Spencer Alessi

Sr. Penetration Tester

United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Spencer Alessi is a Sr. Penetration Tester and former sysadmin with 12 years of hands-on experience helping organizations secure Active Directory and internal networks. At SecurIT360 he finds misconfigurations, vulnerabilities and realistic attack paths so defenders can harden environments, and he also hosts The Cyber Threat Perspective to share offensive security insights. A Microsoft MVP and active AD security contributor, Spencer has enhanced open-source tooling to detect and remediate AD CS weaknesses and improve restricted-admin compatibility. He blends practical sysadmin experience with offensive tradecraft, builds automation via PowerShell/Bash, and is known for making complex attack techniques actionable for defenders.
code12 years of coding experience
job4 years of employment as a software developer
bookB.S. Computer Science, B.S. Computer Science at SUNY Polytechnic Institute
bookCamden High School
github-logo-circle

Github Skills (10)

powershell10
audit10
vulnerabilities10
active-directory10
auditing10
code-auditing10
audit-logging10
scripting10
vulnerability10
audit-trail10

Programming languages (6)

PowerShellC#CSSRustJavaScriptPython

Github contributions (5)

github-logo-circle
jakehildreth/Locksmith

Nov 2022 - Jan 2023

A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
Role in this project:
userSecurity Engineer
Contributions:4 reviews, 9 commits, 14 PRs in 2 months
Contributions summary:Spencer primarily focused on enhancing the security auditing capabilities of the `locksmith` tool. They added functionality to detect and address common misconfigurations within Active Directory Certificate Services (AD CS), specifically targeting vulnerabilities like ESC1, ESC2, ESC4, ESC5, and ESC6. Their work involved modifying PowerShell scripts to identify issues, generate fixes, and implement a mode for automatically attempting to remediate the identified problems. They also addressed restricted admin mode compatibility.
windows-serversecuritytinyactivedirectorypowershell
techspence/techspence

Jul 2020 - Feb 2025

Contributions:13 pushes, 1 branch in 4 years 7 months
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Spencer Alessi - Sr. Penetration Tester