Spencer Gietzen

Cloud Security Researcher at CrowdStrike

Seattle, Washington, United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Spencer Gietzen is a cloud security researcher with a decade of hands-on experience securing AWS environments and building offensive tooling. Now at CrowdStrike, he blends research-driven insight with practical exploitation and automation skills honed as Lead Cloud Pentester at Rhino Security Labs. His open-source contributions include enhancements to Pacu—the well-known AWS exploitation framework—and automation improvements to CloudGoat, reflecting deep expertise in IAM, misconfiguration discovery, and security-focused DevOps. Spencer’s background in computer science and full-stack JavaScript, paired with business training, gives him a rare mix of technical depth and operational context. He is particularly adept at turning reconnaissance into repeatable tooling—examples include role-name bruteforcers and honeytoken checkers used to surface weak spots at scale. Based in Seattle, he focuses on pragmatic, research-backed approaches that improve cloud resilience while enabling rapid security validation.
code10 years of coding experience
bookBusiness Administration and Management, General, Business Administration and Management, General at Western Washington University
bookComputer Science, Computer Science at San Diego State University
bookFull Stack JavaScript, Full Stack JavaScript at Code Fellows
stackoverflow-logo

Stackoverflow

Stats
1reputation
0reached
0answers
0questions
github-logo-circle

Github Skills (26)

penetration-testing10
boto10
python10
scripting10
bash10
security-automation10
terraform10
security10
terraformer10
automation10
vulnerability-assessment10
aws10
automations10
cloud-security10
ias10

Programming languages (7)

ShellCJavaScriptGoHTMLPythonKotlin

Github contributions (5)

github-logo-circle
RhinoSecurityLabs/pacu

Jun 2018 - Jun 2020

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Role in this project:
userSecurity Engineer
Contributions:455 commits, 107 PRs, 162 pushes in 1 year 11 months
Contributions summary:Spencer primarily focused on enhancing the security posture of the AWS exploitation framework by adding features to interact with AWS services and automate tasks. The first commit added the capability to update the regions database. The subsequent commits focused on incorporating various measures, such as lowercasing inputs and adding the AWS CLI for enhanced command support. This implies a focus on security automation and potentially vulnerability detection and penetration testing.
pythonsecurityamazontestingpenetration-testing
RhinoSecurityLabs/cloudgoat

Jul 2018 - Aug 2019

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
Role in this project:
userDevOps Engineer & Security Engineer
Contributions:40 commits, 12 PRs, 14 pushes in 1 year
Contributions summary:Spencer primarily focused on automating and improving the deployment and security of the `CloudGoat` environment. They made significant changes to the `start.sh` and `kill.sh` scripts, incorporating Terraform for infrastructure provisioning and destruction. They also addressed security aspects by implementing checks for IP ranges and integrating the CloudGoat SSH key. Further contributions involved modifying scripts to include and exclude Glue development endpoints.
vulnerableaws-deploymentdeploymentsecuritydeployment-tool
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Spencer Gietzen - Cloud Security Researcher at CrowdStrike