Spencer Alessi is a Sr. Penetration Tester and former sysadmin with 12 years of hands-on experience helping organizations secure Active Directory and internal networks. At SecurIT360 he finds misconfigurations, vulnerabilities and realistic attack paths so defenders can harden environments, and he also hosts The Cyber Threat Perspective to share offensive security insights. A Microsoft MVP and active AD security contributor, Spencer has enhanced open-source tooling to detect and remediate AD CS weaknesses and improve restricted-admin compatibility. He blends practical sysadmin experience with offensive tradecraft, builds automation via PowerShell/Bash, and is known for making complex attack techniques actionable for defenders.
12 years of coding experience
4 years of employment as a software developer
B.S. Computer Science, B.S. Computer Science at SUNY Polytechnic Institute
A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
Role in this project:
Security Engineer
Contributions:4 reviews, 9 commits, 14 PRs in 2 months
Contributions summary:Spencer primarily focused on enhancing the security auditing capabilities of the `locksmith` tool. They added functionality to detect and address common misconfigurations within Active Directory Certificate Services (AD CS), specifically targeting vulnerabilities like ESC1, ESC2, ESC4, ESC5, and ESC6. Their work involved modifying PowerShell scripts to identify issues, generate fixes, and implement a mode for automatically attempting to remediate the identified problems. They also addressed restricted admin mode compatibility.
Contributions:13 pushes, 1 branch in 4 years 7 months
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.