Manage episode 283767609 series 2855931
Katie started with computers at age eight in her bedroom on a Commodore 64. She was the first female in her high school to take AP Computer Science and has continued to achieve many firsts in the hacking community. Katie is now an established pioneer and expert on bug bounty programs, vulnerability disclosure standards, handling processes and secure development, and a recognized cybersecurity public speaker.
In our episode, Katie tells the story of how a presentation she made at a grad-school symposium led to the first ever cash-incentivized bug bounty program for the Department of Defense called Hack the Pentagon.
While many companies come to Luta Security – beautifully named after the island in the Northern Marianas where Katie’s mother was born – ready to start a bug bounty program, she encourages them to first seriously consider investing in what they are doing to prevent and self-detect the bugs they want to hunt. She states that cash rewards aren’t always the best solution to solving a company’s digital security.
Katie and Jaya then discuss the Solarwinds supply chain case study. Katie describes how it’s getting more difficult to defend networks with so many pieces and vendors involved. She uses the term multi-party vulnerability coordination to describe studying and solving the vulnerability disclosure capabilities in the networks of many organizations that rely on each other across hardware and software supply chains.
Katie started Luta with a deep-seated sense of knowing that she could help companies and governments better understand what they don’t know, including what tools and talents they need. One of Luta’s first clients was the UK Government. She helped them not only create a vulnerability disclosure program, but also a maturity assessment capability so they could onboard different government agencies in an orderly fashion. This became especially important when the UK’s National Health Service had to roll out a Telehealth program virtually overnight at the start of the pandemic. Currently, the US government is set to release its own vulnerability disclosure program by March 1, 2021.
If Katie could have any wish granted in the cybersecurity industry, it would be that the deployment and implementation of security patches would have a faster and more effective operational process. One of the biggest problems isn’t that new patches aren’t being created fast enough, it’s that they aren’t being applied quickly and thoroughly to networks.
Closing out the episode, Katie raises the topic of gender and racial inequalities in the cybersecurity industry. In order to combat these societal inequalities and drive systemic change, she has founded her own foundation, the Pay Equity Now Foundation.