Harshal Mehta, VP & CISO of CWT

"Sagetap's biggest impact is helping us find new and niche players."

Harshal Mehta, VP & CISO of CWT

In our latest Sage spotlight, Harshal Mehta, VP & Chief Information Security Officer of CWT, shares his experiences with vendor discovery and discusses how Sagetap helps him match and meet top-tier vendors based on his key initiatives.

Key Takeaways

  • Harshal Mehta is the CISO at CWT, a billion-dollar organization with 12,000 employees operating in over 100 countries.
  • Harshal emphasizes the importance of engaging with peers and vendors to stay updated on the evolving cyber landscape.
  • Sagetap allows Harshal to screen vendors anonymously, avoiding sales pipelines and focusing on vendor strengths.
  • Sagetap helped CWT discover and implement niche players like Vulcan and Bionic, improving security and remediation programs.
  • Transparency and responsiveness from vendors were crucial in their decision to adopt new solutions through Sagetap.

Full Transcript

Harshal Mehta: My role here as a CISO at CWT involves everything and anything from cyber perspective.

For context, CWT is close to 12,000 employees, we are a billion dollar organization, headquartered here in Minnesota, operating in a hundred plus countries.

I think one of the things which we do really well is engage with a lot of my peers through various CISO podcasts or through CISO council meetings, as well as go outside the CISO peers and talk with product guys or the VC guys and just understand how the landscape is changing.

You know it's like a kid going to a candy store and just confused on which candy to buy.

So a lot of the times we meet up with vendors and they can be like, oh yeah, we can absolutely do this, this, and this.

But then when you do an actual proof of concept, you'll be like, huh, it just doesn't deliver.

Um, so we do a lot of meetings, go through forums like Sagetap and just meet up with vendors and just understand. What is in the market?

We can select what the strengths of the vendors are, what they can do without even disclosing your identity, because that's the biggest challenge for CISOs or any technology leaders is once you initiate a conversation, you would be just sucked into the sales pipeline where everyone wants to talk to you.

So I think that identification process or screening the vendors based on their strength is super helpful.

I've been on the Sagetap platform for almost two years now, and I would say the biggest impact which Sagetap has on us is finding new and niche players, which is pretty difficult in the ecosystem,

I can name one which we have implemented last year was Vulcan. As any security practitioner, you know, we are always being overburdened with so many vulnerabilities.

You know, we have the best in class callers, we have CrowdStrike, we have external, internal pen testing. We have Veracode from application security perspective. It's a saturation point for our infrastructure and cloud engineering team to just come through a standard portal where they can ingest everything and magically say, You know, do this five things and you are good to go.

That's where Vulcan coming out of shelf was such a great value proposition for us. Because again, as a, as a newer niche player, they were ready to learn with us. Which is pretty critical

I would say 12 to 14 months, we have a pretty matured vulnerability remediation program by just engaging Vulcan through Sagetap, which wouldn't have been engaged unless someone would have aggressively pushed Vulcan, which especially in Midwest thing doesn't happen.

I can say another one, Bionic. This is even before CrowdStrike did the acquisition for Bionic. We met Bionic as an ASPM player, pretty niche player. Now, we are an existing CrowdStrike customer. Bionic just comes in as an add on and we were like, oh yeah, we have evaluated Bionic in the past.

We know the capabilities, CrowdStrike just adds the recommended flavorand we have a pretty ready product.

So I think this is the way that a lot of niche players, get a lot of value without going through a pretty detailed RFP or RFI program where you just have the top two or three players.

And you would never get to play with the newer or the niche players.

Sahil Khanna: Is there anything that you think they did really well in that first interaction compared to all the other vendors that you've taken first meetings with?

Harshal Mehta: I think the one with Vulcan, which I can remember pretty prominently was transparency. When we had that conversation with Vulcan, their leadership came on the table and said we are not the big callers of the world. We cannot deliver this, this, and this. But we would [00:04:00] be able to deliver as we evolve.

And we have you as a customer. So I think the transparency helped along the way. As we started using the platform we had a lot of ideas, which, they were open to learn. And when we say something, they would get that into production within the next two or three weeks which was amazing for us.

You know, they were learning as well. So as they were having customers like us, there were a lot of interaction, to make the product better and also help us in that journey was pretty convincing for us to just stick with them.


Get Started Today

Join over 4,000+ startups already growing with Sagetap.