Checkmarx is the only provider of a full platform to identify, analyze, intelligently prioritize, and remediate issues with software exposure in a DevOps environment. Checkmarx supports a combination of integrations for the automation required in a fast-paced development environment along with a variety of technologies to empower development and security to improve the overall security posture of an organization. Checkmarx Public Sector brings enterprise-grade application security testing to developers in Agile and DevOps environments supporting federal, state, and local missions.

To learn more, visit

Chart of Checkmarx's SDLC

Federal-Grade Application Security Testing
Checkmarx’s software security testing platform is unique in the public sector. No other federal-grade platform addresses core issues with a single easy-to-deploy-and-use solution.

Federal Compliance Mandates
Checkmarx's automated approach shifts more of your security effort to the left – driving down costs and accelerating time to market. Even better, it also simplifies your ability to document security compliance.

Our easy-to-follow test reports show where your application isn’t meeting a specific standard. Your post-fix report positively documents your compliance.

Integrate Security Testing
Checkmarx's platform has two key features that make it easier for agencies and contractors of all sizes to achieve the benefits of DevOps:

  • Scan Your Source Code: Our solution lets you automatically test code at the earliest possible development point, so you can find and fix security issues, and avoid unnecessary development efforts.
  • Save Precious Remediation Time: Our "Best Fix Location" feature shows you how to solve issues with the fewest changes, so you can reduce the number of test cycles required to get your code compliant.
    The result is a faster path to DevOps, with just a few changes to your test process.

Train Developers to Code Securely
Codebashing helps developers learn and sharpen application security skills in the most efficient way because it is in-context and available on-demand. Codebashing is fully integrated into the CxSAST user interface so when developers encounter a security vulnerability they can immediately activate the appropriate learning session, quickly run through the hands-on training, and get straight back to work equipped with the new knowledge to resolve the problem.

Checkmarx, the Software Exposure Platform for the Enterprise


A Better Approach for Agencies to Put Security in DevOps

A Better Approach for Agencies to Put Security in DevOps, Wednesday, Aug 5, 10:00 - 11:00 am, ET — Join us to discover why AST solutions must be capable of being completely automated within the tooling that is already in use within DevOps, learn how to ensure vulnerabilities in custom code, open-source, and run-time risks are identified and remediated early in an automated fashion, and explore the benefits of integrating automation into DevOps, resulting in improved quality, accuracy, security, and speed of delivered software.

An AppSec Awareness Program for Developers – The Critical Steps to Success

An AppSec Awareness Program for Developers: The Critical Steps to Success, Tuesday, Aug 11, 10:00 - 11:00 am, ET — This webinar will explain the kinds of ad-hoc programs that exist in many agencies today; provide details of what a modern Awareness Program looks like; discuss the four key areas that must be addressed before starting; highlight the best way to organize your approach and setup; emphasize how to kickstart and launch your Awareness Program; and clarify the assessment process and ways to continuously improve

How to Address Security Vulnerabilities in the Development Lifecycle

How to Address Security Vulnerabilities in the Development Lifecycle, On-Demand — In this course, you’ll learn how your public sector agency can reduce the time and effort needed to incorporate security into the development process - and in the process avoid having to do costly remediation after the fact. This course was created in partnership with Checkmarx and DLT Solutions.




Rick Stewart – Rick Stewart is a Chief Software Technologist at DLT, a Tech Data Company. Rick has more than 34 years of diverse experience in the IT industry, progressing through technical and leadership roles in the telecommunications, mobile entertainment, the federal government, and manufacturing industries. His primary area of expertise is in developing enterprise application software, and he's proficient in a wide range of software technologies. He has vast experience managing project teams of various sizes and skillsets using both waterfall and agile/Scrum software, DevOps, and DevSecOps development methodologies. He has participated in all phases of the software development life cycle and supported highly available production environments and is Project Management Professional (PMP) and Agile Certified Professional (ACP) certified.

Rick Stewart, DLT


Nick Sinai – Nick Sinai is a Senior Advisor at Insight Partners, a leading global venture capital and private equity firm investing in high-growth software companies. Founded in 1995, Insight Partners has raised more than $29 billion and invested in more than 300 growth-stage software and internet companies. Nick joined Insight in 2014 from the White House, where he was U.S. Deputy Chief Technology Officer. At the White House, Nick led President Obama’s Open Data Initiatives, co-authored President Obama’s 2013 Executive Order making open and machine-readable the default for new government information, led the relaunch of and was a national advocate for open government data. Nick also helped start and grow the Presidential Innovation Fellows program, which brings entrepreneurs, innovators, and technologists into government. In January 2017, in his very last act in office, President Obama signed bipartisan legislation that makes the Presidential Innovation Fellows Program a permanent part of the Federal government going forward. Nick serves as adjunct faculty at the Harvard Kennedy School, where he teaches technology and innovation in government field class. Nick is also an advisor to Upsolve, a Brooklyn-based nonprofit that improves consumer access to Chapter 7 bankruptcy protection, and Coding It Forward, a nonprofit that places computer science, data science, and design students in federal agencies.

Nick Sinai


Matt Rose – Matt Rose, Global Director of Application Security Strategy, joined Checkmarx in 2014 and has over two decades of software development, sales engineering management, and consulting experience. In his role, he advises organizations' software security and DevOps strategies and enables them to deploy Checkmarx's solutions to protect their most critical application and software assets. Matt has been invited to deliver talks at leading industry events including OWASP's AppSec USA, IDG's CSO50 Conference, ISSA, and ISACA, and has been quoted in numerous news outlets such as TechTarget's SearchSecurity, Dark Reading, and TechRepublic.

Matt Rose, Chaeckmarx


Stephen Gates – Stephen Gates brings more than 15 years of information security experience to his role at Checkmarx. He has an extensive hands-on background in the deployment and implementation of on-premises and cloud-based security solutions and is a well-known writer, blogger, presenter, and published author with a Master of Science in Information Security. Stephen is dedicated to conveying facts, figures, and information that brings awareness to the cybersecurity issues all organizations face. Aligning with Checkmarx's mission of improving software security for all organizations, he is an advocate of their solutions worldwide.

Stephen Gates, Checkmarx


Kurt Risley – Kurt Risley is the Global SME for Checkmarx's Codebashing Platform and a frequent speaker at industry events. Kurt brings many years of Cyber Security experience and has been in the Enterprise Software space for 20+ years. Codebashing is Checkmarx's Application Security Awareness Platform.

Kurt Risley, Checkmarx


Joyce Hunter – As a strategic-doer and a philanthropreneur, Joyce Hunter is the CEO of Vulcan Enterprises LLC, a strategic management consulting organization, providing executive coaching and Information Technology advisory services to corporate, federal, and non-profit CXO's. She is the creator of the Science Technology Engineering Agriculture and Math (STEAM) summer camp for underserved/underrepresented youth and has recently been named as the new Executive Director of the Institute for Critical Infrastructure Technology (ICIT). From 2013 to 2017, Joyce was appointed to the position of Deputy Chief Information Officer for Policy and Planning at the Department of Agriculture (2013-2017) and was the Acting Chief Information Officer from March 2016 to July 2016. In addition to policy and technology planning, Ms. Hunter oversaw the Departments 4.1 billion dollar IT investment portfolio, was responsible for the development and the execution of the Department's IT governance, portfolio management, enterprise architecture, FITARAframework, and was the executive sponsor of the IT Fellows and IT Workforce Development Programs. With over 30 years' experience in the information technology industry, Ms. Hunter demonstrates a strong ability to build and sustain relationships with public/private stakeholders, develop and lead innovative projects, and inter-agency initiatives. Ms. Hunter earned a BA from Villanova University and an MBA in Marketing from the University of Pennsylvania, Wharton School of Business, has certificates in Emotional Intelligence, Design Thinking, Sports Management, Technology Business Management (TBM) and Scaled Agile Framework (SAFe). Ms. Hunter is on the Dean's Advisory Council for Villanova University, on several other advisory boards and published in The Handbook of Federal Government Leadership and Administration: Transforming, Performing, and Innovating in a Complex World (Routledge 2017).

Joyce Hunter, ICIT


Tim Anderson – Tim Anderson is a Sr. Security Advisor with AWS Security where he focuses on addressing the security, compliance, and privacy needs of customers and industry globally. He regularly meets with security leaders to advocate for rational, outcome-focused security that harnesses innovation. Additionally, Tim designs solutions, capabilities, and practices to teach and democratize security concepts such as security governance at scale and DevSecOps to meet challenges across the global landscape. Previous to AWS, Tim spent 16 years designing, delivering, and managing security and compliance programs for U.S. Federal customers across DoD and federal civilian agencies.

Tim Anderson, ICIT


Parham Eftekhari – With a lifelong passion for leadership and community building, Parham Eftekhari is a cybersecurity executive who has spent the past decade building trusted relationships with the nation’s leading technology and national security leaders. Led by three core values – kindness, respect, and integrity – he regularly engages with policymakers, federal agency executives, and critical infrastructure leaders on initiatives that center around strengthening the resiliency of our nation against digital threats.

Parham served as ICIT’s Founder & Executive Director until April 2020 and now serves as Chairman of the Board. During his time as Executive Director, he was responsible for building and executing the Institute’s mission, including its content and education strategy, community engagement, and fundraising. Currently, Parham is SVP of the Cyber Risk Alliance and Executive Director of its Cybersecurity Collaborative business, a membership community defined by CISO collaboration offering strategic and tactical guidance, CISO career development, and industry advocacy. Prior to ICIT, Parham co-founded the IT collaboration group GTRA and led the technology practice at a boutique competitive intelligence research firm.

Over the course of his career, Parham has led the development of multiple research publications on a broad range of cybersecurity and national security issues, many of which he co-authored and has addressed forums ranging from Congress, the World Bank, RSA, and C-SPAN. He holds a BBA from the University of Wisconsin – Madison School of Business and spent two years at the Ecole Superieure de Commerce de Paris in Paris, France studying international business, and is fluent in French and Farsi.

Parham Eftekhari, ICIT


Jeff Hsaio – Jeff Hsiao is Security Solutions Engineer for Checkmarx Inc. Jeff is an experienced Information Technology professional with a background in Application Security, Software Development, and Program Management. Prior to his current role, Jeff served as a Technical Architect for large government programs. Jeff has designed and implemented technical solutions for dozens of Federal agencies and Fortune 500 companies across multiple industries.

Jeff Hsaio


James Hofsiss – James Hofsiss is a U.S. Air Force veteran with more than 30 years’ experience in cybersecurity and IT operations & management. As a DLT Sales Engineer, he is a trusted advisor, leveraging his broad expertise to support government customers at the federal state, and local levels.

James Hofsiss, DLT
Contract Name Contract Number Sector State
CIO-CS HHSN316201500012W Federal
Department of Defense Checkmarx ITAM ESI N66001-19-A-0045 Federal
GSA Multiple Award Schedules GS-35F-267DA Federal, State
National Cooperative Purchasing Alliance (NCPA) - Systems and Information Management Software 01-74 / 01-81 / 01-87 State Texas
OMNIA Partners, Public Sector Software IDIQ R190902 State Texas
SEWP V Group A: NNG15SC07B; Group D: NNG15SC98B Federal
State of California Multiple Award Schedule (CMAS) 3-16-70-1047B State California
State of New Mexico Multi-Vendor IDIQ 60-000-16-00075 State New Mexico
State of Ohio Multi-Vendor IDIQ 534042 State Ohio
TIPS 180503 State Texas