Eric Johnson

IANS Faculty

    Eric is a co-founder and Principal Security Engineer at Puma Security focusing on cloud, DevSecOps automation, and static code analysis. His responsibilities include performing cloud security reviews, infrastructure as code automation, application security automation, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Prior to Puma Security, Eric spent 5 years as a Principal Security Consultant at an information security consulting firm helping companies deliver secure products to their customers, and another 10 years as an Information Security Engineer at a large US financial institution performing source code audits.
    Expertise
    • Cloud Security (AWS, Azure, GCP)
    • DevSecOps & Secure Development Lifecycle (SDL)
    • Source Code Analysis
    • Application & Product Security
    • Penetration Testing

    Achievements & Contributions

    • Senior Instructor with the SANS Institute, lead author of SEC540: Cloud Security and
      DevSecOps Automation, and co-author of SEC510: Public Cloud Security: AWS, Azure, and GCP
    • Speaker at conferences including RSA, BlackHat, OWASP, BSides, DevOps Days,
      fwd:cloudsec, and ISSA.
    • AWS Security & Identity Community Builder

    Certifications & Credentials

    • GIAC GCSA, GPCS, GWAPT, GSSP
    • ISC2 Certified Information Systems Security Professional (CISSP)
    • AWS Certified Developer
    • MS, Information Assurance and Computer Engineering - Iowa State University
    • BS, Computer Engineering - Iowa State University

    Hobbies & Fun Facts

    In his free time, Eric enjoys boating and wakeboarding in the Ozarks, playing golf, attending
    Iowa State football games, or in Louisville, at the horse track or bourbon tasting.