Pedro Barata, Cloud Security Manager at BigID

In this week's Sage Spotlight, Pedro Barata, Cloud Security Manager at BigID, opens up about the realities of securing a fast-moving AI company with a lean team. Pedro shares why the agentic AI wave is forcing security teams to rethink their entire scoping philosophy, what's still broken in the SIEM market, and how a chance Sagetap connection led to a vendor discovery that replaced both his SIEM and SOAR in one move.

Key Takeaways

• Defending Against AI You Didn't Deploy: Pedro's top 2026 priority is "AI DR," building defenses around agentic systems, MCP servers, and AI skills that are proliferating faster than most security teams can track.
• Scope the Whole Surface, Not Just Today's Assets: Pedro challenges vendors who only scan assets AI is currently using. In his view, that lens will be obsolete within a year. Agents will eventually reach everything, and security posture needs to get ahead of that now.
• The SIEM Market Is Still Unsettled: Despite a crowded field, Pedro struggled for months to find a SIEM that fit his team's needs and budget. Legacy incumbents rebranding as "AI SIEM" haven't solved the underlying data architecture problem.
• Cold Outreach Was Never the Answer: Pedro's old process meant either waiting passively or filtering through 20–30 automated LinkedIn messages a day — never confident he'd found the right vendor. Sagetap let him define the project and let the right vendors come to him.
• A Peer-Sourced SIEM Win with Gravwell: After a three-to-four month search, Pedro and a teammate independently connected with Gravwell on Sagetap. Within a week they were moving forward — replacing their legacy SIEM and SOAR at a fraction of the prior cost.

Full Transcript

Pedro Barata: I am based in Portugal. I'm currently the cloud security manager at BigID. I'm managing a team of three. We are a really small team, so that's why we are always chasing new vendors and cool partnerships.

Meghan Lafferty: What is at the top of your priority list for this year?

Pedro: AI everywhere. So we are trying to defend ourselves from AI, from new malicious actors. Everything is new, so we need to learn with the new vendors. We mainly work in the Israeli and American space. So both of them are really fast in terms of technology, but mostly from the Israeli side, we have a lot of pitches around startups with new ideas.

We are in the middle of several POCs for the new “AI DR.” Right now, everyone is concerned about how the MCPs agents and skills work. So that's the main focus right now.

I feel that the vendors are just focusing on the assets that their AI is using currently. I think everyone should start scanning everything because from one day to the other, at least in less than one year, AI will start using everything, not something that the human decided to scope. We need to be aware that X and Z agents exist. Maybe from one day to the other, they can start being malicious. Who knows?

Meghan: Outside of AI, or maybe elaborating on AI, are there really big gaps in the market that you think vendors can actually step up and fill?

Pedro: We struggled a lot to find a nice SIEM for us. We have Splunk, we have one from Microsoft, we have one from SentinelOne. They started with the normal SIEM, and now they are the AI SIEM. The companies keep trying to find a nice data lake. I feel that we will start the AI journey without having a stabilized market for these kinds of things.

Everything is growing, so we will not talk about terabytes per day. We will talk about petabytes tomorrow, maybe. So, it's a tough market, especially around data. Right now, we are in that journey of trying to understand more and more about the MCP and agents space. The rules are changing.

Google has a lot of capabilities around data loss prevention, but it's not perfect. They are not following the same that some startups — cool startups, by the way — are following. So maybe in five, six months we'll start another kind of project around that field.

Meghan: Okay, think about before you joined Sagetap a couple years ago. What did your typical process look like for discovery?

Pedro: We were literally waiting for vendors to reach out. We keep building internally, but normally we were waiting, or we were searching on LinkedIn or other platforms.

Meghan: Did that ever become overwhelming? Did you have a lot of people reaching out to you on LinkedIn, or was it pretty infrequent?

Pedro: Mm-hmm, if someone is hearing this, please don't send automations to people's mailboxes, because we can receive like 20 or 30 messages per day on LinkedIn.

Meghan: Was that the biggest friction point, then, in that old approach? Or would you say there were others?

Pedro: We were always trying to reach out to a company that we didn’t have literally 100% sure that they were the right company. With Sagetap, we can put the project that we are working on and they can reach us. They can understand what we need, instead of just, oh, your company does this or that. So it's really easy.

Meghan: Well, let's talk about Sagetap. Tell me about when you joined a couple years ago and how you used it, and how that's evolved since then.

Pedro: I think it was a friend of mine that invited me. He told me, "Oh, that’s nice, there’s a lot of companies. You keep learning." People that reach out on Sagetap are pretty direct. They are not really enterprise people. They are really open people. You can talk with them.

Sometimes I told them, "Okay, I will not have any project for you guys right now at BigID, but I would love to help you guys to grow." Sometimes it's more than, oh, those guys are big right now because I helped them in the beginning, which is nice.

Meghan: Yeah, the feedback piece is very important to other Sages when they talk to them afterwards.

Pedro: Exactly. That's why the capability that you guys have right now, the capability to talk with each other, we need to know other opinions. We need to know other approaches, and with that we can grow. We are a small team. We can talk with each other, but following other teams' feedback is pretty nice.

Meghan: In terms of results from Sagetap, is there a biggest impact that you've seen?

Pedro: We were searching for three, four months, or something like that, for a new SIEM. Different vendors, different approaches, but at the end of the day they were really expensive. A guy that works with me told me, "Oh, there's a company talking with me on Sagetap." And I told him, "Man, I have a company talking with me on Sagetap too." And after telling the name, oh, that’s the same company, it’s Gravwell. (I was the first one, by the way.) After one week of meeting them on Sagetap, it was really fast.

Meghan: I know that's a contract that you signed a few months ago, so you've really gotten started with them. So, what is the pain point that they solved for you, or are solving for you?

Pedro: Gravwell is helping us a lot in terms of knowing our own data. Right now, we are shipping every important log audit event to them, and from there we can create alerts and do some kind of actions. And with them, we can literally close the incident response. So, after that, we can send some alerts of some events to our MDR, but at least they were able to replace our old SIEM and our old SOAR, which is pretty nice. It’s not normal from a normal vendor around the SIEM space.

We used to pay millions just for the SIEM, and right now they are helping us not to just send everything, but to learn more about the events and the logs and to cut useless data. My team is working closely with one of their VPs. One of their VPs is one of the best technical guys that they have right now. They are growing a lot, they are hiring a lot of people, they are really humble people. If they have some issues on their side, they are totally okay to say that it was their fault, they will solve it. Something really cool that normally doesn’t happen on the SIEM space:

They allow us to know our data before paying for the data.That’s not really common. You can send data to a temporary index. You can learn how much data you have there, what type of data you have there, how can you cut that data, and then when you are satisfied, you can send it to production.

Meghan: Awesome. They sound really flexible.

Pedro: They are really flexible. At least with us, they are really flexible.

Meghan: Great. What would you tell other security leaders who are maybe on the fence about joining Sagetap?

Pedro: I would say that Sagetap is pretty awesome because you’ll start understanding maybe there is someone on the other side of the world that is thinking about something different. If you keep closed inside your four walls, in your laptop, you may lose a lot of cool technology that is appearing in the space.