Why We’re Such Big Fans of NowSecure
POSTED ON January 15

Andrew Hoog, the Chief Investigative Officer at NowSecure (formerly known as viaForensics) has been affectionately—and perhaps accurately—referred to in the media as a “high-tech plumber.” He does use code to fix leaky apps that spill data. But we think Hoog deserves a title that’s a bit more refined. To us, he’s more of a high-tech archeologist, digging and unearthing valuable artifacts and explaining what they mean.

We love NowSecure’s product line. Businesses use their products to test the security of apps and identify security risks on smartphones and tablets. (It’s been downloaded more than 100,000 times, so we know we’re not the only admirers.)  Or, you can test apps by automating and simulating common attacks to reveal weaknesses. We could go on, but we’ll stop there. There’s only one word for all this innovation: NowSecureAwesome.

Hoog and his colleagues generously share information. They won’t just give you ten or twenty best practices for securing your mobile apps; they’ll give you forty-nine. To Hoog, the issues with mobile devices simply come down to using the right algorithms. He makes it look easy, but trust us, it’s tricky. At Shepherd, we appreciate Hoog’s plain-English wisdom on complicated topics. Hoog has written two books on forensics, and routinely shares his secrets in social media, especially on Twitter @ahoog42, which we read devotedly. In March, he wrote a post that we’re still chuckling about and sharing: “Why Mobile Should Stop Worrying and Learn to Love the Root.” This elegant history of privilege on computer systems left readers with three takeaways on what Hoog would love to see going forward—an Apple Developer phone; a Security Vendor program; and a process by which an organization can sign deploy its own operating system. Music to our ears.

When you read Hoog’s blog and follow him on social media, you sense his passion for forensics, and it’s infectious. He recently gave an interview to Tastytrade.com about his introduction to the field, which we found inspiring and relatable.

I was CIO at another company for six years. I had an employee who had done some questionable things and we needed to do an investigation and instead of farming it out to an outside firm, I did the investigation myself. I was hooked for life. I’d been a pretty technical CIO, but I found out that behind the scenes there were a whole bunch of things I had no idea about — how computers work, how they store information, how they send it. I realized I was going to make a career shift.

Later, he described his approach to client problem-solving:

We help people understand what risks are present in their mobile devices. It’s a tricky problem because security can get in the way of people doing what they want to do. So we spend a lot of time trying to get them to understand how different apps and different networks might put them at risk, and do it in a way that’s easy for them to factor into their daily lives.

Hoog is not a Pollyanna about this stuff. He recently told the New York Times that NowSecure had found that about 60 percent of the mobile apps it evaluated leaked information and had “other” security problems. He explained that developers are under such tight deadlines that they move quickly and sometimes code improperly, leaving an app vulnerable. As Hoog explains, “One thing small businesses don’t realize is that even though Apple and Google do a bit of vetting, you can’t trust you’re going to get a safe and secure app from their stores. An app will leak out your address, customer list, suppliers, a password or a user name and send it out over the Internet without encryption. Hackers just harvest that data.”

That analysis may keep you up at night—it keeps us up sometimes. But we sleep easier knowing that Hoog and his team are following the latest technology. We’ve long admired NowSecure, and after getting to know part of his team, Paul Marsek and Kevin Swartz, we can confirm that they are as inviting and warm in person as they are brilliant and insightful on paper and online. You don’t have to be a high-tech archaeologist to tell that their clients are lucky people.

About the Author Chris

Author Avatar Christine Chalstrom is the Founder, CEO, and President of Shepherd Data Services, Trustee, Mitchell Hamline Law School and Adviser, Center for Law and Business. She has spoken widely on the Amendments to the Federal Rules of Civil Procedures, Digital Forensics, and eDiscovery best practices. Her credits include presentations to the American Bar Association, Association of Certified e-Discovery Specialists (ACEDS), Corporate Counsel Institute, MN Association of Corporate Counsel, MN Association of Litigation Support Professionals, MN CLE, Mitchell Hamline School of Law, Upper Midwest Employment Law Institute. She is an attorney, programmer, and forensic examiner.