Bio

I am the founder and CEO of a bootstrapped & profitable security company called Luta Security, where we specialize in helping businesses and governments work with hackers to better defend themselves from digital attacks, building sustainable Bug Bounty programs and vulnerability disclosure programs. I am a noted authority on vulnerability disclosure & bug bounties. I advise companies, lawmakers, & governments on the benefits of hacking & security research to help make the internet safer for everyone. I am a hacker - first hacking computers, now hacking policy & regulations. I sit on three Federal cyber advisory boards: DHS/CISA’s Cyber Safety Review Board, NIST’s Information Security and Privacy Advisory Board, and Commerce’s Information Security Technical Advisory Council. I helped the US Department of Defense start the government's first bug bounty program, called ''Hack the Pentagon.'' My earlier Microsoft work encompassed industry-leading initiatives such as Microsoft's bug bounty programs & Microsoft Vulnerability Research. I am also a subject matter expert for the US National Body of the International Standards Organization (ISO) in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034). I am a visiting scholar with MIT Sloan School,doing research on the vulnerability economy and exploit market, a New America Foundation Fellow, and Harvard Belfer Affiliate. I serve on the CFP review board for RSA, O'Reilly Security Conference, Shakacon, and am an advisor to the Center for Democracy and Technology. I am a frequent public speaker, all speaker requests please use press@Lutasecurity.com