Cyber Frontlines: Valentina Palmiotti (Chompie)

Published 17 November 2025
In this edition of Cyber Frontlines, meet Valentina Palmiotti, a.k.a. Chompie, Head of X-Force Offensive Research at IBM X-Force. Valentina is a security researcher focused on exploit development, vulnerability research and post-exploitation offensive security.

What do you do for and how long have you been with IBM X-Force?

I lead IBM X-Force’s Offensive Research (XOR) team, a small team of elite hackers dedicated to advancing security research by uncovering vulnerabilities in widely used software, firmware and hardware. I’ve been at IBM X-Force for three years.

What got you into security hacking?

I’ve always been into computers and technology since I was young, but it wasn’t until I completed a DoD cybersecurity bootcamp in 2017 that my hacking career started. I’ve been obsessed ever since!

What is your security research focus?

My current focus is on exploit development and vulnerability research.

Have you received any awards or recognition for your security research work? If so, which award(s) and what were they for?

I recently received the Trailblazer Award from the Society of Women Engineers. I’m also really proud of my Pwnie Award, which I won in 2024 for the Best Privilege Escalation Bug. I also scored a win at Pwn20wn in 2024 for a zero-day exploit against Windows 11.

What’s your favorite product/platform/vulnerability to explore?

One of my favorite things to do is to discover new attack surfaces, so it’s always changing!

Who is your favorite security expert/hacker to follow and learn from?

I am privileged to know many amazing hackers! My inspiration is Natalie Silvanovich from Project Zero.

Name one cybersecurity resource that all security professionals should follow.

The Exploits Club newsletter surveys all of the latest research in virtual reality (VR) and X-Dev.

Do you have a favorite security conference to attend/follow, and why?

Hexacon – It is in Paris and has the best offensive security talks.

Also, THOTCON – It is at a secret location, the home of my first in-person talk and in my hometown of Chicago!

What’s one recommendation you would give to help organizations protect their people, data or infrastructure?

We talk about protecting against futuristic, sci-fi AI threats, but the best move is mastering the basics: secure infrastructure architecting, trained people and clear accountability. If a single employee falling for a phish can cripple your entire organization, that’s a sign of poor risk management. Design defense-in-depth strategies that anticipate human error.

What advice do you have for starting a career in cybersecurity?

Seek out personal projects that spark passion in you and learn by doing. Accept repeated failure as part of the learning process. Reach out to those with the job/career you want to emulate.

What potential threat vectors are you watching in 2025 and beyond?

I’m watching how AI-driven automation can amplify both productivity and risk. As systems make more autonomous decisions, the attack surface expands. That’s where I can come in; I enjoy finding under-researched attack surfaces with a big impact.

