Computer Science has always interested Serge. He explains, “I find the field challenging, deep, technical and a provider of constant learning opportunities; and these are things that I greatly enjoy.” This appeal would lead him to earn a Master’s Degree in Computer Systems Security from Colorado Technical University.
Serge founded his cyber security consulting firm, SpyderSec, in 2015, which specializes in penetration testing, security awareness training, and OSINT gathering. In addition, he is also President of the Denver OWASP chapter, sits on the security advisory board for the Cherry Creek Innovation Campus (CCIC), and organizes the annual security conference, SnowFROC. In 2019, he published The Penetration Tester's Guide to Web Applications, an innovative resource that provides clear guidance on how to identify and exploit common web application vulnerabilities.
After his second SANS course, Serge pursued becoming a SANS Instructor. He saw students struggling with deeply technical topics that require a solid foundation to fully grasp and knew he could communicate this information in such a way that is both easy to understand and relevant to the student. “My teaching philosophy is all about keeping it real. What I bring to the classroom is my knowledge and experience over the last 15 years working on the front lines as a Sr. Security Engineer in enterprise security, and, more recently, running SpyderSec.”
In the classroom you’ll find him teaching SEC542: Web App Penetration Testing and Ethical Hacking and SEC522: Defending Web Applications Security Essentials. He holds the CISSP, GPEN, GWAPT, GCFA, and GWEB certifications. He has risen over the years to become an authoritative figure in the community, who is now approached for podcasts, radio and TV interviews, and provide expert consultation for publications. As he says, “I like being able to help people and sharing my expertise is my way of doing just that.”
Hear Serge talk about passwords, privacy and breaches here:
ADDITIONAL CONTRIBUTIONS BY SERGE BORSO:
AppSec DFIR 201, RSAC 2021, May 2021
Tech Tuesday: Azure's Front Door, April 2021
Increasing Visibility with Ixia's Vision ONE, June 2019
Everything I Learned and Wanted to Forget about WAFs, October 2018
Automating Open Source Security: A SANS Review of WhiteSource, September 2018
- Espial - OSINT tool for asset identification, service validation and vulnerability detection