Katie Moussouris on Facing Sexism as a CEO, Tackling Pay Equity and Demanding Body Autonomy

Katie Moussouris is a force of nature in the security world. She started hacking in the 1990s as one of the few women to brave the male-dominated rebel culture.

Over the decades, Katie has continued to fight sexism while working to address a major conflict that has long stymied the security industry. She has built bridges between ethical hackers who uncover security holes in software and the vendors who are responsible for fixing them. Katie created the first bug bounty program at Microsoft and was responsible for bringing bug bounties to the U.S. Department of Defense with the “Hack the Pentagon” program after advising them on how to prepare for fixing bug reports.

Katie is outspoken and involved, a frequent speaker at conferences, a go-to source for journalists, and the vulnerability disclosure expert that governments and academics turn to when drafting new policy and standards. I’ve known her for more than a decade and have been inspired by her energy, passion for security, and commitment to creating a more secure, equitable and safe world for everyone. In a recent interview with me, Luta Security Founder and CEO Katie talked about how she’s manifesting all of it. What follows is an edited version of our conversation:

You are a trailblazer as a female founder of a cybersecurity company. There’s a lot to unpack there but let’s start with your company.  What does Luta Security do?

I started Luta Security in 2016, right after launching “Hack the Pentagon.” Today, our customers include the UK government, which we helped develop their own disclosure program and maturity assessment, among other organizations.

At the beginning of the pandemic we were asked by Zoom to help them out when they were experiencing a huge surge in bug bounty submissions. Traditional bug bounty platform companies do the initial triage and the company has to fend for itself. But a lot of organizations don’t have the systems or people or know-how to properly investigate and remediate bugs.

We help companies manage the fixing of the bugs, learn from them, and put processes in place to prevent those kinds of bugs from recurring. We also train the next generation of hackers and help scale the hacker community. 

What’s been your experience as a woman founder and CEO? 

We still exist in a white supremacist patriarchy society and I feel the sting of that in my day-to-day work. There are a lot of expectations and double standards and I’ve encountered blatant disrespect and discrimination, even from vendors who are trying to sell to us.

Other founders are generally friendly and want to be helpful, but sometimes there are assumptions on their part too. Like when I’ve been told “Well Katie, you really need a technical co-founder.”

<split-lines>"We still exist in a white supremacist patriarchy society and I feel the sting of that in my day-to-day work."<split-lines>

What is fundraising like for a woman founder?

We briefly tried to raise VC funding in 2017 or 2018 and we activated our network to talk to fellow founders and I got great introductions. We were even tapped by Andreessen Horowitz to pitch them. Some of the VC meetings were better than others.

Even with my track record, my customer base and profitability and Luta’s solid product-market fit, some VCs ignored that and wanted a founder who matches what they’re used to. So, we got a bunch of ‘yeses’ from smaller fund managers, everyone except the people in positions to be a lead VC.

One of the VCs met the COO I was working with, a non-technical person who happened to be a white male, and asked him, “How come you’re not the CEO and she’s not the CSO or CTO?” After more than a dozen of these meetings, my COO said to me that he really didn’t want to believe that it was so sexist but was seeing firsthand that was the reality.

It was disappointing. So we gave up on funding very deliberately, and at this point we’re more profitable than the amount of money we were seeking in seed funding anyway.  

You’ve created a foundation to address issues related to workplace gender discrimination following your lawsuit against Microsoft. What is the foundation doing? 

I started the Pay Equity Now Foundation last year with the goal of achieving pay equity for all genders and races in our lifetime because right now we’re not on a trajectory to achieve that, not even white women are. (Editor’s note: Women were paid 22.1% less on average than men in 2021, according to the Economic Policy Institute.)

The pandemic actually set women in the workforce back a lot. I think people don’t understand how our economic recovery from the pandemic depends on having a full workforce. So, the Pay Equity Foundation’s first donation was to create a new center at Penn State Law named after my mother—the Manglona Lab for Gender and Economic Equity—to hold companies accountable.

 

<split-lines>"The pandemic actually set women in the workforce back a lot."<split-lines>

There is a big gender disparity in security, as well as lack of representation from people of color. What are your thoughts on this huge gap and what needs to happen to close it?

Representation is an insult unless it has the equity and inclusion parts. Diversity means nothing unless people are invited to be part of the organization in a meaningful way.

At my own company, we hire specialists to source diverse candidates for our hiring pipeline. One that I love is Black Tech Pipeline, founded by Pariss Athena, a former software developer-turned-recruiter. They charge the same fee that you pay a standard recruiter, some percentage of the salary. But they offer something very different. For three months after a new hire is placed, BTP checks in on them to see if the organization is checking off the “D” but not really the “E” and “I” in diversity, equity and inclusion.

You just can’t throw non-male and non-white people into an organization that’s predominantly white and male and expect them to sink or swim. I’m a native Pacific Islander woman, so my organization is definitely not your typical tech bro house, but that doesn’t mean that I have all the awareness I need as a leader to make sure that our environment is safe for black people. 

<split-lines>"You just can’t throw non-male and non-white people into an organization that’s predominantly white and male and expect them to sink or swim."<split-lines>

After the leak of the draft Supreme Court decision which would overturn Roe v. Wade, Luta gave employees a company-sponsored week off for a “workforce strike to fight for body autonomy for all humans.” You also took a strong stance on Twitter. Tell me more. (Editor's note: This interview was conducted prior to the release of the Supreme Court ruling.)

I believe in human rights and equality. These should not be controversial statements from a CEO. What was amazing was how many dudes in my replies said, “You’re advertising that you’re going to discriminate against people.”

I don’t think it’s discrimination if someone would rather that I die than get an abortion if I were to get pregnant. This isn’t up for debate. This isn’t the same thing as saying that pro-life people can’t come work for me. They can absolutely come work for me, as long as their pro-life ends at their own bodies and doesn’t invade my boundaries. I wouldn’t tell them what to do with their pregnancy and they wouldn’t have any right to know about or comment on my pregnancy either.

I shouldn’t have needed to have said it, but the fact that it was remarkable at all tells you what corporations are doing in putting their policies where their mouths are when it comes to supporting human rights. It also makes no business sense for me to bring someone into my environment and pay that individual when they disrespect my body autonomy and that of my co-workers and wish us ill.

More posts

August 4, 2022

August 4, 2022

Inside Mission North

Fun, Educational and Challenging: Reflections on My Experience as the First Mission North Fellow

July 28, 2022

July 27, 2022

Expert Insights
Commerce & Supply Chain

Craig Berman, fabric Head of Corporate Marketing, on Learning from Amazon’s Jeff Bezos and Making Content Marketing Data-Driven

August 1, 2022

July 28, 2022

Inside Mission North

Mission North Employees Reflect on Threats to Freedom in a Changing America

July 26, 2022

Expert Insights
Trust

Cybersecurity Communications Expert Kaylin Trychon on Choosing Words With Care