Chris Thompson

Global Head of X-Force Red

Chris Thompson is the Global Head of X-Force Red. He has extensive experience performing red teaming operations against defense contractors, nuclear power plants, critical industries and many of the world's largest banks and financial services firms. His background includes working as a contract Computer Network Exploitation (CNE) operator providing training and capability development for various government defense partners and lawful intercept/foreign intel programs. Chris founded the X-Force Adversary Services team in 2018, responsible for simulating real-world attacks by sophisticated threat actors. He has presented his research at many conferences such as DEF CON, Black Hat, ToorCon, SecTor, BSides, SANS, and Wild West Hacking Fest.

Offensive Security May 6, 2024

Evolving red teaming for AI environments

2 min read - As AI becomes more ingrained in businesses and daily life, the importance of security grows more paramount. In fact, according to the IBM Institute for Business Value, 96% of executives say adopting generative AI (GenAI) makes a security breach likely…

Adversary Services December 13, 2022

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

2 min read - In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnerability could allow attackers to remotely…

Incident Response March 3, 2021

A more effective approach to combating software supply chain attacks

3 min read - Software supply chain attacks are not new, but as we’ve seen recently, if executed successfully they can have huge payoffs for sophisticated attackers. Detecting malicious code inserted into a trusted vendor’s security updates is extremely difficult to do at scale,…

Software Vulnerabilities May 1, 2019

Penetration Testing Versus Red Teaming: Clearing the Confusion

6 min read - There is some confusion in cybersecurity as to the difference between penetration testing and red teaming. Since all businesses have vastly different security needs, the distinction is critical.

Failed to load data

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.

Subscribe today

Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

Cybersecurity News By Topic By Industry Exclusive Series X-Force Podcast Events Contact About Us

Security Intelligence

{{title}}

{{title}}

{{title}}

Topics

Chris Thompson

Evolving red teaming for AI environments

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

A more effective approach to combating software supply chain attacks

Penetration Testing Versus Red Teaming: Clearing the Confusion

{{{title}}}

Topic updates