As a kid growing up in Arlington, Massachusetts, Katie Moussouris was “dangerously curious”—her mother would have to hide all the screwdrivers in their house to prevent her from taking everything apart (she made do with a butter knife). When she was eight she taught herself programming using a Commodore 64, and later, as a teenager in the early ’90s, stumbled upon a community of early hackers based in nearby Boston.

Now, as the founder and CEO of Luta Security, Moussouris helps organizations and governments to work collaboratively with hackers through “bug bounty” programs, incentivizing system vulnerabilities to be reported and addressed. It’s hacking for good.

EH: You started hacking young—was it always your intended career path?

KM: I followed in my mom’s footsteps initially, studying biochemistry and molecular biology. That’s how I ended up working at MIT on the Human Genome Project, one of the most data-heavy scientific projects to date at that time. Then we started getting hacked. It reawakened my early passion—I just wanted to get my work done, and protect the MIT center, so I started scanning the systems myself. That basically introduced me to the professional end of hacking, as a “defender”: finding bugs before attackers did.

EH: How do you feel about the term “hacker”?

KM: I very much embrace “hacker” as the old-school term: When it was coined, it was really about curiosity. It’s about someone who wants to take apart systems to understand them, and see if you can make them do something they weren’t designed to do. Every time you discover something, it’s exciting—you immediately want to tell someone: “Look what I found!” Now I hold security clearance, because of some of my advisory work for the federal government, so there are definitely things that I can’t tell anybody—but that’s okay. Compartmentalization is also part of the hacker world.

EH: How worried are you about cybersecurity today?

KM: The most surprising thing for me, over the last five or 10 years, is the fact that we haven’t moved the needle in terms of security. Most organizations can get all the way to publicly traded companies without having a very mature security program. The only incentive in the software market is being first to market with the most features, and that presents a global security problem. Until we address that, we’re going to see disaster after disaster.

EH: What might you do in future, if not hacking?

KM: At this point, I don’t know that I’m fit to do anything else. We’ll see. When my kids are grown and gone, I might run for office. I think having a hacker in Congress would help with all that regulation. I also worry that a lot of organizations are replacing human workers with AI, and not only is AI not quite ready for that—we also don’t have a social safety net. Honestly, I think a universal basic income is the societal answer—if AI is learning from the collective productivity of human knowledge up until this point, then all humans should get the dividends paid out to them.