Spencer Koch

Offensive Security Professional – Various

Spencer Koch is an offensive security professional with extensive experience in both consulting and industry, having served as the former North American CISO at a large energy company. His passion lies in AppSec/pentesting, and he’s interested in improving the security status-quo while making security less painful for developers/sys-admins/users. He leads large-scale security transformation programs, successfully implementing realistic hardening initiatives, transforming AppSec from “print to PDF” SAST/DAST report generation to “developers come to talk to us for advice,” figuring out what’s “good enough” for security to throw “all the things” into the cloud, and automating the heck out of anything possible because who has time? Husband and father of two boy littles, based out of Houston currently, hailing originally from Dallas, and educated in Illinois.