From Modded Game Controllers to IBM X-Force Red: The Chris Thompson Arc
A teenage hardware tinkerer grows up to run one of the most recognizable offensive-security brands in enterprise tech — then leaves to build something new.
Chris Thompson did not start with a certification. He started by breaking things that were not supposed to be broken — game controllers, specifically, rewired and reprogrammed for advantages the manufacturer never intended. It is an origin story that sounds apocryphal until you realize how many serious offensive-security practitioners describe a nearly identical childhood.
The throughline from that kind of early curiosity to founding IBM's X-Force Red is not as long as it looks. X-Force Red, for context, is IBM's dedicated red-team unit — the group companies call when they want someone to actually break their defenses rather than theorize about it. Thompson built that practice and led it, which means he spent years operationalizing adversarial thinking at enterprise scale.
That is harder than it sounds. Red-teaming a mid-sized financial institution is one thing. Building a team, a methodology, and a sales motion that could run engagements across industries and geographies simultaneously is organizational work as much as technical work. The skill set stops overlapping with pure hacking fairly quickly.
Thompson has since moved on — co-founding RemoteThreat, a newer outfit whose name suggests it is not pivoting into compliance consulting.
What his trajectory actually illustrates is a recurring pattern in the security industry: practitioners who develop deep technical instincts early, translate those instincts into institutional programs, and then exit to rebuild with fewer constraints. The IBM brand opened doors. It also came with IBM's procurement cycles, IBM's legal review, IBM's everything.
The game-controller detail is worth sitting with, though. Security educators have spent decades arguing about whether hacking is a mindset or a skill set. Thompson's story suggests the mindset comes first and the skills follow — that what distinguishes the people who end up running red teams is not the tools they learned first but the disposition to look at a closed system and immediately wonder what happens if you push somewhere you are not supposed to push.
Whether RemoteThreat becomes a meaningful player in the offensive-security market is an open question. The space is crowded with credentialed boutiques. A co-founder with Thompson's background is a real differentiator, not a marketing claim — but differentiation and revenue are different problems.
