Leadership, Risk Assessments/Management, Threat Management

‘It’s not a gimmick’: Arkose Labs announces ‘chief criminal officer’

Arkose’s new Chief Criminal Officer Brett Johnson ran the pre-darknet forum ShadowCrew. (Akose Labs)

Fraud prevention outfit Arkose Labs announced a new addition to its executive roster with a title bound to turn a few heads: chief criminal officer. 

The company is deadly serious, said Arkose founder and CEO Kevin Gosschalk. 

“It’s not a gimmick. We have more integrity than any company in this industry at this point. So gimmicks are not really for us,” he said.

Brett Johnson, a 39-count convicted fraudster who ran the pre-darknet criminal forum ShadowCrew, will be the company’s — perhaps the world’s — inaugural CCO. Since his ShadowCrew days, Johnson has established himself on the legitimate side of the security divide, working with AARP’s antifraud efforts and law enforcement, and operated the security consultancy AnglerPhish.

Johnson’s role will be a mixture of threat intelligence and client education, but Gosschalk said it did not make sense to call him an intelligence or training officer.

“I don’t think it’s appropriate to use a title that you could apply to someone you can hire normally to do a job. We wanted to bring his very unique experience to bear for our customers, and we wanted that to stand out.” 

Johnson, for his part, believes the CCO role comes with a more insider’s mindset than intelligence work. 

“if you're talking about a chief criminal officer, you're talking about a symbol that is really well versed in a criminal environment, has inroads into that environment that no one else really has,” he said. 

Arkose has long believed that criminals can play a role in their services, and not just the reformed ones The company includes contact information for their bounty program in their source code for more adversarial researchers to find, a strategy which Gosschalk said had born fruit in the past. 

But when it comes to an employee, let alone a client-facing executive, Johnson said a CCO has to be more than just a criminal or even a reformed criminal. It needs to be a trustworthy, reformed criminal, someone whose presence will not rattle client confidence. Johnson’s unique resume makes him one of the few who could fill in that job. 

“I’ve been very fortunate in my life that I've been given this opportunity to turn things around. I've taken it I think that most companies need to work with former hackers and criminals. But I think that it, you have to be able to trust who you're working with,” he said. 

Early response to Johnson as a member of the Arkose team has been positive, said Gosschalk. “We've actually spoken with quite a few customers and they keep asking us to schedule more time with Brett so they can learn more from him."

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.