As Co-Chair of the Coalition for Secure AI (CoSAI), I lead initiatives to address the unique security challenges of artificial intelligence systems. CoSAI brings together stakeholders from industry, academia, and beyond to create holistic solutions for securely building, integrating, deploying, and operating AI applications. Our mission is to develop and share best practices, tools, and methodologies that mitigate risks such as model theft, data poisoning, prompt injection, membership inference attacks, and more.CoSAI's website: https://www.coalitionforsecureai.orgOur initial focus includes:Software Supply Chain Security for AI Systems: Extending SLSA Provenance to AI models, ensuring secure and auditable handling throughout the AI supply chain.Preparing Defenders for a Changing Cybersecurity Landscape: Developing a defender’s framework to guide investments and mitigation strategies against offensive cybersecurity capabilities of AI models.AI Risk Governance: Creating a comprehensive risk and controls taxonomy, readiness assessment checklists, and scorecards to guide organizations in managing AI-specific security risks.CoSAI’s founding members include industry leaders such as OpenAI, Anthropic, Amazon, Cisco, Cohere, GenLab, Google, IBM, Intel, Microsoft, Nvidia, Wiz, Chainguard, and PayPal. Numerous other companies have joined since. Together, our goal is to create a future where technology is not only cutting-edge but also secure-by-default.

As a member of the Board of Directors at OASIS Open, I have the privilege of serving a world-leading organization that promotes the fair, transparent development of open standards and projects. My role involves strategic decision-making, shaping policies, and advocating for initiatives that further our mission. I work closely with a diverse team of dedicated professionals, contributing my expertise to foster global collaboration and community across various technology sectors, including AI, cybersecurity, blockchain, IoT, emergency management, and cloud computing. In doing so, we together strive to advance technological innovation, making it accessible and standardized for everyone around the world.This role allows me to leverage my professional experience and passion for technology, contributing to a future where innovation is fair, standardized, and open for everyone, everywhere.

Mentoring and learning from a team of talented engineers and security researchers focused on developing innovative ways to modernize offensive and defensive cybersecurity programs. I also lead AI security research. Our work includes:- Pioneering new AI-driven security implementations to detect and neutralize threats.- Offensive security assessments in AI implementations.- Incident response, disclosure, and vulnerability research.

Principal Engineer of Cisco’s Product Security Incident Response Team (PSIRT) in the Security Research and Operations group. Led activities to help secure large-scale and mission-critical networks and systems. Constantly providing security guidance to teams developing and deploying microservices architecture, load balancing, and scaling techniques. Led cybersecurity investigations including on-premises and cloud-based infrastructures using platforms including AWS, Azure, and Google Cloud.Led the development of several programs to proactively enhance the security posture of Cisco’s products, while promoting collaboration and increasing productivity. Industry thought leader, able to lead corporate security strategy and many other aspects of cybersecurity.Drove hundreds of security vulnerabilities into resolution affecting dozens of Cisco products and security problems of the highest complexity. Influenced, defined and helped to develop repeatable and measurable procedures designed to increase resiliency and trustworthiness of Cisco products and cloud based services, as well as regulatory compliance. Key participant in setting overall technical and non-technical direction to the development lifecycle to help reduce the total product development cost by shifting discovery of security software defects to earlier phases of the development process.Led and directly influenced several industry-wide standards and initiatives such as the chair of the Common Security Advisory Framework (CSAF) and it's Vulnerability Exploitability eXchange (VEX) implementation, and Software Bill of Materials (SBOM) efforts. Board member of the Open Vulnerability and Assessment Language (OVAL). These standards and initiatives provide automation interfaces and machine-readable data formats related to vulnerability disclosure and information exchange. Worked with several federal government agencies and law enforcement during the investigation of very complex cyber-attacks.

Publications:Author of the following books:* CompTIA PenTest+ Certification Guide, ISBN-13: 978-0789760357* Developing Cybersecurity Programs and Polices, ISBN 9780789759405 * Security Penetration Testing (The Art of Hacking Series) LiveLessons, ISBN-13: 978-0-13-483449-8* CCNA Cyber Ops SECFND 210-250 Complete Video Course, ISBN-13: 978-0-13-464678-7* CCNA Cyber Ops SECOPS 210-255 Complete Video Course, ISBN-13: 978-0-13-466109-4* CCNA Cyber Ops SECOPS #210-255 Official Cert Guide, ISBN-13: 978-1587147036* CCNA Cyber Ops SECFND #210-250 Official Cert Guide, ISBN-13: 978-1587147029* Cisco Next-Generation Security Solutions: All-in-one Cisco ASA FirePOWER Services, NGIPS, and AMP, ISBN-13: 9781587144462* Cisco FirePOWER and Advanced Malware Protection LiveLessons, ISBN-13: 9780134468747* Network Security with NetFlow and IPFIX: Big Data Analytics for Information Security; ISBN-10: 1587144387* Cisco NetFlow LiveLessons, ISBN-13: 9780134469850* CCNA Security 210-260 Official Cert Guide, ISBN: 9781587205668* Cisco ASA 5500-X Series Next-Generation Firewalls LiveLessons (Workshop): Deploying and Troubleshooting Techniques, ISBN: 9781587205705* End-to-End Network Security: Defense-in-Depth – ISBN-10: 1-58705-332-2; ISBN-13: 978-1-58705-332-0* Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance – ISBN: 1587052091* Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition) ISBN-10: 1587058197* Cisco ASA Next-Generation Firewall, IPS, and VPN Services (3rd Edition) ISBN-10: 1587143070* Cisco Network Admission Control, Volume: Deployment and Management – ISBN: 158705225Other publications: Numerous whitepapers, webinars, security configuration guidelines/best practices, customer-facing blog posts, and other articles at Cisco and outside of Cisco.Omar's articles at Cisco Security Blog at: https://blogs.cisco.com/author/OmarSantosOmar's personal blog: https://becomingahacker.org

Mentored and led numerous engineers within the organization on security and non-security practices. Served as technical leader within the World Wide Security Practices where I designed, implemented, and supported numerous secure networks for Fortune 500 companies, including financial customers, health care providers, retail customers, cloud and service providers, and the U.S. government. Performed infrastructure, native application, wireless and web application penetration testing alongside of attacker threat modeling for dozens of companies.Key contributor of the development of technical strategy and understanding of business impact of security technologies translating them into business opportunities.Identified skills and business shortfalls within the WW Security Practice and helped establish programs to address them leading to new services, such as incident readiness reviews, ASA implementation services, security architectural and operational reviews.Took a lead role in working with customers, Cisco account teams and other resources on developing a strategy and the deployment of complex services and technologies. Acted as a mentor guiding technical development for other AS engineers, partners, and customers.Industry thought leader, able to speak to threats to intellectual property, the security aspects of social media, security strategy, security education & awareness, and many other aspects of cyber security.

Technical Leader and escalation engineer for Cisco's Technical Assistance Center (TAC), where I taught, led, and mentored many engineers to solve the most complex network security problems in firewalls, intrusion prevention systems (IPS), anomaly detection systems, network admission control, AAA, virtual private networks (VPNs), encryption, and identity-based services.Dozens of customer engagements, escalations, CAP cases, and security incidents throughout Cisco’s career with very positive outcomes, building influential relationship with customers and partners. Supported the growth of Cisco engineers by sharing ways they can implement best practices to enhance the overall security of Cisco products (engineering), support those products (TAC/AS) and also to be able to teach other engineers within their organization. Delivered dozens of technical presentations to key decision makers from Fortune 500 accounts that led to potential new services and product sales.

Held leadership positions to several organizations within the United States Marine Corps and DoD, focusing on the critical strategic and warfare situations of secure computer communications.Responsible for the deployment and troubleshooting of various types of communications hardware, data terminals, cryptographic devices, ground radar, nuclear, biological and chemical detection electronics, and a wide range of test equipment devices.Network administrator and web developer for internal sites, applications, and online collaboration tools that accelerated idea sharing and other application development for Command, Control, Communications, and Intelligence (C4I) activities across the Marine Corps.