Meet David Hoover, chief information security officer

About a month ago, I wrote a blog describing aspects of my first several weeks at Validic, including the many individuals here who play such an important part in welcoming new employees into the fold and who, every day, make a difference in the lives of our clients and fellow community members. I also wrote that I hoped to share their stories with you — dive a little deeper into what they do on a daily basis, why their work is meaningful to them and how their work impacts others.

To begin the series, I had the opportunity to sit down with David Hoover, our chief information security officer. David, who lives in Morrisville, N.C. with his wife and tabby cat, has been with Validic for three years, following previous security and IT roles in a variety of private companies, government and education. He holds a master’s degree in information security and is a Computer Information System Security Professional — the gold standard for certification of security professionals.

David received his associate’s degree in networking from Robeson Community College and later bachelor’s and master’s degrees from Capella University. He is also a former certified penetration tester, fiber optics technician and is certified in Network+, Security+ and A+.

Adrienne Rupp: What made you decide to join Validic?

David Hoover: When speaking with people already working at Validic, they seemed happy to be there, and be a part of what Validic was doing. Also being a smaller organization, I knew I would have an opportunity to have a more direct impact.

AR: Tell me about your role here as chief information security officer.

DH: I am responsible for all aspects of data security and privacy, ensuring our security and privacy strategy supports what the company does and offers. In other words, I make sure client health data is secure, that it all goes where it needs to go and that others can’t see it. I also work directly with clients on their security and privacy questions and needs, providing them documentation about our security and privacy certifications and policies.

Every day begins with checking security and alert logs. From there, I engage in various activities, from email security, client meetings and audit preparation to vulnerability scans and a whole lot more.

AR: Speaking of audit preparation, tell me about why HITRUST and ISO 27001 are important to our clients and why we go through audits and recertification every year.

DH: HITRUST and ISO 27001 are certifications based on an agreed-upon list of controls and standards. They require third-party verification to achieve, are updated and accepted widely within many industries. 

For this reason, providing these certifications to clients gives them much more confidence in our security and privacy protocols and procedures. It also streamlines conversations we have with clients. For example, HITRUST means a third party has already certified that Validic has done many things correctly. So instead of having to complete a large survey for a potential client, we can usually answer their questions with a 30-minute phone call and a much shorter survey.

AR: What do you like most about your role?

DH: It is ever-changing. Every day there’s always a new security report or item to read about and consider. One day there may be 20 new notifications. Maybe they’re important so let’s go read about them. That’s what I find interesting, the ever-growing amount of data and information.

AR: Can you think of a time when you have felt most proud to work for Validic?

DH: When we achieved our ISO 27001 certification on the first attempt, that felt pretty good. We became ISO certified in May 2019 and HITRUST certified in October 2020.

AR: When you’re not thinking about Validic and information security, what’s on your mind? How do you spend your time?

DH: If the weather is nice, I’ll probably be outside on a tennis court or running. The Dopey Challenge is my biggest running claim to fame. In January, you go to Disney World in Orlando, FL and run a 5K on Thursday, 10K on Friday, half marathon on Saturday and marathon on Sunday. 48.6 miles of fun.

Since 1995, I have been an avid tennis player and competitor, and have won many local, state and regional titles. My proud achievement was winning the USTA Southern Hardcourt Championships.

AR: What’s one thing on your bucket list?

DH: I would like to visit Ireland and Scotland. I had the opportunity to spend a week in London a few years ago and would love to see the rest of the British Isles.

AR: Finally, what’s one piece of advice you’d give to someone starting out?

DH: Technology never stops moving, so never stop learning and experiencing. I have learned so much in 20 years — there will always be the next phone, the next piece of tech. You can take a break; you don’t need to stay on the bleeding edge and not necessarily on the cutting edge. But you can’t let it get too far away.