Computing has infiltrated society faster than we have been able to secure it. Defenders struggle with quantifying risk so that it translates into supported organizational changes and budget. Katie Moussouris—the strategist who launched some of the most internally controversial cutting-edge programs for defense, including Microsoft’s Bug Bounties and the DoD’s Hack the Pentagon—explains how to transmute our suffering into kinetic and organizational changes and how to turn the forces that resist our defense activities into our biggest supporters in our organizations. Defenders need more than ROI studies to create sustained positive change. Be warned: since you can’t change anyone else, you must be prepared to change yourself.
Katie Moussouris is the founder and CEO of Luta Security, which specializes in helping businesses and governments work with hackers to better defend themselves from digital attacks. Katie is a noted authority on vulnerability disclosure and bug bounties and advises companies, lawmakers, and governments on the benefits of hacking and security research to help make the internet safer for everyone. Katie helped the US Department of Defense start the government’s first bug bounty program, Hack the Pentagon. Previously, at Microsoft, she worked on industry-leading initiatives such as Microsoft’s bug bounty programs and Microsoft vulnerability research. She is also a subject-matter expert for the US National Body of the International Standards Organization (ISO) in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034). Katie is a visiting scholar with MIT’s Sloan School, doing research on the vulnerability economy and exploit market, a New America Foundation fellow, and a Harvard Belfer affiliate. Katie has served on the CFP review board for RSA, O’Reilly Security Conference, and Shakacon, and she is an advisor to the Center for Democracy and Technology. Katie is a frequent public speaker and has given keynotes and talks at many international conferences, including Hack in the Box Amsterdam 2014, Security Analyst Summit 2014, Nordic Security Con 2013, and BruCON 2012, to name just a few.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org