Eric Johnson is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. He is the lead author and instructor for DEV544 Secure Coding in .NET, as well as an instructor for DEV541 Secure Coding in Java/JEE. Eric serves on the advisory board for the SANS Securing the Human Developer awareness training program and is a contributing author for the developer security awareness modules. His experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research, and developing security tools. Eric completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications. He is located in West Des Moines, IA and outside the office enjoys spending time with his wife and daughter, attending Iowa State athletic events, and golfing on the weekends.
Listen to Eric discuss "WhatWorks in AppSec: ASP.NET Identity and AntiForgery Tokens" in this SANS webcast.
"I learned a ton of very valuable security techniques today. Eric has a knack for explaining complex topics in a way that makes them easy to understand." - Phil McCullough, ARRT
"This was a great course! Eric was able to help me shift my thinking from development to securing my apps and corporation." - Matt Brundage, Magellan Midstream Partners