Chris Wiley is a Network Administrator at NowSecure, and has been with the company since 2013.
Why did you join NowSecure?
There was one part of the interview where the founder, Andrew Hoog, had promised me that I would never be bored a single day while I was here at NowSecure. To date, that promise has been fulfilled.
What impresses you about the NowSecure team?
What is it like to have someone like Ole, who created Frida, working for NowSecure?
It’s phenomenal to know there are people out there who have the knowledge and willingness to create tools and have them be open source. But then, to have those exact same people work at this company, is phenomenal. We employ the best of the best, and we go out there and find this talent. We have developed such a phenomenal internal team, and really everyone who is working at this company is frighteningly intelligent.
What’s unique about our testing approach?
One of the aspects that we like to address is the hacker’s point of view. We have individuals who are authorities in the industry. We’ve actually given talks at Black Hat. We’ve gone to DEF CON. We are closely tied to the open-source community, and because of that we’re able to put ourselves in the shoes of the attacker.
We’re able to say, “How would I break this?” And in doing so, we’re able to say, “We are going to take all of these attack vectors. We’re going to take a man in the middle approach. We’re going to take the device itself. We’re going to try to pin the server. We’re going to try to look at the source code itself and find all these avenues that an attacker would use,” and say, “I was able to successfully break your app, your services, your system this way, and this is how an attacker would do it. Feel free to fix it now.”
What impresses you about our tech?
We are testing on physical devices. There are going to be instances where we are going to run into vulnerabilities or findings that exist on a physical device that don’t exist or don’t appear in a virtualized device.
We have developed a system from the ground up to be automated. Everything from downloading the app to installing it, running the test, capturing the network traffic — we don’t have a human sitting at a desk doing that. All of it is done by machines, which means that it takes a fraction of the time. Not only are we going to give you real results because people are going to be using real devices, but we do it very quickly and very accurately.
We have researchers who have gone through and found vulnerabilities — who can now write the code to hit these potential vulnerabilities, to run these tests and generate the output, generate the reports that it’s going to take an individual days to pull off.