MONTREAL COMPUTER SECURITY FIRM GOSECURE OVERVIEW Montreal Gazette - canada.com networkGoSecure goes to great lengths
Montreal firm that secures computer systems even stages breaking-and-entering scenarios

ALISON MacGREGOR
The Gazette


Wednesday, May 05, 2004

Robert Masse recalls the time he swiped several laptop computers from a Montreal company by posing as a pizza delivery man.

"Security will search your bags - but they will never search a pizza box," he said with a chuckle.

At first blush, it may appear that Masse is a member of a criminal gang or that he has engaged in an act of corporate espionage.

In fact, the breaking-and-entering scenario described above was authorized by the company in question.

Attempting to gain access to a corporation's computer gear and other sensitive information is simply one of a clutch of services that Masse and his crew offer to clients through GoSecure Inc.

The 2-year-old Montreal firm specializes in securing corporate computer systems. This can involve assessing a client's computer system, helping develop a sound security strategy or providing round-the-clock security management.

Clients have included the city of Montreal, the Societe des alcools du Quebec, Bombardier, National Bank, CN, the Relizon Co., as well as law firms and law enforcement agencies.

Testing often includes attempts to outwit the security measures the client has put in place. For example, Mass and his team will use ethical hacking and other methods - even going so far as to impersonate repairmen and company employees - in their attempts to find weak spots in security systems.

More often than not, Masse said, testing will reveal that the client has neglected the most important element of a secure computer system - humans.

"A lot of people think computer security is based on technology, but it's a lot more than just technology," said the 29-year-old president of GoSecure.

He said companies often spend money on high-tech security measures such as firewalls but neglect to properly train employees on how to maintain a consistent level of security.

The growing concern over threats to corporate information technology systems has spawned a burgeoning market for security services.

In December, The Yankee Group, a Boston-based technology research firm, forecast managed security service revenue in the United States to grow from $1.5 billion U.S. in 2002 to $3.7 billion in 2008.

"In the end, it all comes down to the people," Masse emphasized. "Technology is the easy part."

For example, despite the well-publicized threat of viruses to computer systems, many people still continue to open the door to virus attacks by opening suspicious e-mail attachments.

Employees may also give out sensitive information over the telephone to people unauthorized to receive it - or even give strangers access to company computers.

Masse, a reformed hacker, speaks from experience.

"I was put into retirement at 15," he said.

He started playing with computers at age 5. A few years later, he began hacking because it was a way for him to download free video games. By the time he was in his teens, he had become a full-fledged hacker - until the day he logged into a Russian research computer and the communication was noticed by the RCMP.

"The RCMP came to my house," he recalled. "My mother, everyone was crying. It was a huge issue.

"In the end I took something that was potentially negative and turned it into something positive."

He decided to co-operate with the RCMP, and at 15 began giving lectures on hacking to the RCMP and other computer security experts.

He did not attend university, but with the breadth of knowledge he had gained from his hacking days, he found that he was in demand as a consultant to companies on computer security issues.

After working for various firms in Canada and the United States, he returned to his native Montreal in his mid-20s to work for local chartered accountancy firm Richter Usher & Vinebert.

He then became co-director of KPMG's information risk-management division in Montreal, where he met Martin Gilbert, 33, co-director of the same unit.

Masse decided that he would like to start his own computer security firm.

Backed by a local angel investor, he teamed up with Gilbert to found GoSecure. Gilbert, who is vice-president of the firm, is also a chartered accountant and heads up the non-technical side of the business.

Masse declined to release financial information for the privately held firm but said GoSecure is now profitable.

Housed in a 1,500-square-foot office in Old Montreal, the company employs seven full-time consultants and plans to move to a larger space soon and hire two more computer security experts.

The company's goal is to double growth every year.

Asked if he is nostalgic for his hacker days, Masse said: "A lot of people don't realize that hacking into computers is easy.

"Making them more secure is harder - and if you are a person who likes a challenge, then protecting computers and fixing things is where it is at."

amacgregor@thegazette.canwest.com

On the Net: www.gosecure.ca

© The Gazette (Montreal) 2004