In our latest Sage Spotlight, Sagetap CEO Sahil Khanna dives deep with Matthew Marji, Head of Security at Narvar, a logistics platform integral to online shopping experiences worldwide. Matthew gives us a glimpse into how he maximizes the twin pillars of his role: safeguarding customer data and ensuring the security of Narvar's applications and infrastructure.
This episode is a must-watch for anyone navigating the complex terrain of information security, offering a peek into Matthew's strategic use of Sagetap to streamline these challenges.
Key Takeaways
- Matthew's Role at Narvar: He leads security with a focus on customer data protection, PII compliance, and the security of Narvar's products, applications, and infrastructure.
- Challenges Selecting the Right Tools: The overwhelming influx of cold calls, LinkedIn messages, and emails from vendors makes it challenging to identify the right tools for specific problems due to time constraints and an uneven playing field.
- Finding Solutions through Sagetap: Sagetap offers an efficient platform for understanding what both the vendor and buyer are looking for, allowing for quick, asynchronous dialogues to determine potential matches.
- Benefits of a Targeted Approach: Matthew appreciates Sagetap for its ability to filter through the noise and directly connect with vendors that match Narvar's specific needs, making the discovery and evaluation process more efficient and productive.
- Learning and Connection Opportunities: Through Sagetap, Matthew has been able to make valuable connections and gain insights into differentiating factors of various platforms, leading to continued conversations with promising vendors.
- Success with SecureFrame and Socket: Two of Matthew’s favorite vendors on the Sagetap platform are Secureframe and Socket, helping him improve compliance and open-source library security.
Full Video Transcript
Matthew: My name is Matthew Marji, I proudly lead security at Narvar. if you've ever purchased an item and wanted to track your package delivery or complete a return online, you've likely used the Narvar platform. My role at Narvar consists of two areas: The first one is information security focused on customer data and PII compliance, and then you kind of pivot and think about the security of the products that we offer, the application, and the infrastructure.
Sahil: What are you struggling with the most, what is most difficult about your role in 2024?
Matthew: Trying to dwindle down the right tool for the problem we're trying to solve. I probably receive on average eight cold calls a day, four to six LinkedIn messages, and a heaping full of emails regarding, like, our tool is the best in this area and this is the reason why we're the best and there's a lot and there's just not enough time the day to review everything and determine like is it applicable is it not and it doesn't feel like an even playing field anymore.
So in the past, it's led me to go to trusted sources such as Garner to determine you know who stands out in an area, but unfortunately, that misses out on a lot of vendors potentially and so Sagetap was like the perfect platform to kind of know what the vendor is looking for and what I'm looking for and we can have that quick dialogue asynchronously to see if there's a match there and then we could dive in to get to know if there's that fit and continue the conversation or not depending on how I felt that went.
It was quick and seamless and I feel like no matter what I had essentially walked away with either a connection or something that I've learned about that platform as a differentiator versus others. We've actually taken a couple of companies and continued conversations.
Sahil: Are there any that come to mind that really excite you?
Matthew: There are two that come to mind, the first one undoubtedly is Secureframe. It can become pretty overwhelming with compliance frameworks and making sure you have all the evidence and the ability to remediate any issues and that's only the start. Then you have requirements to do things like training to remediate any open issues to provide maybe a trust portal for other businesses that are asking questions about your compliance standards or your information policies.
Typically you'll find separate tools for each thing that you have to go out and source and put together and I think what Secureframe is doing, which is pretty incredible, is solving this problem of this disjointed system by bringing it all into one platform so not only do you have confidence with Secureframe being able to make sure you have all the evidence for any given framework but it also starts to tie in these other elements that you typically would go somewhere else for and have to remember to update your trust center or make sure your security training has all of the right components to it. They're really simplifying a very difficult problem.
The second vendor is Socket.dev. So, open source libraries, you know we all use them in our source code, is it secure? Is the library version that I'm using secure or vulnerable? If it's vulnerable, are we affected? Is there an exploit path within the code that we're using and how we're using it? Is there potentially a supply chain type of attack like a typo squad?
I think of solutions like Dependabot where there's just a list of vulnerable open-source libraries and it's overwhelming and developers look at it and say I genuinely don't know where to start and I'm not sure if I take on one of these if it's even exploitable. I have to dig in further. I have to do that work. So I think what Socket is doing is taking a developer-first approach to solving the concerns around supply chain and open source vulnerabilities and that really excites me because it's developer-first but it provides leaders with a dashboard and reports and the ability to very quickly understand what the security posture of our applications look like.
Don't miss out on next-gen startups that can help you achieve your top initiatives. Discover and book anonymous demos with vendors on Sagetap and get compensated for providing feedback. Only reveal your identity if you're interested in next steps.
