Read the fascinating story of Checkmarx, the leader in Application Security solutions. What are the secrets of its success? How has the company overcome challenges, and what role does passion play in its achievements? This is a story you don’t want to miss.
Checkmarx, the software security firm headquartered in Ramat Gan, has more than 1,000 employees and offices in twenty-four countries around the world. More than half of the Fortune 50 companies are Checkmarx customers. While some Israeli hi-tech companies are dubbed ‘unicorns,’ indicating a $1 billion valuation, Checkmarx has exceeded that amount, and as the company’s CEO, Emmanuel Benzaquen says jokingly, it is a ‘multi-corn.’ Yet, there is far more to the Checkmarx story than financial and artistic success. The company is about people, passion and performance.
Emmanuel Benzaquen was born in Paris and after completing his master’s degree in electrical engineering, moved to the UK, where he began a Ph.D. program in robotics and computer science. Benzaquen was more interested in a business-oriented environment and soon moved to California, where he completed an executive MBA degree. He spent ten years in Silicon Valley working in the software and semiconductor field. “There is a saying in our field,” says Benzaquen, smiling, “that if you can do embedded software (which is part of semiconductor work), then everything else is easy.”
Beginnings – From Silicon Valley to Israel
After three successful business ‘exits,’ Benzaquen decided to go back to his original plan and try his luck at what he calls “the other Silicon Valley,” Israel. Between 2003 and 2005, he frequently traveled between Israel and the United States, consulting in the Israeli hi-tech industry. During that period, he met Maty Siman, a talented programmer and security expert who wanted to create an application security company. “I really loved the idea, and Checkmarx was at an embryonic stage in his mind,” says Benzaquen of his meeting with Siman. “I loved it so much that I said to him, ‘This is great. Let’s do it.’ We joined forces, and I became the CEO, and that’s how the company got off the ground. I’ve been working with Checkmarx ever since. It’s been over 16 years since we started the company, and it’s been a long journey.”
Living in San Francisco, Benzaquen had a good life, and making Aliyah was a real change of culture. “It was a bit of a shock,” he recalls.” Coming to Israel, Benzaquen wanted to create a company that would last, that would be sustainable, and that would create job opportunities in Israel and around the world. He hoped that Checkmarx would be that company.
Maty Siman, the company’s founder, was born in Jerusalem and received his first computer, an 8-bit Amstrad 6128 home computer that included the BASIC computer language, when he was seven years old. “I got hooked,” he recalls. “On that day, I knew that’s what I wanted to do when I grew up. Since then, I’ve been writing software every day.” Siman spent seven years in the IDF, working in the army’s software development school and later in one of the army’s special information security units. After completing his army service, he spent two years in the Prime Minister’s Office as a senior IT expert and project manager.
Siman’s IDF service and work in the Prime Minister’s Office inspired him to found Checkmarx. “One of my tasks during my work,” he says, “was to find a product to help developers write secure code. I couldn’t find anything decent, and I said I have twenty years of software development experience and nine years of application security experience. I can do better.” Siman decided he could do better, and so he did, founding Checkmarx and teaming up with Benzaquen for the journey.
As the company’s technology visionary, Siman has been instrumental in overseeing its product strategy from the very beginning, helping customers achieve their goals of developing and releasing more secure software. Today, he is the Chief Technology Officer (CTO) at Checkmarx.
The road from startup to multi-billion-dollar company was not always smooth. Checkmarx started at the Naiot Incubator in Yokne’am. The company received a small amount of funding from the government and created a prototype program as a proof of concept to attract investors and succeeded in attracting institutional and strategic investors from Israel, the United States and Japan. In 2011, Salesforce, the large US cloud-based software company, invested in Checkmarx. “Salesforce was an early strategic investor,” says Benzaquen. “They are early adopters, visionary and are very sensitive to software security. It was a match made in heaven.”
Benzaquen says that the company went through several stages until it reached success. “There was the incubator, and then we had to bootstrap using loans and the proceeds of our first sales because we were in a low funding period, and it felt quite alone.” He calls it the ‘Garage period,’ when the company literally operated from above a garage in south Tel Aviv. During the 2008 financial meltdown, he says, it was difficult to raise funds.
Fast forward to 2015. The market for application security software was becoming mature, and Checkmarx was becoming well-known in the industry. Benzaquen brought in Insight Partners, one of the top US growth equity firms, and fully recapitalized the company for $84 million. This was the company’s first exit. Between 2015 and 2020, Checkmarx nearly doubled in size each year. In 2020, the company fully recapitalized again and was sold to Hellman & Friedman, a large US private equity firm known for acquiring best-of-breed companies. Benzaquen says that while technically it reflected a change of shareholder, in actuality, it was another full exit at scale for Checkmarx and its employees. The exit took place on March 16, 2020; as much of the world shut down because of Covid, Checkmarx sold for over $1 billion.
Benzaquen says that the pandemic raised the platform and visibility of software to a higher level. During the first months of the pandemic, he notes, people were in shock, but once people got used to the new reality, Checkmarx resumed its sustained growth. “We have grown throughout Covid,” says Benzaquen. “We never stopped growing even though it was a bit slower than we were used to.” He adds that the company can work with its customers either online via the cloud, or in-person, which helped the company during Covid lockdowns.
The emergence of application security
Benzaquen explains the importance of application security. Most people are familiar with the idea of network security, which protects a network of computers from attacks, as well as antivirus software, which protects an individual’s computer from malicious software. “In the early 2000s,” he explains, “another layer of security, known as application security, emerged.” Applications that simplify functions, says Benzaquen, are the bridges that connect the organization with the outside world. Checkmarx deals with this layer.
In 2005, he continues, there were no smartphones, and applications were not in widespread use. “Today, everything runs using applications. Whether it is your car, your smart home, or simply your air conditioner, you may not be able to use them without one. This has been driven by software over the past fifteen years and has accelerated exponentially with the growth of smartphones and internet interconnectivity,” he says.
Checkmarx designed a platform that allows developers to develop code securely throughout the Software Development Life Cycle (SDLC). “Originally, we built a Static Application Security Scanner for developers and Chief Information Security Officers (CISOs) that are responsible for security.” In today’s security-conscious world, says Benzaquen, “code needs to be secured in order to exist.”
Benzaquen says that the company had to do quite a bit of product evangelism in the early days, educating CISOs, developers and industry members about the need to provide application security during software development. Eventually, he says, application security became mainstream due to the exponential growth of software code being developed and run by applications. “It became an important layer of the security stack,” says Benzaquen.
All organizations that develop code today, he emphasizes, must use a software solution that checks code for vulnerabilities. Siman and Benzaquen explain that the way that code is written today necessitates application security. Fifteen or twenty years ago, developers wrote the code for their projects independently, and the use of code from outside sources was minimal, if at all. With the development of the cloud, applications today are built from many different sources, including code from the public domain known as Open-Source code. Bits and pieces of code are frequently used from different providers. Whereas in the past, developers needed to check only their own code, today they must analyze every component. Checkmarx can correlate the results and understand the ecosystem of code providers.
The top tier customers for Checkmarx products, says Benzaquen, are financial institutions, the military, and software vendors, but its customer base is across the spectrum and extends to insurance companies, the healthcare industry, and retailer companies, to name just a few verticals. Without application security, information could be stolen, monitored, or diverted and could be used by malicious actors for financial or strategic gain.
There are other companies in the application software security space, but Benzaquen says that Checkmarx is ‘head and shoulders’ above their competition. “We work with developers, and the primary function of developers is not to do security – it is to develop. There is a fine line. How do you tell developers to develop securely, but without slowing down their development? At the end of the day, the developer is paid to design a piece of software that functions. Now, we are adding a layer of complexity.” Benzaquen says that Checkmarx software creates seamless integration within the software development lifecycle without being intrusive to the developer.
The Checkmarx advantage
Both Siman and Benzaquen, experienced software developers, explain that Checkmarx has an advantage over the competition because they are the only company that truly understands code. “You need to understand code to be a developer at heart. We understand code, and we understand security,” says Benzaquen.
As a result, adds Siman, “We address a dual persona: the security team and the development team.”
Checkmarx has a dedicated security research team that, over the years, has discovered many security breaches in commercial products, including Android phone software, Amazon Alexa, and others. The team found a vulnerability in Android that would enable someone to connect to Android devices and activate GPS, video cameras and microphones. They were able to hack into the Tinder dating app, which could enable hackers to see the data of its users. Checkmarx security team members discovered a vulnerability on the Amazon Alexa that would allow users to log into any Alexa device and eavesdrop. “Our advanced security team allows us to stay ahead of the competition and find out about new trends,” says Benzaquen. “We incorporate all of these findings into our product itself.” Whenever the security team discovers a security breach, it notifies the manufacturer through a responsible disclosure practice so that it provides enough time for the vulnerabilities to be fixed. Apart from improving the Checkmarx product, Siman says, “We want to make a better world.”
Investing in Checkmarx employees
Making a better world within Checkmarx for its employees is the task of Dalit Krainer, Chief Human Resources Officer at the company. Krainer, who has more than 20 years of global HR experience, is responsible for leading the company’s human resource strategy, mission and values throughout the company, which has 1,000 employees spread throughout 24 countries. “It’s very complex to align everyone all the time towards one vision and one mission with common goals,” she says.
Krainer says that for Checkmarx, “everything is about leadership, and good leaders creating more good leaders.” The most important goal of the HR department, she explains, is preparing the company for its future. “This has to do with the talent we are hiring, the compensation we are offering, the learning mechanism and technology that we are providing, and the leadership we are grooming. Everything that we are doing is to make sure the organization is ready for the future that the company has chosen for itself.”
The second complementary goal, she adds, is to help the company employees unleash their potential and improve themselves. “If everyone among our 1,000 employees does something better every day, the magnitude of improvement within the company is huge. This is how we can push our company forward.”
Checkmarx invests in its employees to help them succeed, says Krainer. This allows them to do things they didn’t think they could accomplish. The company has created a learning platform that enables its workers to constantly learn and increase their knowledge. “We believe in a mindset of growth – of learning all the time,” she says.
Moreover, Checkmarx has created a mechanism by which employees can learn a new skill within the company and move from one area to another. “We want our people to grow with us,” says Krainer. “If you are a field salesperson wanting to move to research and development, and you are a good employee, we want to invest in you. We want you to do it at Checkmarx rather than with another company.” The company has created a career map system where each employee can assess their current skills and list the desired job they wish to perform in the future. The system provides two indicators – the current gap in qualifications between the employee’s current role and the future one that they want to assume, and the requirements, qualifications and courses that they need to learn in order to assume the next role. In this way, Checkmarx employees can navigate from one point to another within the company. Since the beginning of this year, notes Krainer, close to 40 employees have moved to different departments within the company.
Krainer says that Checkmarx invests in its managers in a similar way. “It is interconnected,” she says.” Leaders have a significant effect on the company, and Checkmarx trains its leaders, offering courses and workshops for managers at all different levels.
The training even extends to the very highest level of the company. Checkmarx recently held its very first Checkmarx Leadership Forum, which included all 28 vice-presidents, thereby expanding the level of leadership in the company beyond the key executives who report to CEO Benzaquen. This forum included staff from all the company’s different regions and veterans and new hires from various departments within the organization. “We held one week of conferences,” says Krainer, “which provided a great deal of leadership content. It also gave them time to work together and develop strategic projects to help grow and advance the company.” Given the large investment in leadership and organizational development, she says that the company first considers promoting from within when selecting managers for different departments.
Checkmarx, like many companies around the world, has had to deal with the challenges of increased resignations in the wake of the pandemic. Krainer says that the company has become more creative and flexible in order to bring more talent to its ranks. First, it developed a hybrid employment model and decided to open employment to contractors, subcontractors, freelance workers, consultants, and part-time and temporary employees. This, she explains, brought a new wave of talent to the company.
In addition, says Krainer, the firm has begun to hire and train university graduates who have minimal or general experience in software security. She says that while the training process may be slow at first, college graduates who come to Checkmarx with creativity and a willingness to think out-of-the-box catch on quickly and become valued employees.
Regarding the hiring of employees from the minority communities in Israel, Krainer says that Checkmarx is working with a contractor that employs Haredi women in research and development. The company is planning on hiring more members of minority groups in Israel and other Checkmarx sites around the world. Additionally, Checkmarx is working to ensure equal compensation for men and women throughout the company.
Of the company’s 1,000 workers, approximately 350 are in Israel, 200 are based in the United States, and the rest are stationed in France, Germany, the UK, India, Singapore, India and Portugal for the most part. Interestingly, Portugal has turned out to be a great source of talent for the company, which now has an office in Braga, which is located near Porto. “Portugal is our hidden gem,” says Maty Siman. “Ten years ago, when we were a small company, we needed an alternative to Israeli developers that would scale faster.” Siman located a woman in Portugal who did some contract work for the company. He was very impressed with her work, and she told him that she taught at the university in Braga, which had many students who were expert in code analysis and were available. Checkmarx began hiring people in Braga, and today, after ten years, there are over 150 people employed in the Braga office. The woman who completed the first project for Maty Siman is now vice-president of Engineering and Checkmarx site manager in Braga.
The future of Checkmarx
Long-term partners Benzaquen and Siman are optimistic about the company’s future. Maty Siman quantifies his hopes numerically. “I predict tenfold growth in the market over the next five years,” says Siman, “and it will have a direct positive impact to our own market valuation. There are 30 million software developers in the world, and all of them need to develop secure software. We want to keep our position as the best solution in the market.”
“I came to build something sustainable and make a mark on the industry and on people,” says Benzaquen. “We are continuing to develop the company, and we are investing heavily in innovation and acquisition. This is a growth industry, and our focus is on growth in the coming years.”
Benzaquen continues and says that Checkmarx is a classic story of enterprise software that has succeeded. “For me, the story of Checkmarx is a story of being in the right place at the right time with the right people with a strong vision, never giving up, and not looking for a quick fix. It’s hard work. You must brand yourself and build trust with companies, investors and people one at a time. It’s about building relationships, block by block. We will continue to go in that direction.”
We conclude our interview with a discussion of the company’s theme for 2022. “Every year, says Benzaquen, “I place a lot of importance on the theme of the year at Checkmarx. This year, our theme centers around passion. We want to enable our employees to let their passion speak out, not only in their work and performance but in other activities as well.” Having passion for one’s job makes people not only more efficient in their work but more fulfilled personally, he says.
For Emmanuel Benzaquen, Checkmarx is the “how” to support his passion to create a company that would last, be sustainable, and create job opportunities in Israel and around the world. The company’s success as one of the world’s leading software security firms is the result of a healthy dose of that passion, industry-leading performance, leadership and people skills.
This article is taken from The Jerusalem Post Israel Technology and Innovation Magazine 2022. To read the entire magazine, click here.
This article was written in cooperation with Checkmarx