Spencer Gietzen is a cloud security researcher with a decade of hands-on experience securing AWS environments and building offensive tooling. Now at CrowdStrike, he blends research-driven insight with practical exploitation and automation skills honed as Lead Cloud Pentester at Rhino Security Labs. His open-source contributions include enhancements to Pacu—the well-known AWS exploitation framework—and automation improvements to CloudGoat, reflecting deep expertise in IAM, misconfiguration discovery, and security-focused DevOps. Spencer’s background in computer science and full-stack JavaScript, paired with business training, gives him a rare mix of technical depth and operational context. He is particularly adept at turning reconnaissance into repeatable tooling—examples include role-name bruteforcers and honeytoken checkers used to surface weak spots at scale. Based in Seattle, he focuses on pragmatic, research-backed approaches that improve cloud resilience while enabling rapid security validation.
10 years of coding experience
Business Administration and Management, General, Business Administration and Management, General at Western Washington University
Computer Science, Computer Science at San Diego State University
Full Stack JavaScript, Full Stack JavaScript at Code Fellows
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Role in this project:
Security Engineer
Contributions:455 commits, 107 PRs, 162 pushes in 1 year 11 months
Contributions summary:Spencer primarily focused on enhancing the security posture of the AWS exploitation framework by adding features to interact with AWS services and automate tasks. The first commit added the capability to update the regions database. The subsequent commits focused on incorporating various measures, such as lowercasing inputs and adding the AWS CLI for enhanced command support. This implies a focus on security automation and potentially vulnerability detection and penetration testing.
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
Role in this project:
DevOps Engineer & Security Engineer
Contributions:40 commits, 12 PRs, 14 pushes in 1 year
Contributions summary:Spencer primarily focused on automating and improving the deployment and security of the `CloudGoat` environment. They made significant changes to the `start.sh` and `kill.sh` scripts, incorporating Terraform for infrastructure provisioning and destruction. They also addressed security aspects by implementing checks for IP ranges and integrating the CloudGoat SSH key. Further contributions involved modifying scripts to include and exclude Glue development endpoints.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Spencer Gietzen - Cloud Security Researcher at CrowdStrike