Add raw interviews

website/docs/appendix/raw-interviews.md

@@ -115,6 +115,212 @@ Renting desks might not be a very profitable, therefor we offer more services in
 - We have problems with our culture, we lack professionalism in interactions between entrepreneurs/businesses and developers.
 </details> 
 
+
+## A cybersecurity engineer who worked for an cybersecurity company in Algeria
+
+<details>
+<summary>Are you aware of any bug bounty programs in Algeria? If not, why we don't have any?</summary>
+
+As far as I know, there are no bug bounty programs in Algeria, such programs require strategic and financial planning and that comes with maturity.
+
+As there are no bug bounty programs, security enthusiasts are not allowed to pentest and scan applications without authorizations and contracts.
+
+To have bug bounty programs, companies have to plan and communicate this, they have to have a good engineering and security culture, then they have to allocate budgets and the right people to manage these programs and to confirm findings before they reward researchers.
+</details>
+
+<details>
+<summary>How did you work as a cybersecurity engineer in in the Algerian company you worked with?</summary>
+
+My company provides security consulting services, as an engineer I was assigned to projects and missions at clients' sites to either person pentesting, or to work on incident response for detecting and responding to cyberthreats, security breaches or cyberattacks.
+
+We also provided adversary emulation (adversary simulation or threat emulation) tests and services for clients. The company also provides other security-related services such as governance, the deployment, and integration with security and protection solutions.
+</details>
+
+<details>
+<summary>What to do if you found a bug, how would you proceed? Is there a process or a way to contact companies? Do you get paid for that?</summary>
+
+This has three cases:
+
+- If you are working as a contractor, or you are paid to perform a penetrating: Then you just need to document your findings and your recommendations to your client.
+- If you are an external party, and you found a bug accidentally, for example it was too obvious or you can clearly see that they're using a vulnerable version of a certain technology: Then you can "try" to contact them, you may try reaching out to them by email or through their public communication channels, or do the most realistic approach: Find a connection, or someone who knows someone so you can report it unofficially.
+
+  Since companies don't have any bug bounty programs, they can't just pay you for this, not in an "official" way at least. Sometimes a "Thank you" is the best/only thing you can get from them.
+
+- If you an external party, and you are not authorized to run a pentest or to scan their products, you may get into serious problems, at best you may get a call from the police, and at worst you can get into the court, or even worse if things gets to the National Defense Ministry (MDN).
+
+</details>
+
+<details>
+<summary>How did you and your friends/colleagues learn?</summary>
+
+We got the basics of computer science (operating systems, networking, algorithms, etc) from our formal education, in college we learned how to be methodic which is crucial in our jobs as cybersecurity engineers. We also learned basics of security but the classes there were very basic.
+
+We learned most of the things by ourselves from online courses and from the many events our students group organized, our students group used to organize events, workshops and CTF competitions. We participated in teams to global competitions, and we hosted our own CTF games and invited other students to come and play.
+
+I also learned a lot from my job, from the challenges I faced and from the trainings my company offered and from preparing to pass certificates.
+</details>
+
+<details>
+<summary>How did your company incentivize you?</summary>
+
+They paid a very good salary compared to the job market, they also offered bonuses for on-site assignments we used to do.
+
+Our transportation to client sites was covered, the company paid for our VTC services and that was really important especially that public transport is one of the pain points in my city.
+
+When possible, for example when we finish our pentesting and we are on the documentation phase, we were allowed to work remotely which was important for me.
+
+High-performing engineers were always rewarded with promotions and bonuses. If someone performing well and going above and beyond, they can even offer to renegotiate their salary and promote them.
+
+If I want to work again for an Algerian company, I would chose this company again.
+</details>
+
+<details>
+<summary>How do you, or cybersecurity agencies find clients?</summary>
+
+We get assigned to projects, the projects are obtained through connections, or through open tenders (appel d'offres) by companies.
+
+Sometimes companies reach out to us to perform incident responses after they have been attacked or have a data breach.
+</details>
+
+<details>
+<summary>Is there work for cybersecurity engineers in Algeria? Is it worth it to have your own security company?</summary>
+
+There are many companies already operating in Algeria, there are clients, and some companies hire internal security teams or engineers.
+
+However, with a less mature culture when it comes to security, we don't have that high of a demand on security until something goes wrong, when companies gets attacked there when they'd hire us to do incident response operations.
+
+Many engineers prefer to work remotely for foreign companies for a much higher salary in foreign currencies.
+
+</details>
+
+
+<details>
+<summary>Would you stay and work in Algeria as a cybersecurity engineer?</summary>
+
+For me, I have chosen not to stay. In Algeria you can't grow financially with your salary, achieving financial milestones (buying a house, getting a car, etc) may take a lot of time.
+
+Me and many of my friends left the country to work, and some left to continue their studies.
+
+If I stayed in Algeria, I'd do as many of my friends are doing:
+
+- Working full-time remotely for a foreign company and getting paid in foreign currencies.
+- Working as developers or getting any job, and take cybersecurity gigs (freelance) online, and do bug bounties hunting.
+</details>
+
+<details>
+<summary>What are the most interesting work places or companies to work for, apart from the specialized cybersecurity agencies? Would you work for the government?</summary>
+
+No I would not work for the government for many reasons, especially because of the very low salary and for the work environment and the culture.
+
+I would work  the foreign companies that are based in Algeria (multinationals), banks or big telecommunication companies, these are a little bit better and have a better environment and a more established culture.
+
+Foreign companies often have to comply with global standards set by their higher management in other countries which sets very high standards, for example [A COMPANY]'s cybersecurity strategy, and approved tools and software is decided from a higher council in the company's CTO/CISO departments in [COMPANY'S COUNTRY], and us in Algeria we have to adhere to their standards and apply their recommendations.
+
+Some with good work environment provide training materials, for example banks have training budgets, sometimes they even sponsor their engineers to pass certificates.
+</details>
+
+
+<details>
+<summary>Was your work stimulating and challenging compared to some jobs in foreign countries?</summary>
+
+Yes, some missions were (technically) challenging, and they were interesting.
+
+In [A FOREIGN COUNTRY] for example, when we want to perform pentesting we have a lot of planning and requirements gathering, and if we are missing a requirement we tend to waste a lot of time requesting things from different parties. In Algeria, some things are a little bit agile/fluid, you can just ask someone to do something and they could do it immediately, with a looser process we had more freedom to do our job in Algeria.
+</details>
+
+## A developer who don't have a degree in IT and who works remotely for a foreign company
+
+<details>
+<summary>Given that wou are from [SMALL WILAYA], how's the software engineering scene there? Do people move out form there to bigger wilayas? Do you know why people would do the opposite, move from bigger wilayas to that wilaya</summary>
+
+Software engineers here either move to [THE NEAREST BIG WILAYA], or to Algiers where they'd have more chances and opportunities. Others build applications for local businesses. And -of course- some of us work remotely for foreign companies.
+
+For the third question (Why people move from bigger wilayas to that wilaya?), I myself worked and lived in Algiers, when I found a remote job, I moved back to [SMALL WILAYA] as the costs of living a way lower here, I could save a lot of money here.
+</details>
+
+<details>
+<summary>Do you use workspaces?</summary>
+
+No there no coworking spaces in my wilaya. But I wouldn't use them, co-working spaces are usually not a place where I can be productive, they're places for events, people are there for networking and chatting which makes them very noisy and counterproductive.
+</details>
+
+<details>
+<summary>Since you are working remotely, do you use Algerian banks? If not, why?</summary>
+
+I don't use any local banks, I use [AN ONLINE BANK] and wire the money to some contacts.
+
+That's easier for me than relying on our banks here, and it gives me better rates.
+</details>
+
+<details>
+<summary>How about having a legal status in Algeria?</summary>
+
+I don't really care about that, I prefer saving more money and paying doctors and for medicines if I need them, than to pay for social services funds. My savings will also be my retirement funds.
+
+I don't see why should I have the new auto-entrepreneur card, it's a way to only make me pay taxes.
+</details>
+
+<details>
+<summary>A participant wrote `Diplomas and graduates from small southern universities are often not taken seriously` as a response to our [challenges](/docs/insights/challenges) question, is that valid?</summary>
+
+Yes and no.
+
+In our jobs, skills are more important than degrees. One just need to prove their skills and apply, degrees and where they're from don't really matter.
+
+I was getting paid better than graduates from ESI, I was their mentor there.
+</details>
+
+<details>
+<summary>How did you get your first jobs? Did your open source work contribute to that?</summary>
+
+Definitely, open source helped me get many clients for me freelance work, and it helped me noticed and got me some job offers.
+
+With my CV, previous experiences, and my open source work, I could get more interesting opportunities.
+
+Open source also taught me a lot, I learned a lot from it.
+</details>
+
+<details>
+<summary>Given that you worked for an Algerian tech company, how was the remote work culture there?</summary>
+
+During COVID time, we moved to a remote work setup, and after that the company was open for a culture shift, as we were still productive when working from home, they even downsized their offices and adjusted to a hybrid/remote work setup.
+</details>
+
+<details>
+<summary>Why would some Algerian engineers prefer to work for a foreign company remotely?</summary>
+
+Money.
+
+And because some Algeria clients/companies look down at IT and IT people, while foreigners see its important and then they value our talents more.
+</details>
+
+<details>
+<summary>How did the Algerian company you worked for incentivize you and motivate you to stay longer?</summary>
+
+The provided a relocation package, they rented an apartment for their developers who came from outside the wilaya.
+
+They also do some internal events which were really nice where employees get together around food or offsites...
+
+If someone wants to leave the company they'd try to keep them and present counter offers, unless the person is leaving to work remotely for a foreign company, then they know they can't match their new salary.
+</details>
+
+<details>
+<summary>What opportunities you can bring to the country by working for a foreign company remotely?</summary>
+
+I can bring new digital products my company is providing, I can talk to my management so they consider extending to Algeria, but I feel we are not ready as a country.
+
+Our population is not educated in terms of technology, people pay money to travel agencies so they book them tickets instead of just going online and booking them with their Eddahabia card.
+</details>
+
+<details>
+<summary>How your contract is managed by your company?</summary>
+
+I just had to sign it online, and it was accepted by the company.
+
+We work on trust basis, I deliver what I'm supposed to do and they pay me on time.
+
+My contract was even accepted by my online bank when I needed to justify my income.
+</details>
 <!-- 
 <details>
 <summary>

website/docs/insights/cybersecurity.md

@@ -164,12 +164,15 @@ The participants who work in cybersecurity and live in Algiers did relocate from
 To challenge our data and to understand this domain better, we interviewed professionals.
 
 
-### TBD: How do you work in Algeria?
 ### TBD: Bug bounty programs in Algeria?
+### TBD: How do you work in Algeria?
 ### TBD: What to do if you found a bug?
 ### TBD: How did you learn?
 ### TBD: If you find a clear process to report bugs, would you do? what incentivize you
+---
 ### TBD: What cyberSec  techniques & specializations are trending here in your opinion/experience?  
 ### TBD: Schools and universities teaching cybersecurity
 ### TBD: How do you recruit for security?
 ### TBD: How do you assess your security
+
+*Company with good feedback from ex-employee is not active on social media*

website/docs/insights/index.md

@@ -15,23 +15,20 @@ In our reports we will use "we" and "ours" to refer to the authors/researchers:
 We will use "our experts", "stakeholders", or "actors" to refer to people we interviewed as actors in Algerian IT ecosystem. Some of our experts preferred to stay anonymous so we won't refer to them by name. We will just list them as the following:
 
 - An engineer who works full time on Open Source software and who contributed to world-class projects.
-- 
-<!-- - A CTO of a leading startup in logistics field in Algeria, with a long experience in Algerian startups as a lead.
-- An executive in an Algerian government agency, leading IT transformation and digitalization projects.
-- A senior engineer working full-time on open-source as a core team member, with a long experience in working with Algerian startups and government agencies.
-- An engineering manager in an international leading startup in Telco Cloud world, who has a long experience in working and hiring Algerian engineers.
-- TBD: -->
-
+- A CTO of a leading startup in logistics field in Algeria, with a long experience in Algerian startups as a lead.
+- Engineers who work remotely for a foreign company from Algeria.
+- Engineers who studied in Algeria and live abroad.
+- A cybersecurity engineers who worked in Algeria in a cybersecurity company.
 
 As X% of our contributors are from Oran and Algiers, we wanted to amplify other Wilayas' voices by interviewing:
 
+- A developer from a small wilaya in the east of the country who waked for a company in a bigger wilaya, then went back to their wilaya to work for a foreign company remotely.
 - A CEO of a rising startup from Mostaganem.
 - A lead in an agency running in Djelfa and maintaining open-source projects.
 - TBD.
 
 And since X% of our participants said work remotely for foreign companies, we had to interview:
 
-- A security engineer who works XYZ.
 - An entrepreneur who owned a co-working space in a big Algerian city.
 - An entrepreneur has a co-working space in big Algerian city.