Search
  • Katie Moussouris

Luta Security is Hiring

Updated: May 21

To learn more about our open positions and apply, click here.


Let’s talk a little bit about why we’re different, and why our society and the security industry need new business models to support workers sustainably, even in a cyber security job market with near 0 percent unemployment. Now is the perfect time to reevaluate workforce models, as the world comes to grips with the new pandemic pandemonium.


When I started Luta Security about 4 years ago, hot on the heels of launching Hack The Pentagon, the historic first bug bounty program of the United States government, I wasn’t picturing COVID19 and all its challenges for families and workers. Nobody was prepared for how the lockdowns would affect all of our work.


We’re all clearer about a few things about what “essential worker” really means in a functional society. The right to earn a living wage, and access to affordable health care, are not acceptable as luxury items only for the wealthiest members of society. We all deserve better when it comes to what we get from our employers.


Startup Culture Often Masks a Pyramid Scheme

We all suffer when hard-won labor laws and social safety nets created to combat the Great Depression are loopholed away by greedy oligarchs and vulture-capital-backed companies looking for a profitable exit for founders and funders only, leaving nearly everyone who worked to get them there largely undercompensated. I’ve worked for plenty of startups before, some of which had “favorable” exits. I can tell you from that experience over the past twenty years that as a worker, all those stock options combined and printed out would have come in handy when the store shelves lacked toilet paper.


Those jobs left me, as a worker, feeling like I took salary pay cuts to enrich others. While my own earning potential statistically peaked, I was left with no substantial piece of the success my work created. I think everyone who has ever had to work to support themselves and their families without any generational wealth to fall back on has felt the same.


Freedom to Follow Our True North

Luckily, here at Luta, going into the pandemic we already had a strong customer base that was entirely organic. We’ve never spent a single penny on sales or marketing, and have zero outside investors. We’re a truly bootstrapped startup company that is helping to clear a path forward for ourselves and others in these unprecedented times.


As part of our core values at Luta Security, we’re sharing some of our thinking on labor and work. The power of workers to define a company’s success or failure, profit or loss, shouldn’t be something entrepreneurs exploit to enrich only themselves and their shareholders or investors. We empower workers first as our core value.


Aspirations and Inspirations

Our mission is to help organizations measurably improve their vulnerability handling processes, from the inside out. How we get there is the power of our people.


Our success as a security service provider that focuses on internal engineering and communication to create robust vulnerability handling processes depends upon the people who create and follow the right processes and tools to get the job done. We help organizations measure their people, process, and tool efficiencies in vulnerability handling. We help them fill those gaps with specialty partners, and now also with workers we’re bringing in to help directly, some of whom may choose to stay on as full time employees at Luta or at our clients.


We can’t solve the labor exploitation problem that has run rampant in our society alone, and we’re hoping that folks will join us to help build a company that takes from the best inspirations in late-stage capitalism that make work a place that actually works for the workers. My friend Alison Gionotto, who founded and runs the open source asset management company Snipe-IT, with profit sharing among herself and all her employees, is one such inspiration to me. Another is a labor and workers’ equity expert Steven L. Dawson, who I’ve had the pleasure of meeting through his son Isaac, a friend and former colleague of mine from our penetration testing days at the company called At Stake, that helped define modern application security.


Contemplating Mr. Dawson’s work, I’ve reflected a long while on what kind of company I wanted to create, when I am truly only accountable to myself, my customers, and my workers. It’s the kind of company where we’re looking at labor mobility as part of labor rights, that balances growth with revenue, adding jobs as we can support them, instead of constantly overextending. We don’t want to create another company that justifies misclassifying essential workers to avoid paying for benefits, or denying workers the right to organize and negotiate better terms, or throw human beings into giant gig economy worker exploitation turbines.


“We must bridge the gulf that still separates employing jobseekers from the building of competitive businesses—by taking equal responsibility for both. And in doing so, we must fundamentally redesign ourselves.” - Steven L. Dawson

The Security Labor Market is More Than Hackers

At Luta Security, we’re forging a different path forward, making deliberate choices about how we want to work. We’re just not into creating yet another exploitative labor marketplace for security workers - some bug bounty platforms as currently run have already done that. Early service gig economy players only focus on jobs in vulnerability exploitation, aka hacking jobs, yet none of those gig security jobs are in fixing bugs or preventing new bugs. It’s a recipe for an unbalanced workforce equation and encourages “bug bounty Botox” instead of building up the inner beauty of strong internal security processes.


Defenders are security’s essential front line workers who deserve credit for holding back massive floods of attackers from an Internet that our society has grown dependent upon, far faster than our collective ability to secure it. Offensive security work, especially in the form of helpful hackers, deserve a lot of credit for advancing our industry by pointing out flaws. I am among those who got into security by learning to code and then finding flaws. Simply knowing about flaws isn’t enough to will them into being fixed.


Security defense workers who receive incoming bug reports, investigate issues, fix them, and help tune security from inside organizations need flexible job options in our changing workforce too. Offense and defense, the dark and the light side of the same force, must be brought to balance.


Come Work With Us

We’ll see if our experiments in labor and contract-to-permanent hiring, and organic growth models work out. We have much to learn -- and much to do -- together. Join us in building a different kind of company because everybody’s living in a late-stage capitalism world and I’m a late-stage capitalism girl.


At a company founded by a pink-haired hacker mom who is half Native Pacific Islander, we don’t feel the need to conform to your grandbro’s tech startup rules of underpaying as a rule, or overworking past 40 hours a week. I used to work all the time, but if anyone’s going to set an example and expect their workers to follow, setting a strong example of respecting workers’ time and weekends is a good first step. Is it the 32 hour full time work week I dream of? Not yet. It will take creativity and discipline to fit us into the world on our terms. It’s our opportunity to shape the kind of life we want, with work in its proper place, and room and support for all kinds of workers.


If you are interested in joining us, Luta Security is hiring now for contractors, with the expectation that some of those workers will be a mutual great fit, and want to stay on as regular employees at Luta Security. We are looking for help building the Luta Security community of workers further - an archipelago, as it were.


No one is an island, not even a company named for one. Security is a community effort.


We believe that deliberate choices in labor equity are vital to building a strong, healthy workforce community with well-supported workers at our core. Come help us build a resilient future with room for everyone.


3,385 views

Recent Posts

See All

Who’s in the BBQ pit with USG?

CISA and OMB published instructions for federal agencies on vuln disclosure programs. Sadly, the marching orders are all out of whack.

Luta Security and Zoom

When Zoom’s CEO Eric Yuan called me last summer after Jonathan Leitschuh’s vulnerability disclosure, we were all living in a different world

Company

News & Resources

Privacy & Security

© Luta Security, Inc.