As stated on the comments I have made on a blogpost from a security company mentioned below, I Feld that some response was needed in response to this blogpost which seems to be as unfair to my fellow security colleges.
Do you also facing the same problem I had to encounter almost on a daily basis?
Companies asking to join their security panel and to be an expert of this area?
Well, if this is the case then also be aware that this is also free consultancy and you will not get paid for all you doing for others.
Also keep in mind that every thing in the mentioned example is meant to be taken seriously, this is for your own good.
I was receiving via LinkedIn the following request this morning
This is such a clever and also devious way to claim expertise for free consultancy! As stated below in my other comments, banks do not want to spend money on security, they just create a group to get the knowledge from experts and all this for free!!! So, to my fellow experts, are you willing to give your knowledge and expertise away for free, while they could do the most decent thing is to hire the best of the best expert, who would take care of their security problems, seems that there is a lot of work to do at the mentioned banks otherwise they would not even ask for this! This is not given me a trustworthy feeling about these banks are they complying to all regulations, legislations and compliances, this is not the fact many of them do not have even ISO27001 updated you see this all around…
Enough for now, I can talk about these issues for days and would not make any difference, simple, because banks do not waist money on these topics….
CheckMarx is misusing your expertise and for this do not deserve a thumbs up more bout this is my upcoming blog post.
Seems to me that these banks want to have free consultancy and input from experts and all this for free. Services like this are normally paid by a salary….
Free consultancy? Why not hire someone to do this job?
When I checked out the website, I saw the following “Experts” or thought leaders and they are not very convincing to me about their security knowledge.
Comment: Names are removed duo to privacy
Seems that these so called “Experts” have knowledge from 2 till 4 years.
Some not have a LinkedIn account and not known or even to be found on the internet?
Seems to me that I would not hire one of them simply because of the lack of accrued security knowledge, we know all that since the hype of security started everybody is calling him/her self a security expert, the difference is not that you have a certificate but have actual knowledge what the demand in security is and how to protect your clients. Knowledge is and will be never based in the number of certificates you have but on actual work experience.
In my experience I have encountered that some people even bought their certificate online so where is then the knowledge?
I really cannot say that these people are experts, even I checked out their LinkedIn profiles which did not really impress me at all. But this is not about these people it is more about the fact that companies like CheckMarx is misusing people for their own benefit which is a very wrong approach! They could better hire a great team and ask them to create the revenue they are looking for, instead they going the cheap way.
I was reading the following on this website and I quote:
One of the goals of DevSecOps is to build security testing into your development process. There are many various tools and solutions that can be used to achieve and automate security testing across the development life cycle.
We are inviting you to take part in a video panel with the First Bank of Abu Dhabi,
Emirates NBD and Dubai Municipality to hear leaders in the Middle East market who have successfully embedded security into their DevOps pipeline.
The strange thing is that I see only three banks and all are situated in the UAE?
Is there no security demand somewhere else on the planet?
CheckMarx is advertising this at the moment if you like to join their Security Panel, feel free ad your own risk.
CheckMarx is a recommend company which, I know since the startup in 2006 by founder Maty Siman.
CheckMarx
Headquarters in: Ramat Gan, Israel
CTO: Maty Siman
Subsidiaries:
Checkmarx Inc. founded in 2013
Custodela Inc. Acquisition Nov 7, 2018
Codebashing Ltd 2015 owned by CheckMarx.
Acquisition
RAMAT GAN, ISRAEL – April 16, 2020 – Checkmarx, the global leader in software security solutions for DevOps, today announced that Hellman & Friedman (“H&F”) completed the acquisition of Checkmarx from Insight Partners in an all cash transaction valued at $1.15 billion. TPG has partnered with H&F and will hold a minority interest in the Company together with Insight Partners. TPG has invested in a number of high-growth cybersecurity businesses and will bring additional expertise to the Company as it continues its rapid pace of growth.
The deal represents the largest acquisition of an application security company to date.
Checkmarx enables organizations to deliver secure software faster by making security excellence intrinsic to software development. The Checkmarx Software Security Platform identifies and remediates vulnerabilities in software during development and leads the industry in facilitating automated security scanning as part of the DevOps process. With the transaction complete, Checkmarx will continue to scale the business, and deliver innovative products and unparalleled service to its global customers.
“Now, more than ever, security must be top-of-mind for us all. We are relentless in our mission to empower organizations to deliver secure software at scale,” said Emmanuel Benzaquen, CEO of Checkmarx. “Our partnership with H&F, TPG, and Insight Partners – three of the world’s top private equity firms – is the best possible validation of our vision, technology, and execution capabilities, all of which are aimed to make software and security inseparable. The team at Checkmarx is looking forward to this next phase of growth and to further advancing our leadership position in the software security market.”
Checkmarx was founded in 2006 and led since by Benzaquen and Maty Siman, Founder and CTO. The Company employs more than 700 employees and is trusted by over 1,400 customers in 70 countries.
Now, you wondering, why I even spend time on this topic?
Well simple, a company of this magnitude should not come with this type of solutions to ask for free consultancy to other experts in the market. As a renovated company who is claiming to have so much expertise in the security market? The request for joining their security panel is been provoking and is false advertisement.
I want that people who are active within the security sector are more secured for a job and that their usage of expertise is been used to reach a neutral goal, namely a secure infrastructure environment at any cost for their clients. They are not looking for free consultancy offers and certainly not for companies who not want to spend money to extend their security compliance, regulates and legislations and keep them updated as demanded by law.
