some of these connections becoming closed sales because they're helping evolve us.

And that's the thing. I think Sagetap has helped evolve us — with Unframe, with Ray, with Praetorian, with Jericho, with Prevalent. We've evolved all those services, and we found those all through Sagetap.