Ravi Nori, Head of Cybersecurity at GoPuff

This Sage Spotlight features Ravi Nori, Head of Cybersecurity at Gopuff, as he reflects on how a highly intentional vendor discovery process on Sagetap led to a strong partnership with SolCyber — and how it proved critical during a live fraud incident.

Key Takeaways

• Current Focus on Data and Identity Security: As Gopuff enters 2025, Ravi is prioritizing data security mandates and sees identity security as a growing industry trend and a key area for investment.
• Smarter Vendor Discovery with Sagetap: To meet Gopuff’s evolving needs, Ravi uses Sagetap to evaluate vendors in a controlled, two-way format where both sides assess fit before committing to a full meeting.
• Finding the Right Fit with SolCyber: Through Sagetap, Ravi connected with SolCyber, a vendor that stood out for its transparent pricing, easy implementation, and ability to reduce costs.
• Post-Sale Support That Delivered Immediate Value: After onboarding, SolCyber absorbed Gopuff’s existing SentinelOne licenses, streamlined log triage, and provided engineering support — saving Gopuff time and money and improving its security posture.
• High-Stakes Validation in a Live Incident: When a fraud incident occurred in Gopuff’s UK office, SolCyber helped quickly identify and resolve the threat, reinforcing the benefit of selecting the right partner through a thoughtful process.

Full Transcript

Ravi Nori: I'm the head of cybersecurity at Gopuff. Basically I manage all aspects of cyber for the company, so that's DevSecOps, Cloud Security, Network Security, Application Security, and GRC.

We're focused around mandates around data security, and also I think a focus on identity security is gonna be, I think it's not only a trend seen in the industry, but definitely something that I would like to focus more in 2025, so I've been using Sagetap a lot to meet vendors for that type of platform.

Sagetap does it in a very controlled way. You get a brief overview of the vendor, the vendor's forced to ask you questions to see what your use cases are, and then they also get to make an assessment as to see if there's a fit. So I think it's a good way for vendors and customers to vet each other in a very controlled atmosphere.

Sahil Khanna: Talking about vendors that you've discovered that worked out for you, one I know of is SolCyber. Can you tell us a little bit about SolCyber, how you discovered them?

Ravi Nori: I saw this company with an interesting name. It seemed like they're doing all the right things. They're one of the few vendors that's very transparent on pricing, which is really important. So that way I could get an idea of how much I'd be spending. I told them our budget. And so we actually were able to have some of those preliminary conversations in the phone call.

Then I just reached out to them like, hey, I think it's time to talk, so I need to turn this over. Let's do like a light POC. And then it was a successful engagement and just signed them up and brought them on board.

We had SentinelOne as our EDR, and SolCyber absorbed the SentinelOne licenses, so it included it as part of the cost, so that was not only a cost savings, but an improvement in efficiency as well. So really, really, really important.

And then triaging all the logs we'd be seeing 'cause I was for a while doing that myself, and that was just becoming like next to impossible. So we had their engineers help with quite a bit of the integrations from some of our major systems, and yeah, they were very, very easy to work with, and it just became a seamless part of transitioning in with us.

They've helped us to solve some major problems, so they definitely give us some color on things that SentinelOne does automatically, recommend policies that we should be adding to SentinelOne to protect our end devices.

But one of the main things I have to highlight they did this year is that we had a fraud incident in our UK location, and SolCyber was actually the one that identified who that potential person was. This all happened in a day and it all happened while I was on travel in India. So they were very, very responsive in terms of helping us triage, identify that person, and it ended up being two people.

They've, again, helped us really improve our security posture as well and help us with real live incidents. So that's been very, very, very, very useful, which is why we needed a SOC that could actually do that.

‍