An introduction to the female hackers securing the internet
Introduction to Katie Moussouris
**Katie Moussouris** is an American computer researcher and hacker who has become a pioneer in cybersecurity. Working as a chief policy officer for HackerOne, a vulnerability disclosure company, Moussouris collaborated with the U.S. Department of Defense to build ‘Hack the Pentagon,’ the government’s first bug bounty program.
She is the Founder & CEO of Luta security, which advises governments and organizations on vulnerability disclosure and **bug bounty programs.** Moussouris is also a cybersecurity fellow at New America and the National Security Institute.
Moussouris’ Early Life & Background
Moussouris, who is 47 years old, was born in Boston, Massachusetts, to a Chamorro mother and a Greek father. She attributes her ambitious drive to the culture and heritage of her mother’s native island, Rota in the Northern Mariana Islands.
“I was raised by a strong single mom… My family were the chiefs of that tiny island in the middle of nowhere, so I am the descendant of the leaders of my own people,” Moussouris has said of her lineage.
Her interest in computers started at a young age, and, when she was 8 years old, her mother bought her a **Commodore 64** – the popular home computer at the time, which came with a manual and one game. As they couldn’t afford any more games, Moussouris learned to program in BASIC so she could write a new game herself.
Moussouris’ Education & Early Career
At high school, **Moussouris was the first girl to take AP Computer Science at her school**. She then studied molecular biology and mathematics at Simmons College in Boston while simultaneously working at the Human Genome Project at the MIT Whitehead Institute, as she wanted to “cure AIDS and cancer.” At the time, the Human Genome Project was an international, collaborative research program whose goal was the “complete mapping and understanding of all the genes of human beings.”
Moussouris, however, found herself going back to the computing world. Eventually she became the systems administrator for the MIT Department of Aeronautics and Astronautics. At the same time, she also worked as the systems administrator for the Harvard School of Engineering and Applied Sciences.
From there, Moussouris moved to California joining **Linux, an open source operating system**, as a developer. She soon realized that Linux didn’t have a formal computer security response program, so she developed one. This steered her career toward security response and vulnerability handling and coordination.
Microsoft & Bug Bounties
In 2007, Moussouris joined Microsoft as security strategist. Working closely with hackers who found holes in Microsoft’s software, she founded the **Microsoft Vulnerability Research (MSVR) program **which “formalized multiparty vulnerability and supply chain vulnerability coordination across hardware and software.”
Moussouris eventually became Microsoft’s senior security strategist running the company’s Security Community Outreach and Strategy Team whose aim was to ensure the security of Microsoft’s products.
Before leaving Microsoft in 2014, she also created the company’s first bug bounty program. According to Moussouris, a bug bounty program “is a cash reward offered by a vendor in exchange for vulnerability information. It’s typically offered on a per-bug basis: one bug, one bounty.”
Moussouris at HackerOne
In 2014, Moussouris left Microsoft for HackerOne, a vulnerability coordination and bug bounty platform based in San Francisco, California. As a Chief Policy Officer, she oversaw HackerOne’s philosophy and approach to vulnerability disclosure.
In March 2016, and while still at HackerOne, Moussouris was involved in creating, and led the launch of a pilot program for the U.S. Department of Defense called ‘**Hack the Pentagon**,’ This was first ever bug bounty program of the U.S. government and was soon followed by ‘Hack the Air Force,’ once again under Moussouris’ lead.
Moussouris at Luta Security
In April 2016, Moussouris founded Luta Security, named after her native island Rota, which is known as Luta to the locals. **Luta Security advises companies and governments around the world on their vulnerability coordination, helping them work collaboratively with hackers through bug bounty programs**.
At Luta Security, Moussouris and her team have developed the **Vulnerability Coordination Maturity Model (VCMM)** which evaluates key areas in organizations to gauge and evolve their vulnerability management capabilities. Clients of the company include the U.S. Department of Defense and the U.K. National Cyber Security Center, among others.
Moussouris’ Other Achievements & Distinctions
In 2018, Moussouris was called to testify as an expert in front of the U.S. Senate on bug bounties and the labor market for security research, and, in 2021, testified in front of the U.S. House Committee about improving the cybersecurity of software supply chains. She has also been called upon as a cyber security expert for European Parliament hearings on dual-use technology.
Moussouris serves in advisory roles in several U.S. government boards and committees and is also a cybersecurity fellow at the National Security Institute. In 2018, Forbes included Moussouris in its ‘World’s Top 50 Women in Tech’ list.
Introduction to Michelle Zatlyn
Michelle Zatlyn was born in 1978, and raised, in Prince Albert, Canada. When she was young, she dreamed of becoming a doctor; it wasn’t long, however, before she discovered her passion for an open and secure internet, which changed her career path.
**Zatlyn received her BSc in Chemistry** from McGill University and then went on to Harvard for her MBA, where she was awarded the Dubliner Prize for Entrepreneurship. She started her career by working for Google, and then Toshiba, before joining startup ‘Achievers,’ a global employee rewards program.
Zatlyn was nominated as C100s ‘Icon of Canadian Entrepreneurship’ (ICE) in 2019 for her impact on the world of technology and on the Canadian entrepreneurial community, while, in 2021, she was named a Young Global Leader by the World Economic Forum.
Zatlyn at Cloudflare
While Zatlyn was at Harvard for her MBA, she became friends with Matthew Prince and Lee Holloway, and eventually the three of them started Cloudflare in 2009, based in San Francisco. Zatlyn is currently President and COO of the company.
**Cloudflare is a leading web infrastructure and security company and the world’s largest cloud network, facilitating companies to build and run their public-facing websites and internal networks securely without compromising on speed and delivery.**
With integrated firewalls, Cloudflare provides developers with the flexibility to deploy code instantly and securely without the need for extra software or hardware, setting it ahead from its competitors.
In September 2019, Cloudflare went public and its market cap was recently valued at US$15.4 billion. Today, Cloudflare blocks an average of 87 billion cyber threats each day for its customers, which include approximately 19% of the Fortune 1,000.
It was named the Wall Street Journal’s Most Innovative Network & Internet Technology Company in 2011 and a Technology Pioneer by the World Economic Forum in 2012. In 2016, Cloudflare was included in CNBC’s Disruptor 50 List.
Zatlyn’s Other Positions
In 2021, Zatlyn was appointed to the board of directors of Atlassian Corporation, an Australian provider of team collaboration and productivity software. “We are thrilled that she will bring her experience and perspective as a proven operator at such a mission-driven and disruptive company like Cloudflare to the Atlassian board,” said Mike Cannon-Brookes, Atlassian’s cofounder and co-CEO.
Founded in 2002, and with head offices in Sydney and San Francisco, Atlassian develops products for software developers, project managers and other software development teams. In 2004, Atlassian released Confluence, one of its flagship products, which is a team collaboration platform allowing users to work together on projects, co-create content, and share documents.
**Zatlyn is also a member of the Cybersecurity Group for the Aspen Institute**, an international non-profit organization headquartered in Washington, D.C. that aims to “drive change through dialogue, leadership, and action to help solve the greatest challenges of our time.”
Zatlyn also previously served on The NextGen Advisory Board for the Computer History Museum, as well as The Open Internet Advisory Committee Board for the Federal Communications Commission.
