Spencer Koch

Spencer Koch

Securimancy is the product of Spencer Koch, Principal Security Software Engineer at Reddit for the past 5 years. Right-hand to the CISO and one of the last remaining ’elders’, he works on anything and everything security and privacy related at Reddit.

Prior to Reddit, he served as the global offensive security director and North American CISO for Centrica, as the IT security manager and pentest monkey at Direct Energy, and before that, worked as a dirty management consultant at Deloitte, delivering some of the world’s largest SAP implementations with a focus on SAP security.

This blog shares insights and experiences from his career in information security, offering practical perspectives on security challenges and solutions. Any thoughts and opinions on this blog are his own and do not represent those of his employers, past or present.

Recent Posts

Dockerizing Tor Bridge

A guide to setting up a Tor bridge using Docker containers, including reviewing the setup script for security and configuring the bridge to help users in censored regions access the open internet.

HouSecCon 2019 Talk

I gave a talk at HouSecCon 2019 about building an offensive security department from scratch at a global energy company. Includes slides and video recording of the presentation.

Practical Application of Keylogger for Incident Response

A walkthrough of evaluating and implementing different PowerShell keylogger options for an cyber investigation, including testing simple keyloggers, PowerSploit, Nishang, and customizing a solution based on Shima’s keylogger.