If the NSA is spying and has installed on of their chips on your phone, game over. If your employer as a precondition of BYOD has to install a remote monitoring tool that is capable of "spying" you won't know either.
Other than connecting to a trusted wifi network and then sniffing the packets, I don't think there is a way to tell. Assuming the hardware hasn't been breached a DFU install should wipe out all software and restore the phone to stock. After that, don't install anything and don't plug the USB into any USB connection that is not trusted.