Katie Moussouris is the founder and CEO of a new company, Luta Security (lutasecurity.com), named for the tropical island where her mother was born in the U.S. Commonwealth of the Northern Mariana Islands, a beautiful place that is still home to many members of Moussouris’s family. Not only is Luta Security the only company offering gap analysis and guidance on ISO 29147 vulnerability disclosure, and how to implement a vulnerability coordination program (which may or may not include bug bounties), it is also a 100 percent female-owned and Native Pacific Islander-owned tech company. Luta Security advises companies, lawmakers, and governments on the benefits of hacking and security research to help make the internet safer for everyone. Moussouris is a hacker—first hacking computers, now hacking policy and regulations.
Moussouris's most recent work was in helping the U.S. Department of Defense start the government's first bug bounty program, called "Hack the Pentagon." Her earlier Microsoft work encompassed industry-leading initiatives such as Microsoft's bug bounty programs and Microsoft Vulnerability Research. Moussouris is also an invited technical expert selected to assist directly in the US Wassenaar negotiations on the inclusion of intrusion software and intrusion software technology, helping to renegotiate broad wording to minimize unintended consequences to the defense of the Internet.
She is also a subject matter expert for the U.S. National Body of the International Standards Organization (ISO) in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034). Moussouris is a visiting scholar with the MIT Sloan School, doing research on the vulnerability economy and exploit market.
She is a New America cybersecurity fellow and Harvard Belfer affiliate. Moussouris is on the CFP review board for RSA, O'Reilly Security Conference, Shakacon, and is an advisor to the Center for Democracy and Technology.