Gustavo Arreaza
About Me

I’m a Cybersecurity Engineer with over 10 years of international experience across the U.S. and LATAM, specializing in securing hybrid, cloud-native, and blockchain infrastructures.
My expertise includes Zero Trust architecture, DevSecOps, mobile application security, and compliance frameworks such as HIPAA, PCI-DSS, and ISO 27001.
As a contributor to the Cloud Security Alliance, a frequent speaker across four continents, and a technical content creator with over 17,000 YouTube subscribers, I bridge deep technical knowledge with engaging education and business alignment.
Key Contributions
- Methodology for Developing Secure Apps in the Cloud (MDSAC) — IEEE International Conference on Cyber Security and Cloud Computing (2019, Paris).
- Cited in Wikipedia: SAST.
- Referenced in Chile’s 2024 Cybersecurity Landscape by the Ministry of Science.
- Best Practices for Smart Contract Security — co-author, Cloud Security Alliance (2022, USA).
- Corda Enterprise 4.8 – Security Controls Checklist — contributor, Cloud Security Alliance (2021, USA).
- Microservices Architecture Pattern — co-author, Cloud Security Alliance (2021, USA).
Intellectual Property
- ATAS: AI-Powered Cybersecurity Training Framework and Tool (2021, Chile).
Educational Media
- Hands-On Android Penetration Testing — EC-Council (2025, USA).
Course Link
Presentations & Thought Leadership
- Former Cisco Instructor (2010–2012).
- Cybersecurity speaker in 4 out of 6 continents since 2018 (Americas, Europe, Africa, Asia).
Current Focus: AI & Cybersecurity
Founder of the .AI Cybersecurity Channel at Youtube @AppSecCLINC, exploring:
- Secure deployment of AI systems.
- Model integrity and privacy.
- Adversarial defense strategies.
Link to My Video
What open source contributions, research or visible leadership work have you done? If few, what 3 specific outcomes will you deliver in your first 90 days on the board in OWASP and how will members verify the progress?
I have authored and co-authored multiple research works with the Cloud Security Alliance, contributed to OWASP chapters in Chile and New York, and created global educational content such as the EC-Council’s Hands-On Android Penetration Testing course.
If elected, in my first 90 days I will:
- Launch a Global Chapter Health Dashboard to track activity and support transparency.
- Create an AI Security Task Force within OWASP to address risks in AI systems.
- Hold quarterly community calls where members can verify progress and provide feedback.
What do you see as the top three challenges for OWASP to increase impact and visibility worldwide? Please provide actionable plan which you can spearhead and lead if need be for the goals you plan to achieve
-
Staying relevant in emerging domains (AI, supply chain, cloud-native).
→ I will build new working groups to produce concrete outputs in these fields. -
Ensuring project and chapter sustainability.
→ I will pair projects with mentors and sponsors to reduce attrition and foster growth. -
Expanding global inclusion.
→ I will lead a program to provide grants, mentorship, and translations for underrepresented regions like LATAM, Africa, and the Middle East.
Several OWASP projects are stale and leads are unresponsive. If elected, what is your concrete, time bound plan to triage these projects, re-engage with inactive leads or relaunch based on clear criteria and timelines?
Within the first 6 months I will:
- Publish a project status report identifying stale projects.
- Reach out to inactive leads and give a 90-day response window.
- Relaunch projects by assigning new leads or archive them with community approval.
- Establish a mentorship program to empower new leaders to take over.
What kind of support will you provide for Arab countries in regard to trending legislation in security, privacy and data protection, for software, OT, and cloud? Will you plan for specific events to cover the growth of talents and skills in secure coding in this particular region?
I will:
- Promote regional OWASP Days in Arab countries focused on secure coding and compliance (GDPR, NCA, local data laws).
- Support translation of flagship projects like ASVS, SAMM, and OWASP Top 10 into Arabic.
- Build training initiatives with local universities to grow secure coding skills.
- Encourage cross-regional collaboration between Arab countries and other regions.