Serge Borso

When it comes to cyber security, Serge is among the best possible instructors to learn from due to his experience, accomplishments, and, quite frankly, his personality. Duplicate badges to walk right through security and access a "secure" facility – did that. Dumpster diving for sensitive information outside of a financial institution – to him, that was “lots of fun.” Create an enterprise-wide, measurably successful security program for a billion-dollar company – one of his many accomplishments. All of them, in scope of the engagements. He’s an instructor for SEC488: Cloud Security Essentials, author of SEC388: Introduction to Cloud Computing & Security, a published author, President of the Denver Open Web Application Security Project (OWASP) chapter, founder and CEO of the cyber security consulting firm, SpyderSec, he’s discovered multiple 0-days, written OSINT tools for the community, and is a polished presenter who speaks regularly at national conferences. Truly, an expert in the field.

More About Serge


Computer Science has always interested Serge. He explains, “I find the field challenging, deep, technical and a provider of constant learning opportunities; and these are things that I greatly enjoy.” This appeal would lead him to earn a Master’s Degree in Computer Systems Security from Colorado Technical University.

Serge founded his cyber security consulting firm, SpyderSec, in 2015, which specializes in penetration testing, security awareness training, and OSINT gathering. In addition, he is also President of the Denver OWASP chapter, sits on the security advisory board for the Cherry Creek Innovation Campus (CCIC), and organizes the annual security conference, SnowFROC. In 2019, he published The Penetration Tester's Guide to Web Applications, an innovative resource that provides clear guidance on how to identify and exploit common web application vulnerabilities.

After his second SANS course, Serge pursued becoming a SANS Instructor. He saw students struggling with deeply technical topics that require a solid foundation to fully grasp and knew he could communicate this information in such a way that is both easy to understand and relevant to the student. “My teaching philosophy is all about keeping it real. What I bring to the classroom is my knowledge and experience over the last 15 years working on the front lines as a Sr. Security Engineer in enterprise security, and, more recently, running SpyderSec.”

In the classroom you’ll find him teaching SEC388: Introduction to Cloud Computing and Security and SEC488: Cloud Security Essentials. He holds the CISSP, GPEN, GWAPT, GCFA, and GWEB certifications. He has risen over the years to become an authoritative figure in the community, who is now approached for podcasts, radio and TV interviews, and to provide expert consultation for publications. As he says, “I like being able to help people and sharing my expertise is my way of doing just that.”

Hear Serge talk about cloud security here:





  • Espial - OSINT tool for asset identification, service validation and vulnerability detection