Eric Johnson
Nov 20, 2024, 19:39
Title :
Eric Johnson
First Name :
Eric
Last Name :
Johnson
Designation :
IANS Faculty
Job Title :
Principal Security Engineer
Company :
Puma Security
Salesforce Contact ID :
0035a00002qSIwYAAW
LinkedIn URL :
Twitter URL :
Eric is a co-founder and Principal Security Engineer at Puma Security focusing on cloud, DevSecOps automation, and static code analysis. His responsibilities include performing cloud security reviews, infrastructure as code automation, application security automation, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Prior to Puma Security, Eric spent 5 years as a Principal Security Consultant at an information security consulting firm helping companies deliver secure products to their customers, and another 10 years as an Information Security Engineer at a large US financial institution performing source code audits.
- Cloud Security (AWS, Azure, GCP)
- DevSecOps & Secure Development Lifecycle (SDL)
- Source Code Analysis
- Application & Product Security
- Penetration Testing
- Senior Instructor with the SANS Institute, lead author of SEC540: Cloud Security and
DevSecOps Automation, and co-author of SEC510: Public Cloud Security: AWS, Azure, and GCP - Speaker at conferences including RSA, BlackHat, OWASP, BSides, DevOps Days,
fwd:cloudsec, and ISSA. - AWS Security & Identity Community Builder
- GIAC GCSA, GPCS, GWAPT, GSSP
- ISC2 Certified Information Systems Security Professional (CISSP)
- AWS Certified Developer
- MS, Information Assurance and Computer Engineering - Iowa State University
- BS, Computer Engineering - Iowa State University
In his free time, Eric enjoys boating and wakeboarding in the Ozarks, playing golf, attending
Iowa State football games, or in Louisville, at the horse track or bourbon tasting.
Eric Johnson joined the IANS Faculty in 2022. He provides clients with deep domain-level insights across cloud security, DevSecOps & secure development lifecycle, source code analysis, application & product security, penetration testing.
