About Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world. We identify and help address the gaps in organizations' people, process, and technology to mature their vulnerability management and improve the ROI for their security investments. We understand that there is not a one-size-fits-all approach to security. Every organization needs to assess its process maturity and operational capacity to determine what actions are needed to enhance its security, including which strategies and solutions make sense today and in the future.

Luta Security advises organizations across all phases of vulnerability coordination. Whether your organization is just getting started, or if you have already launched a vulnerability disclosure or bug bounty program, we can help your organization achieve its security goals, including complying with ISO 29147, 30111, and 27304.

Current and former clients include large and complex organizations such as the U.S. Department of Defense (DOD), the UK National Cyber Security Centre (NCSC), Facebook, and Zoom to name a few.


With over 40 years of combined professional cybersecurity, technology, and government expertise, the Luta Security team is ready to guide your organization toward a more secure future.


Luta Security’s services are backed by a highly seasoned team led by Luta Security founder and CEO, Katie Moussouris. As a computer hacker with more than 20 years of professional cybersecurity experience, Katie has a unique and unparalleled perspective on security research, vulnerability disclosure, bug bounties, and incident response. Katie serves in three advisory roles for the U.S. government as a member of the Cyber Safety Review Board, the Information Security and Privacy Advisory Board, and the Information Systems Technical Advisory Committee. She is also a cybersecurity fellow at New America and the National Security Institute. 

During her tenure with Microsoft, her work included industry-leading initiatives such as starting Microsoft Vulnerability Research, which formalized multiparty vulnerability and supply chain vulnerability coordination across hardware and software as well as launching Microsoft’s first bug bounty program. Katie is also the co-author and co-editor of ISO 29147 (vulnerability disclosure) and ISO 30111 (vulnerability handling processes). Working with the U.S. Department of Defense, Katie led the launch of the U.S. government’s first bug bounty program, "Hack the Pentagon." She also worked with the U.S. State Department to help renegotiate the Wassenaar Arrangement, specifically changing the export control language to include technical exemptions for vulnerability disclosure and incident response.

She is also the founder of the Pay Equity Now (PEN) Foundation, and through the PEN Foundation, Katie established the Anuncia Donecia Songsong Manglona Lab for Gender and Economic Equity at Penn State Law in University Park. Additionally, she served as a visiting scholar with the MIT Sloan School, a Harvard Belfer affiliate, and an advisor to the Center for Democracy and Technology. In 2018, Katie was featured in two Forbes lists: The World’s Top 50 Women in Tech and America’s Top 50 Women in Tech.

Core Values

We are guided by our core values of respect, pay equity, and accountability.

Identifying Gaps | Addressing Weaknesses | Advancing Security Maturity