OASIS Board Member Spotlight Series: Q&A with Omar Santos

The OASIS Board of Directors are integral to the organization's success. Read our Q&A to gain a better sense of who they are and why they serve the OASIS community.

Meet Omar Santos, a renowned cybersecurity thought leader who leads several collaborative, industry-wide initiatives to enhance the security of critical infrastructures. With a prolific portfolio of more than 20 books, numerous academic papers, video courses, and technical articles, Santos has established himself as a preeminent authority in the field, significantly impacting the industry’s knowledge landscape.

Can you tell us about your current role?
I’m a Distinguished Engineer at Cisco; I work at the Security and Trust Office, leading AI security research, incident response, vulnerability research, and disclosure. Our organization helps protect Cisco and Cisco customers by researching, investigating, and disclosing vulnerabilities in Cisco products and cloud services. Our organization also has an offensive security team that researches advanced attack techniques, as well as a forensics team.

What inspired you to join the OASIS Board of Directors?
I was drawn to the OASIS Board of Directors due to its exemplary work in developing, converging, and promoting open standards for the global information society. The prospect of working alongside like-minded professionals dedicated to creating a secure and integrated digital ecosystem was extremely appealing for me. I was inspired by the opportunity to contribute my expertise in cybersecurity and AI towards shaping robust standards that can significantly enhance digital security and interoperability. Through my role on the board, I aspire to further the mission of OASIS in facilitating the development and adoption of open standards, and to drive meaningful advancements in cybersecurity, AI, and many other emerging technologies.

What has been your involvement at OASIS?
I serve as the chair for the Common Security Advisory Framework (CSAF) Technical Committee (TC) and am the convener of the OpenEoX TC, described here in my recent blog post. Over the past several years, my involvement and contributions have extended to numerous other TCs.

What types of skills/expertise do you bring to the OASIS Board, and how do you hope to make an impact as a board member during your term?
With a background in cybersecurity operations, I bring a deep passion to open standards that help accelerate a secure and interoperable digital ecosystem. My experience in these areas provides a practical perspective on the challenges and opportunities facing organizations when promoting innovation. My ongoing learning journey in Artificial Intelligence (AI) empowers me with insights into why open standards are more important than ever with these emerging technologies. This blend of expertise positions me to contribute significantly to the strategic discussions and initiatives of the OASIS Board.

I am particularly keen on collaborating with other OASIS board members and stakeholders, while advocating for the broader adoption of open standards across industries. During my term, I hope to drive initiatives that amplify the role of OASIS in advancing cybersecurity, AI implementations, and other technologies through open standards, and in promoting a culture of shared knowledge and collaborative problem-solving. My aim is to support OASIS in achieving its mission and in making a tangible impact on the global digital community.

What sets OASIS apart from other organizations?
I am exhilarated by OASIS’ commitment to the development, convergence, and adoption of open standards that drive today’s and the future digital transformation. OASIS brings together a diverse community of experts from different fields to work on common goals. OASIS promotes a highly collaborative and inclusive environment that encourages the convergence of ideas and expertise from a diverse range of stakeholders. This inclusivity enables the creation of robust and widely-accepted open standards that are crucial for addressing the complex digital challenges of our time.

OASIS operates with a high degree of transparency, ensuring that the process of standards development is open, democratic, and accessible to all parties. This transparency builds trust and consensus among stakeholders, which is fundamental for the widespread adoption and success of the standards developed. OASIS has a remarkable ability to engage with a broad spectrum of industries and sectors. OASIS is also revered for its technical excellence and the high-quality standards it produces. The rigorous technical review and consensus-building processes ensure that the standards developed are robust, scalable, and able to meet the evolving needs of the future.

OASIS has a rich history and a proven track record in developing and promoting open standards that are used by everyone nowadays. By bringing projects to OASIS, entities can leverage the collective expertise and experience of a global community of professionals dedicated to advancing our world and making a difference. All interested parties have an opportunity to contribute and have their voices heard. This openness promotes trust and encourages the broader adoption of the standards developed.

The cross-industry engagement allows for a holistic approach to problem-solving and standards development. The global footprint of OASIS and the recognition it enjoys in the international community ensure that the standards developed have a wide reach and a significant impact. OASIS’s adaptability to emerging technologies and its forward-thinking approach ensure that projects remain relevant in the face of rapidly evolving technologies. I am thrilled by the prospect of contributing to an organization that is at the forefront of shaping the digital future through open standards.

Do you have an impact story regarding your work in open source or open standards, or work that you’ve done at OASIS?
I brought the Common Vulnerability Reporting Framework (CVRF) to OASIS from ICASI under a new name: the Common Security Advisory Framework (CSAF). This is now an OASIS standard and in the middle of being introduced as an ISO standard. CSAF is used by numerous organizations around the world, including vendors, governments, and many other organizations.

What trends or changes do you see in the industry that are most exciting to you? How can OASIS position itself for what’s coming?
The integration of AI in all sectors, from healthcare and finance to cybersecurity, is revolutionizing how we analyze data, make decisions, and interact with digital systems. The potential for AI to drive efficiency and innovation is immense. We are seeing it every day. At the same time, there are a lot of risks. The European Union and the United States are increasingly acknowledging the evolving regulatory and policy framework concerning AI. A surge of guidelines around AI security, privacy, and ethics has been rolled out to ensure societal oversight over this technology. These regulatory measures are deemed essential not only to promote AI innovation but also to address the risks associated with it. Beyond mere regulation, it’s extremely important for organizations to create and implement AI technologies that are trustworthy and assume responsibility to alleviate the associated risks.

OASIS is actively engaging with emerging technology communities to stay ahead of the curve and influence the development of open standards from the early stages. OASIS is also launching educational initiatives to raise awareness about the implications of these trends and the crucial role of open standards in navigating them. We are engaging a broad spectrum of stakeholders to address the challenges and opportunities presented by these trends.

What’s a fun fact about you?
I love playing the piano and guitar. It’s a great way to relax and think differently, especially after spending a lot of time in front of the computer. Music helps me come up with new ideas and see things from a different angle, plus it’s just really enjoyable!