homepage
Open menu

Serge Borso

When it comes to web application security and penetration testing, Serge is among the best possible instructors to learn from due to his experience, accomplishments, and, quite frankly, his personality. Duplicate badges to walk right through security and access a "secure" facility – did that. Dumpster diving for sensitive information outside of a financial institution – to him, that was “lots of fun.” Create an enterprise-wide, measurably successful security program for a billion-dollar company – one of his many accomplishments. All of them, in scope of the engagements. He’s an instructor for SEC488: Cloud Security Essentials, published author, President of the Denver Open Web Application Security Project (OWASP) chapter, founder and CEO of the cyber security consulting firm, SpyderSec, he’s discovered multiple 0-days, written OSINT tools for the community, and is a polished presenter who speaks regularly at national conferences. Truly, an expert in the field.

More About Serge
Specialties
Photo

Profile

Computer Science has always interested Serge. He explains, “I find the field challenging, deep, technical and a provider of constant learning opportunities; and these are things that I greatly enjoy.” This appeal would lead him to earn a Master’s Degree in Computer Systems Security from Colorado Technical University.

Serge founded his cyber security consulting firm, SpyderSec, in 2015, which specializes in penetration testing, security awareness training, and OSINT gathering. In addition, he is also President of the Denver OWASP chapter, sits on the security advisory board for the Cherry Creek Innovation Campus (CCIC), and organizes the annual security conference, SnowFROC. In 2019, he published The Penetration Tester's Guide to Web Applications, an innovative resource that provides clear guidance on how to identify and exploit common web application vulnerabilities.

After his second SANS course, Serge pursued becoming a SANS Instructor. He saw students struggling with deeply technical topics that require a solid foundation to fully grasp and knew he could communicate this information in such a way that is both easy to understand and relevant to the student. “My teaching philosophy is all about keeping it real. What I bring to the classroom is my knowledge and experience over the last 15 years working on the front lines as a Sr. Security Engineer in enterprise security, and, more recently, running SpyderSec.”

In the classroom you’ll find him teaching SEC542: Web App Penetration Testing and Ethical Hacking and SEC522: Defending Web Applications Security Essentials. He holds the CISSP, GPEN, GWAPT, GCFA, and GWEB certifications. He has risen over the years to become an authoritative figure in the community, who is now approached for podcasts, radio and TV interviews, and provide expert consultation for publications. As he says, “I like being able to help people and sharing my expertise is my way of doing just that.”

Hear Serge talk about passwords, privacy and breaches here:

ADDITIONAL CONTRIBUTIONS BY SERGE BORSO:

WEBCASTS

AppSec DFIR 201, RSAC 2021, May 2021

Tech Tuesday: Azure's Front Door, April 2021

Cloud Complexities: Navigating the Headwinds, Nov 2020

Securing the Future of Work: How to Achieve Complete Malware and Phishing Protection, August 2020

Increasing Visibility with Ixia's Vision ONE, June 2019

The Perimeter is gone. How can you protect your company and your corporate data?, November 2018

Everything I Learned and Wanted to Forget about WAFs, October 2018

Automating Open Source Security: A SANS Review of WhiteSource, September 2018

BreakingPoint: A Multi-Function Tool for Application and Security Testing, May 2018

The Impact Of Enterprise Web Application Trends Going Mainstream, February 2018

BOOKS

The Penetration Tester's Guide to Web Applications

TOOLS

  • Espial - OSINT tool for asset identification, service validation and vulnerability detection