Checkmarx Snags Ex-Tricentis CEO Sandeep Johri as New LeaderJohri Replaces Emmanuel Benzaquen, Who Has Led the App Security Company Since 2006
For the first time in its 17-year history, application security vendor Checkmarx has a new leader.
The Atlanta-based company has tapped Sandeep Johri, the longtime chief executive at software testing vendor Tricentis, to serve as its new CEO less than two years after being acquired by private equity firm Hellman & Friedman for $1.15 billion. Johri has replaced Emmanuel Benzaquen, who was Checkmarx's CEO since co-founding the company in 2006 and will continue to serve on the board of directors (see: Checkmarx CEO on Bringing Application, API Security Together).
"I have long admired the application security brand and platform that Emmanuel, Maty [Siman, chief technology officer] and the Checkmarx team have created and am excited to build on that foundation to further scale the company's business and to drive leadership in the market," Johri says in a statement.
Johri started at Checkmarx on Monday and wasn't immediately available for additional comment on his selection as CEO. The leadership change comes less than three months after Checkmarx laid off 100 employees, or approximately 10% of its workforce.
"It's always regrettable when you change your salesforce and your organization," Benzaquen told Information Security Media Group in an interview published earlier this month. "But at the same time, I think it was a necessary step for us as we embark on the cloud journey and refocus our whole organization to support our new platform."
'We've Had an Incredible 17 Years'
Johri most recently served as Tricentis' CEO from July 2013 to April 2021, during which time he helped the company grow from an early-stage startup to a leader in continuous-testing software solutions. During Johri's time as CEO, the company completed a $165 million Series B funding round led by Insight Partners and made six acquisitions, including load-testing providers Flood IO and Neotys.
"I am enormously proud of what we have accomplished."
– Emmanuel Benzaquen, former CEO, Checkmarx
Prior to that, Johri held senior management roles at Hewlett-Packard for eight years, where he created and implemented the strategy to grow its software division from $600 million in revenue to $3.5 billion in revenue. Before joining HP, Johri co-founded enterprise identity management software vendor Oblix, where he raised $78 million of funding and generated $30 million in sales from Fortune 1000 firms.
"I am delighted to welcome Sandeep to the Checkmarx team," Hellman & Friedman partner Tarim Wasim says in a statement. "The depth and breadth of his leadership in security and DevOps uniquely position him to help take Checkmarx into its next stage of growth."
Checkmarx has more than 1,800 customers worldwide - including 60% of the Fortune 50 - and focuses on reducing risk across all components of the modern software development cycle. The company took the silver in Gartner's April 2022 Magic Quadrant for application security testing, trailing only top rival Synopsys in completeness of vision and execution ability (see: Synopsys, Checkmarx Top Gartner MQ for App Security Testing).
"It has been a tremendous honor to be at the helm of such an organization from its inception to where its stands today," Benzaquen says in a statement. "We've had an incredible 17 years. I am enormously proud of what we have accomplished."
Seeing Threat Vectors Before They Become Vulnerabilities
The company in recent years released an application security testing platform on the public cloud that can simultaneously run code through static testing, interactive testing and dynamic testing and correlate the results from all the engines using an analytical lens, Chief Revenue Officer Roman Tuma told ISMG in April. The correlation process gives organizations a more accurate view of vulnerabilities in their code.
"Being a leader for the past five years gives us visibility into what the threat vectors generally are," Tuma told ISMG. "We are capable of seeing some of the threat vectors before they actually become vulnerabilities because of the research we put in."
Gartner criticized Checkmarx for high costs and relying on a partnership with Invicti to provide dynamic application security testing, or DAST. Tuma, however, said Checkmarx had determined it was commercially and strategically better to partner around DAST than to acquire or develop the capability on its own since the company expects API security to take precedence over DAST in the long run.
"For us, [it's about] being able to take Invicti and put it on our platform and then make sure we deliver something more cutting-edge to our clients in the long run, which should be API security," Tuma said.