Sawan Joshi, Global Director of Information Security at FDM Group

This Sage Spotlight features Sawan Joshi, FDM Group's Global Director of Information Security. He shares how the explosion of SaaS tools and the rise of AI-enabled threats have increased cost and complexity across enterprise security. Sawan also explains why he turns to Sagetap to stay current, discover qualified vendors for his clients, and evaluate solutions that address fast-moving risks like ransomware and deepfake impersonation.

Key Takeaways

• Current Focus on SaaS Sprawl and AI Threats: Sawan is prioritizing cost control and risk reduction as SaaS adoption accelerates and AI-driven attack vectors like voice cloning and deepfakes rise.
• ‍Gaps in Traditional Vendor Discovery: Industry events and legacy supplier networks aren't always frequent or dynamic enough to keep up with his clients' evolving needs.
• ‍Targeted Vendor Discovery and Insights via Sagetap: Sawan uses the platform to uncover emerging vendors and stay ahead of market shifts through direct conversations with innovative builders.
• ‍Powerful Ransomware Protection From Halcyon: Sagetap vendor Halcyon stood out with a next-gen capability to capture encryption keys during ransomware attacks, adding a new layer of enterprise resilience.
• ‍Proactive Deepfake Defense From Imper.ai: Sawan also found Imper.ai on Sagetap and was impressed by its focused, timely solution to impersonation and social engineering risks.

Full Transcript

Sawan Joshi: I'm the Global Director of Information Security for a global tech management consultancy called FDM Group. My responsibilities are to make sure that we as an organization not only run the most sound and trustworthy operation that is resilient, but to also empower our consulting teams to take on huge projects for largely regulated companies and organizations.

Over the past few years, we've found organizations jump to the SaaS world. SaaS products became easy to build, easy to bring to market, and even worse, easy to implement. So all of these positive spins are actually the reasons for a lot of problems right now. Not only have they caused a lot of organizations to have a ballooning operational cost, these are also high-risk areas. With AI, impersonation, deepfake, voice cloning, all of these things rapidly on the rise as attack vectors, controlling enterprises' and smaller organizations' uses of platforms is really key. 

So the current large-profile cyber attacks in the industry, covering retail, covering casinos, and, you know, all the organizations, you hear about them all the time, what they are are the opportunities. We are the people behind the tech and we are able to have that knowledge at the forefront of our mind to be able to empower organizations to do better and manage their risk posture in today's ever lean teams, 'cause we are in that very lean economy phase right now. 

I've built a network of trusted suppliers, vendors, resellers, and that's been really good. But every single time I've entered an organization and looked at a similar project, I find out who are the people today that deliver an anti-spam solution, for example, and see if they're still the right choices, the ones I used before compared to the new ones. That sounds all good. That's still narrow.

There are always the usual industry events that happen all the time, and they're good. You know, there's the Black Hat, the InfoSec, Risk, Global, all of these, but they're still every now and then.

I'm part of a speed networking organization too, that gets people together. It's still not frequent enough. 

The networking ability that Sagetap brings to help people like me in roles like mine address new problems that you might be wondering about is not coming from anywhere else but Sagetap. It's a knowledge repository for me, having conversations with very strong, like-minded people building fantastic product.

So for example, there's an organization called Halcyon. They are building an anti-ransomware product that conducts key capture at time of an encryption attempt. These things are really important features that you could implement on servers, computers, and they make a very big difference. The key would be captured either locally or in the cloud environment, dependent on the app's implementation, but I think it's a next gen idea. And the way this idea was described to me, demonstrated by a really knowledgeable vendor, was really, really good. 

Imper.ai is another one that's creating a solution to address and tackle deepfake and social engineering and impersonation attacks.

 These two examples not only presented their product well, answered my questions really good, we ended the conversation feeling this would be good to talk more.

You can waste a lot of time having a long conversation, having a workshop, entertaining a cold call, getting together with a couple of people who should be in the room, a couple of people who shouldn't be in the room, one person missing from the room and half a day is gone talking about something. The Sagetap vendors ensure the right person is on the call to talk about the product, and also talk about the pricing.

I have actually always found it's often the startups that bring the innovation that the enterprises need, so what I've found amazing about Sagetap is it brings organizations to people building solutions to solve real-world problems. 

Above everything, it keeps your knowledge strong, which is really important.