Q&A with Robert Kugler, Head of Security & Compliance at Cresta
Our Co-Founder & CEO, Eitan Worcel, recently sat down with Robert to discuss the challenges that companies like Cresta are facing and the role Mobb plays in addressing these concerns. You can read their conversation below.
Hi Robert! To start, can you tell me a little bit about Cresta and what made you take on this exciting opportunity at the company?
Absolutely. Cresta makes every customer interaction excellent. Cresta turns real-time intelligence into real-time action to make the contact center smarter – and every agent and manager more productive. Powering customer experiences for companies like CarMax, Blue Nile, Earthlink, Intuit, and Porsche, Cresta is real-time generative AI for the real world.
The main reason why I took on the role at Cresta was simply because it's such an exciting company with a lot of smart people that presented a great opportunity to enter the generative AI space. Here at Cresta, we are at the absolute forefront of AI technology, and it's really exciting to build and protect that.
Awesome, sounds like you guys are doing some interesting things with AI at Cresta! Why is security so important to your organization? Awesome, sounds like you guys are doing some interesting things with AI at Cresta! Why is security so important to your organization?
Oh, security is extremely important to us! We are storing the crown jewels of our customers. It’s super sensitive information that we are absolutely dedicated to protect.
Got it. And what is the biggest challenge that you face so far when it comes to security at Cresta?
I think the biggest challenge is remediating and preventing vulnerabilities as early as possible. Making sure that we're not running into the same vulnerabilities over and over again.
And that's actually where tools like Mobb can really help remediate those kinds of vulnerabilities.
And Cresta is a relatively new company. So I guess a lot of the infrastructure and everything is done in the cloud?
I see that companies are focusing a lot of their security initiatives around cloud infrastructure. But what about the good old application layer, where developers are writing code every day? Is that an area of concern on your side?
Yes, of course. There are multiple ways a company can get breached, the easiest of which is for an attacker to go for an exposed S3 bucket because that's just security 101.
I think application security is still VERY important. Any application that you, as an organization, release will always be exposed to some level of security risk, so it is always a very good idea to spend time and money on application security.
Of course. So you started to use Mobb not too long ago now.
How long did it take to get started?
It was actually super quick, which was really great!
Setting up a new SaaS solution can at times be very painful.
Sometimes it doesn't work the way you want it to. Other times you think it's working, but it's not generating any sort of findings because it isn't able to compile and build anything.
However, Mobb was a different story! It had one of the easiest setups ever. You can literally connect a couple of GitHub repos that you want coverage on, and that’s it!
Awesome. I'm happy to hear that we are offering you such a pleasant experience!
So, I know you see the value of Mobb, but I wanted to see if you can also describe the value other companies should expect to get from a tool like Mobb?
I think like Cresta, Mobb provides value by increasing security engineers’ efficiency 10X as it gives them the tools to remediate vulnerabilities faster.
Security Engineers know how to remediate vulnerabilities. They know how to fix an SQL injection. They may not know the specific code or language, and that's fine!
They don't need to be able to write code in every language because a tool like Mobb is making remediations so much faster and actually lowers the barrier of entry by showing them what a fix should look like.
That takes away all the time spent on StackOverflow or any other areas that people may use to find a particular fix. And that is huge because the research of figuring out how to even do a particular fix in a specific language can require a vast amount of money and time spent on trying to figure out how to fix it.
That sounds really good.
By the way, I think we can also agree that the developers working at Cresta are definitely above average when compared to the masses of developers out there in larger organizations.
Can you estimate the value that larger and older organizations should expect from their developers by using Mobb?
I think it will be even more useful to legacy software companies for sure because, oftentimes, legacy companies are maintaining a lot of very old code.
Their code probably got written by somebody who left the company 10 years ago and barely documented anything–code that nobody wants to touch because they're afraid of breaking it and dealing with the amount of vulnerabilities it holds.
So, here, Mobb actually can help enable vulnerability and remediation for these organizations, which is great for compliance, of course. But it's also amazing for the security posture of the company itself because, finally, vulnerabilities that have been stuck in the backlog for years can get the attention that they deserve at scale. This is really exciting because Mobb is just putting it all in front of you, and all you have to do is go in there, export it as a PR, open it, let some engineer review and approve the code, and then you can just merge it.
Cool! Robert, thank you very much for your time. I appreciate what you're doing at Cresta. It's always a pleasure talking to you.
Absolutely! Thank you for having me.
Are you interested to see it for yourself? Schedule your demo here. See how the magic happens.