Avatar

Omar Santos

Distinguished Engineer

Cisco Product Security Incident Response Team (PSIRT) Security Research and Operations

Omar Santos is a Distinguished Engineer at Cisco focusing on artificial intelligence (AI) security, cybersecurity research, incident response, and vulnerability disclosure. He is a board member of the OASIS Open standards organization and the founder of OpenEoX. Omar's collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI). Omar is the co-chair of the FIRST PSIRT Special Interest Group (SIG). Omar is the lead of the DEF CON Red Team Village and the chair of the Common Security Advisory Framework (CSAF) technical committee. Omar is the author of over 25 books, 21 video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. He employs his deep understanding of these disciplines to help organizations stay ahead of emerging threats. His dedication to cybersecurity has made a significant impact on technology standards, businesses, academic institutions, government agencies, and other entities striving to improve their cybersecurity programs. Prior to Cisco, Omar served in the United States Marines focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer and Intelligence (C4I) systems.

Articles

April 2, 2013

SECURITY

I Can’t Keep Up with All These Cisco Security Advisories: Do I Have to Upgrade?

11 min read

"A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?" This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don't panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.

March 29, 2013

SECURITY

March Madness May Equal to Malware Madness

4 min read

Are you excited about March Madness? Turn on a TV and it will be hard to avoid the games, the news, the commentaries, and the jokes about it. If you eavesdrop in any restaurant, bar, or office conversation, I can assure you that you will hear something about it. Even U.S. President Barack Obama filled out a March […]

January 22, 2013

SECURITY

Happy New Exploit Kits! (I mean Happy Belated New Year!)

4 min read

This article discusses the increasing prevalence of exploit kits and drive-by exploits being leveraged by cyber criminals to spread malware quickly and effectively. It also highlights the use of Cisco Cloud Web Security, particularly in conjunction with Cisco ASAs, to reduce the risk of your networks and users falling victim to these exploit kits.

January 15, 2013

SECURITY

Red October in January: The Cyber Espionage Era

6 min read

Researchers from Kaspersky Lab have released information about a large-scale cyber espionage campaign called Operation Red October (otherwise known as Rocra). The report has garnered the attention of multiple news agencies and generated many published articles since the Kaspersky report has claimed that attackers were targeting hundreds of diplomatic, governmental, and scientific organizations in numerous countries. These reports indicate that the command-and-control (C&C) infrastructure that is used on these attacks receives stolen information using more than 60 domain names to hide its identity. Furthermore, this information appears to be funneled into a second tier of proxy servers. These are very clever attacks that many are now claiming have been taking place for more than five years! Red October is being compared with other malware that has been associated with cyber espionage such as Duqu, Flame, and Gauss.

January 11, 2013

SECURITY

New Java Vulnerability Being Exploited in the Wild

2 min read

The new Oracle Java arbitrary code execution vulnerability  has not only hit many news wires and social media outlets, but many victims as well, and it has been incorporated into several exploit kits. This critical vulnerability, as documented in IntelliShield alert 27845, could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system with the […]

December 18, 2012

SECURITY

Let’s Hack Some Cisco Gear at SecCon!

4 min read

Here's the second in a series of posts discussing how Cisco SecCon 2012 (December 3-6) brought together hundreds of engineers, live and virtually, from Cisco offices around the globe with one common goal: to share their knowledge and learn best practices about how to increase the overall security posture of Cisco products.

November 26, 2012

SECURITY

The Day I Lost My Mobile with Sensitive Corporate Data

2 min read

It was a dark, cold, and scary night when I returned from dinner with friends and noticed that my mobile phone was missing. It had corporate sensitive data such as emails, calendar events, and documents, as well as personal data (including pictures, videos and other documents). Well, let me be honest with you, I didn’t […]

November 15, 2012

SECURITY

BYOD Presentations at Cisco Live Cancun 2012

4 min read

I just returned from Cancun after delivering a BYOD seminar, as part of Cisco Live Mexico 2012. Bring your own device (BYOD) was a hot topic at Cisco Live in Cancun. There were several in-depth presentations regarding the architecture, design, implementation, and troubleshooting of all the technologies related to BYOD. I had the pleasure and opportunity […]