Raw interviews (anonymous)
In this page we share paraphrased transcripts and summaries from different interviews we had with different actors.
We kept the actors' identity anonymous, and we informed them that we will paraphrase and quote their answers here.
We cherry-picked these actors from our networks, or by asking for recommendations from people we trust, or by chasing interesting profiles online.
In order to provide an unbiased and objective analysis in this report, we cross-checked facts and validated conclusions form their anecdotes.
An executive in a tech startup
How you incentivize talents? Especially since some of them flee to work remotely for possibly higher salaries
- It is definitely hard to compete with salaries that remote working offer, if you have a startup in Algeria your revenues are in Algerian dinars, you can't match salaries developers can get with remote working positions (especially that they're in foreign currencies with high exchange rates).
However, to retain talents we increased salaries, and we provide more perks for our developers such as credits to use some VTC services, business SIM cards, career growth and promotion programs, and we offer exceptional gifts for our loyal employees.
We can't really compare salaries to what developers can get from remote working, those who work remotely generally don't pay taxes, and CNAS/CASNOS.
With the new data protection law and ANPDP behind it, how do you deal with data/compliance since you are running on [A PUBLIC CLOUD].
We are aware of the law, and we work with our lawyers to clarify it. We know that there is a process and a document to apply for if you want to move your data to the cloud.
A developer working abroad who's considering to go back to Algeria
What are the parameters that would make you go ahead with your decision of going back?
- I want to have a remote job, or a decent business in Algeria. I don't want to have a regular job in Algeria, but have my own business there.
- I have to have a citizenship, or a permanent settlement permit from the country where I currently live in. Then I will be able to go back in Algeria while still having the freedom of movement, I want to travel for whatever reason I want, anytime I want, and my Algerian passport is not enough.
But what I'm more concerned about is:
- My job security here [in the foreign country], labor laws and the economic situation provide a safe and a stable work environment.
- Algerian laws and bureaucracy and banking systems are unclear, and navigating through them is more challenging with the lack of professionalism of some individuals, if you want to submit a certain application you might be stopped by a random agent stating that this law doesn't exist, or we still didn't receive a notice stating that this law is applicable.
A developer who works remotely for a foreign company
Do you use co-working spaces?
No, I prefer to work from home. I don't find working from co-working spaces productive because:
- It's not always quite.
- We had a lot of internet issues, we needed to bring our own 4G modems.
- Commuting might be a challenge, by car we get stuck in traffic.
- It's easier for me to just wake up and start working as early as possible.
However, pricing is not an issue.
An entrepreneur and a representative of a co-working space
What formulas do you offer to your clients?
- Renting a desk per day
- A "desk" monthly subscription,
- A "dedicated desk" monthly subscription
- Private office.
Meeting rooms can be booked separately (each membership has its limits).
Tell us about your co-working space, and about developers who work from there
- We can host up to 30 members in our space.
- We have [less than 10 developers] working remotely from our office.
- All of our current members work remotely for foreign companies
Given that your prices are affordable for developers, especially those who work remotely, what are the reasons - in your opinion/experience - that more developers are not subscribing to your work spaces?
- We think that developers do not like to "break their flow", they like to work from their comfort-zones, their homes.
- We think that some developers might be introverts, and don't want to socialize.
In addition to providing dedicated working desks, what do you provide as well? Is there a dedicated space for taking calls and e-meetings?
Renting desks might not be a very profitable, therefor we offer more services in parallel:
- We organize events and meetups.
- We provide domiciliation services for startups and companies.
- We also run a startups acceleration program.
As an entrepreneur, what challenges do you see when working with Algerian developers?
- It is hard to evaluate skills and match them with salaries, some developers "act spoiled", they ask for high salaries and they often under-deliver.
- It is very challenging to create a professional specification document (cachier de charges) and to make sure that it's being followed and respected by developers.
- Billing and invoicing are also an issue.
- We have problems with our culture, we lack professionalism in interactions between entrepreneurs/businesses and developers.
A cybersecurity engineer who worked for an cybersecurity company in Algeria
Are you aware of any bug bounty programs in Algeria? If not, why we don't have any?
As far as I know, there are no bug bounty programs in Algeria, such programs require strategic and financial planning and that comes with maturity.
As there are no bug bounty programs, security enthusiasts are not allowed to pentest and scan applications without authorizations and contracts.
To have bug bounty programs, companies have to plan and communicate this, they have to have a good engineering and security culture, then they have to allocate budgets and the right people to manage these programs and to confirm findings before they reward researchers.
How did you work as a cybersecurity engineer in in the Algerian company you worked with?
My company provides security consulting services, as an engineer I was assigned to projects and missions at clients' sites to either person pentesting, or to work on incident response for detecting and responding to cyberthreats, security breaches or cyberattacks.
We also provided adversary emulation (adversary simulation or threat emulation) tests and services for clients. The company also provides other security-related services such as governance, the deployment, and integration with security and protection solutions.
What to do if you found a bug, how would you proceed? Is there a process or a way to contact companies? Do you get paid for that?
This has three cases:
-
If you are working as a contractor, or you are paid to perform a penetrating: Then you just need to document your findings and your recommendations to your client.
-
If you are an external party, and you found a bug accidentally, for example it was too obvious or you can clearly see that they're using a vulnerable version of a certain technology: Then you can "try" to contact them, you may try reaching out to them by email or through their public communication channels, or do the most realistic approach: Find a connection, or someone who knows someone so you can report it unofficially.
Since companies don't have any bug bounty programs, they can't just pay you for this, not in an "official" way at least. Sometimes a "Thank you" is the best/only thing you can get from them.
-
If you an external party, and you are not authorized to run a pentest or to scan their products, you may get into serious problems, at best you may get a call from the police, and at worst you can get into the court, or even worse if things gets to the National Defense Ministry (MDN).
How did you and your friends/colleagues learn?
We got the basics of computer science (operating systems, networking, algorithms, etc) from our formal education, in college we learned how to be methodic which is crucial in our jobs as cybersecurity engineers. We also learned basics of security but the classes there were very basic.
We learned most of the things by ourselves from online courses and from the many events our students group organized, our students group used to organize events, workshops and CTF competitions. We participated in teams to global competitions, and we hosted our own CTF games and invited other students to come and play.
I also learned a lot from my job, from the challenges I faced and from the trainings my company offered and from preparing to pass certificates.
How did your company incentivize you?
They paid a very good salary compared to the job market, they also offered bonuses for on-site assignments we used to do.
Our transportation to client sites was covered, the company paid for our VTC services and that was really important especially that public transport is one of the pain points in my city.
When possible, for example when we finish our pentesting and we are on the documentation phase, we were allowed to work remotely which was important for me.
High-performing engineers were always rewarded with promotions and bonuses. If someone performing well and going above and beyond, they can even offer to renegotiate their salary and promote them.
If I want to work again for an Algerian company, I would chose this company again.
How do you, or cybersecurity agencies find clients?
We get assigned to projects, the projects are obtained through connections, or through open tenders (appel d'offres) by companies.
Sometimes companies reach out to us to perform incident responses after they have been attacked or have a data breach.
Is there work for cybersecurity engineers in Algeria? Is it worth it to have your own security company?
There are many companies already operating in Algeria, there are clients, and some companies hire internal security teams or engineers.
However, with a less mature culture when it comes to security, we don't have that high of a demand on security until something goes wrong, when companies gets attacked there when they'd hire us to do incident response operations.
Many engineers prefer to work remotely for foreign companies for a much higher salary in foreign currencies.
Would you stay and work in Algeria as a cybersecurity engineer?
For me, I have chosen not to stay. In Algeria you can't grow financially with your salary, achieving financial milestones (buying a house, getting a car, etc) may take a lot of time.
Me and many of my friends left the country to work, and some left to continue their studies.
If I stayed in Algeria, I'd do as many of my friends are doing:
- Working full-time remotely for a foreign company and getting paid in foreign currencies.
- Working as developers or getting any job, and take cybersecurity gigs (freelance) online, and do bug bounties hunting.
What are the most interesting work places or companies to work for, apart from the specialized cybersecurity agencies? Would you work for the government?
No I would not work for the government for many reasons, especially because of the very low salary and for the work environment and the culture.
I would work the foreign companies that are based in Algeria (multinationals), banks or big telecommunication companies, these are a little bit better and have a better environment and a more established culture.
Foreign companies often have to comply with global standards set by their higher management in other countries which sets very high standards, for example [A COMPANY]'s cybersecurity strategy, and approved tools and software is decided from a higher council in the company's CTO/CISO departments in [COMPANY'S COUNTRY], and us in Algeria we have to adhere to their standards and apply their recommendations.
Some with good work environment provide training materials, for example banks have training budgets, sometimes they even sponsor their engineers to pass certificates.
Was your work stimulating and challenging compared to some jobs in foreign countries?
Yes, some missions were (technically) challenging, and they were interesting.
In [A FOREIGN COUNTRY] for example, when we want to perform pentesting we have a lot of planning and requirements gathering, and if we are missing a requirement we tend to waste a lot of time requesting things from different parties. In Algeria, some things are a little bit agile/fluid, you can just ask someone to do something and they could do it immediately, with a looser process we had more freedom to do our job in Algeria.
A developer who don't have a degree in IT and who works remotely for a foreign company
Given that wou are from [SMALL WILAYA], how's the software engineering scene there? Do people move out form there to bigger wilayas? Do you know why people would do the opposite, move from bigger wilayas to that wilaya
Software engineers here either move to [THE NEAREST BIG WILAYA], or to Algiers where they'd have more chances and opportunities. Others build applications for local businesses. And -of course- some of us work remotely for foreign companies.
For the third question (Why people move from bigger wilayas to that wilaya?), I myself worked and lived in Algiers, when I found a remote job, I moved back to [SMALL WILAYA] as the costs of living a way lower here, I could save a lot of money here.
Do you use workspaces?
No there no coworking spaces in my wilaya. But I wouldn't use them, co-working spaces are usually not a place where I can be productive, they're places for events, people are there for networking and chatting which makes them very noisy and counterproductive.
Since you are working remotely, do you use Algerian banks? If not, why?
I don't use any local banks, I use [AN ONLINE BANK] and wire the money to some contacts.
That's easier for me than relying on our banks here, and it gives me better rates.
How about having a legal status in Algeria?
I don't really care about that, I prefer saving more money and paying doctors and for medicines if I need them, than to pay for social services funds. My savings will also be my retirement funds.
I don't see why should I have the new auto-entrepreneur card, it's a way to only make me pay taxes.
A participant wrote Diplomas and graduates from small southern universities are often not taken seriously
as a response to our challenges question, is that valid?
Yes and no.
In our jobs, skills are more important than degrees. One just need to prove their skills and apply, degrees and where they're from don't really matter.
I was getting paid better than graduates from ESI, I was their mentor there.
How did you get your first jobs? Did your open source work contribute to that?
Definitely, open source helped me get many clients for me freelance work, and it helped me noticed and got me some job offers.
With my CV, previous experiences, and my open source work, I could get more interesting opportunities.
Open source also taught me a lot, I learned a lot from it.
Given that you worked for an Algerian tech company, how was the remote work culture there?
During COVID time, we moved to a remote work setup, and after that the company was open for a culture shift, as we were still productive when working from home, they even downsized their offices and adjusted to a hybrid/remote work setup.
Why would some Algerian engineers prefer to work for a foreign company remotely?
Money.
And because some Algeria clients/companies look down at IT and IT people, while foreigners see its important and then they value our talents more.
How did the Algerian company you worked for incentivize you and motivate you to stay longer?
The provided a relocation package, they rented an apartment for their developers who came from outside the wilaya.
They also do some internal events which were really nice where employees get together around food or offsites...
If someone wants to leave the company they'd try to keep them and present counter offers, unless the person is leaving to work remotely for a foreign company, then they know they can't match their new salary.
What opportunities you can bring to the country by working for a foreign company remotely?
I can bring new digital products my company is providing, I can talk to my management so they consider extending to Algeria, but I feel we are not ready as a country.
Our population is not educated in terms of technology, people pay money to travel agencies so they book them tickets instead of just going online and booking them with their Eddahabia card.
How your contract is managed by your company?
I just had to sign it online, and it was accepted by the company.
We work on trust basis, I deliver what I'm supposed to do and they pay me on time.
My contract was even accepted by my online bank when I needed to justify my income.
An engineer working from abroad and leading teams of developers who are working remotely from Algeria
What opportunities you can bring to the country by working for a foreign company?
We tried to extend our business in Algeria once. My CEO visited the country, and they found a lot of business opportunities and many potential clients, they said that the Algerian market is a virgin market.
We pulled back from trying to enter the Algerian market as we always stumbled upon people in different administrations who simply replied with "No" or "That's forbidden", we pushed back and we asked which law said it's forbidden... We never had a response for that.
The unclear laws and the lack of legal awareness from different employees in administrations were some the reasons that made my CEO give up on the Algerian market.
One of my teams who work from Algeria has some of the best engineers who work on the software we deploy on drones for our missions, unfortunately we cannot ship drones to them, so they can deploy their software directly and have a more efficient development and deployment pipeline.
How remote employees (Algerians specifically) are declared in your company from official standpoint? Do you pay their Paid-time off
They're considered as external contractors, in [COUNTRY]'s laws contractors are paid by projects, we considered our product as a long-running project so we can pay our employees monthly. We are not required by law to pay for their health insurance or any other things, we just pay them for their work. However, we agreed to make that to some sort of a trust-based contract where we can hire them for a long period of time.
In our contracts we have a model for paid-time off for our employees, however some of them prefer not to take their days off and rather work on these days and get paid for them instead.
When we pay our "external contractors", we transfer money to their accounts and we don't care about the details of their tax declaration or whether they have a legal entity in Algeria or not.
Did you try to create a company in Algeria as an official umbrella from the Algerian's side? Why not?
Yes, but our Algerian employees didn't want to join it. They did not want to pay ~30% of their salary for benefits they think they can pay for themselves.
30% of €1000 each month is more than 80 millions a year* (a million is an expression to describe 10K DZD), and no one was interested in "losing" that.
* 30% of 1000 is €300. €1 is between 200 to 240 DZD in the black market, the current rate is 240, which means (300*240)*12=864K DZD (a year)
Representative of an agency that's co-founding and building a financial services application
What do you think of software developers' salaries?
Software developers salaries are higher than average salaries in Algeria, there's a high demand and competition on hiring engineers with the raise of tech startups and digital products.
If you notice from your data, younger engineers have higher salaries because there's a demand on the new technologies and skills they bring. Older engineers (in the 40s) with longer years of experience and who are not not be paid the "high" amount your survey shows are mostly engineers who work in the public sector or "classical" companies. These engineers are mostly "old school" and they might not bring the skills, or know the tech stacks our clients need.
How do you evaluate a candidate's seniority? Who does that?
We don't believe in years of experience, we evaluate a person's experience and previous projects.
A candidate can be a senior in our company if the prove that they worked on multiple/complex projects, and who can demonstrate their skills in our interviews.
Previously, some companies rely on old-fashioned recruitment styles where HR persons with no technical expertise hire candidates, there they used to look at years of experience.
But now we work with a recruitment agencies that has a team of engineers who can assess candidates. Some agencies use platforms like TestGorilla to assess candidates.
Recruitment processes now include engineers, and the managers/executives in small startups. In our case our other co-founder is an engineer so they interviewed the first engineers who joined the team, when they were hands-on coding and handling the tech.
Do you take degrees in consideration in your selection or salary grids?
No we don't, we assess skills and propose market salaries based on the candidate's skills.
We even hired interns and promoted them to higher levels.
What do you do to retain talents?
We provide a great working environment with exciting projects, we have projects with Algerian clients (like [THE COMPANY PROVIDING FINANCIAL SERVICES]) and we also have projects with foreign clients.
We have high work standards and we encourage knowledge sharing, our employees get to work on real projects and learn from each other to deliver high quality projects.
We encourage our employees excellence, if an engineer is productive and does a good job, we renegotiate their salaries and we promote them, we had an engineer who went from an intern to a team lead, to a CTO in a 4 years span.
We also have flexible working hours when it's possible, if the engineer doesn't have any dependencies on meetings with clients or working with other people, they can work anytime they want as long as they deliver.
Our participants mentioned Lack of Recognition or Career Growth Opportunities
as one of the biggest challenges they have, what do you think about it? How do you solve/avoid it in your company? Do you have a clear employee growth framework?
No we don't have a growth plan or a framework. But we have a statement in our employment contracts that we can review compensation packages based on employees performance. We review contracts and increase salaries and/or promote to higher roles for our high-performing engineers.
We have a fast promotion track, we promoted [AN EMPLOYEE NAME] for example from being an intern to being a manager of a team, we also promoted [AN EX-JUNIOR DESIGNER] to be the head of our [COMMUNICATION-RELATED] team in just under 4 years.
What's your remote working policy?
It depends on the project and the client, as well as the role and responsibilities.
If you work on a client-facing project you might need to be in the office and meet the clients and talk to them. A CTO or a team lead must be in the office sometimes to manage their teams and handle some meetings with stakeholders.
Juniors also have to be in the office since it's easier for the onboarding and for establishing a good company culture, and to better integrate with the team.
Our company works a lot on the culture, and encourages knowledge sharing, that can be easier and more efficient when all people are working in the same office.
However, -as I said- we provide a flexible working hours possibility, so we make exceptions when it's possible.
I know that you are based in Algiers, how many engineers in your team are from other wilayas than Algiers? Did they relocate to work? Do you provide a relocation package?
We are all from different wilayas, none of us is from Algiers, we all moved here for work.
[For the relocation package, the interviewee presented a vague answer, I understood from it that the company does not provide a relocation package (yet). Employees help each other relocating and finding apartments]
Did you implement any e-payment solutions? If so, what did you use?
We still didn't implement any e-payment in our solutions, right now [THE COMPANY PROVIDING FINANCIAL SERVICES] only use Baridimob and ask customers to wire their subscription fees to our company account.
We looked at SATIM solution and it seems to take a lot of time to onboard, and we did not consider any third-party services like Chargily and Guidini or Slickpay because the law on e-payments is not yet clear, and we cannot risk dealing with these services.
Do you use any agile methodology in your work?
No we don't use Agile methodologies, our work style depends on the client and company culture. Some clients request last-minute changes and updates and we can't fit the Algerian mindset into any of the agile frameworks we know.
Some roles are also hard to find like product owners and product managers which makes handling software product delivery harder.
We are agile but we don't use Agile.
What roles you find hard to fill when recruiting?
- QA Engineers
- UX Engineers
- Product Owners and Product managers, we have to educate engineers on product management, or to educate business people on dealing with software and tech to fill that gap.
Also it's hard to find good full-stack web developers, everyone say they are but they are either good at front-end technologies or the lean more toward the backend they're bad at the front-end.
What can I do if I found a security vulnerability in one of your products?
All of our products have a "contact us" section, please contact us by phone or email and report the bug, we ask people to do it all the time.
We can even reward/pay those who report critical vulnerabilities.
When we launched [THE COMPANY PROVIDING FINANCIAL SERVICES], we were asking people to attack us, to test the application and to report any security issues. We wanted to sell our customers a robust and a compliant software.
Do you hire interns and entry-level engineers?
Yes we hire interns, and we retain them and promote them if they prove their skills.
We also hire entry-level engineers, they just have to prove their skills in interviews and by showcasing their previous projects.
How do you promote your product to freelancers?
We have a special pricing plan for people with auto-entrepreneur card, we also provide free onboardings, trainings and consulting for our customers.
What technologies do you use in your applications?
We use Laravel, Vue.js, Node.js and Electron for Desktop applications. We may also use different technologies in different products, our engineers are free to pick whatever technology they find useful to do the job.
A developer who worked for Algerian companies (governmental agencies and startups)
If I wants to integrate e-payment in my Algerian website, what are the steps to follow? and what's the point from third-party solutions like Guidini, Slickpay and Chargily?
You have to ask your bank first (for your professional bank account to be able te receive e-payments).
They will start the process with GIE Monétique, the bank will ask them for a test environment (a sandbox) for you with some API documentation.
You integrate their APIs in your system, when when test scenarios are fine, you provides some screenshots to GIE Monétique as a second proof. Then they will give you production API credentials.
This process may take few months.
The third-party solutions are the software part, for example Wordpress WooCommerce plugin, they are tested, so you don't re-do that part on your own, or maybe the tests will take only few days. It accelerates the process, reduce few costs, test environment is a paid service, the longer it takes, the more expensive it becomes.
These third-party service also provide payment gateways, you can use them if you don't want to use e-payment APIs. For example, in a marketplace website, you create a store, plug their solution and they will send you the money from purchases that happens through their module.
An executive of company that provide a third-party e-payment solution
Why would someone choose your solution and not integrate SATIM's solution?
Our solution is targeting "small" web merchants, if you want to integrate with SATIM, you would need to go deal with a lot of paperwork, you would need to provide a tax identification NIF, a business bank account and a confirmation from your bank that you can use receive electronic payments, you have to develop payment modules and certify them, you also need to pay developers and to pay for SATIM's test environment. After all that you have to wait for SATIM's tests to validate that your integration is working fine before they hand you their production API key.
Our solution is ready to use, we went through the process and certified our payment module, then it's use who will provide you our API key. Anyone can use our test environment for free, and when they are ready they can just switch to production mode where we apply our fees.
When a customer wants to go live with their solution we they go through our KYC checks and validation where we verify their accounts and identities.
We provide different client libraries and web APIs for our customers.
Does your KYC process verify if a client is illegible to have an e-commerce business? I mean, do they need to have a registered company (registre de commerce)?
No, our KYC process is internal, we only verify clients identities. We don't check if our customers have a registered company (have a "registre de commerce").
Were you audited somehow? Did you need any specific certifications?
No we did not. No audit was necessary, in Algeria we don't need any specific certifications or audits to be performed, no certificates like PCI DSS or what so ever are required.
We don't process payments, we are just a third-party solution that uses SATIM's infrastructure, payments happen through them.
And SATIM doesn't certify, they just check if the integration is working properly then they grant you the production API key.
We just take the responsibility of providing a stable and secure solution for our customers on our own.
Where are you hosting your data? And your backend applications?
Data is hosted in [ALGERIAN WEB HOSTING PROVIDER], and our applications, the front-end are hosted in foreign hosting solutions, our load balancer and CDNs are provided by a foreign provider.
The data is in Algeria, but backend applications are on a public cloud provider.
Are you certified/approved by ANPDP that you process Algerians' personal data? If not, did you apply to be approved or you are waiting for their process?
No we are not. We still didn't register/request their approval. The laws is still new and we did not apply (yet).
Did you need to comply to any legal framework that you are in the payment area?
We are not a Payment service provider (PSP), we just provide a third-party interface in front of the SATIM. And SATIM is approved by Electronic Payment Economic Interest Grouping (GIE).
Therefor, we did not need to comply with any specific law for "e-payments".
What are your plans? How do you generate income from your services?
For now we have a promotion for our customers, we provide our services for free, after this promotion ends we will introduce a fee on payments/transactions
If someone finds a vulnerability in your systems, is there a process to report it? Do you reward them? Do you encourage researchers to pen-test you, would you say you are ready for it?
We are always listening to our customers and our developers community, we will differently patch any security bug that gets reported to us. And if a bug is critical we verify it internally and if it's a valid finding we reward who reported it. We did that in the past.
For the other question, no. To be honest we don't want our systems to be attacked, we don't encourage that.
We don't know how "good" a pentester can be, and we don't want them to disturb or access our systems.
(If a bug is found accidentally or it appeared on the surface, reports are welcome and can be rewarded, but we don't encourage pentesting form bug bounty hunters)