FIRST is the global Forum of Incident Response and Security Teams

Current FIRST SIGs

• Academic Security SIG

  Space for discussion in order to reflect on our collective experiences, focus on current challenges and envision strategies on how we could work together to improve security in academic environments.

• AI Security SIG

  The mission of the AI Security Special Interest Group (SIG) is to advance the use and understanding of artificial intelligence (AI), with a particular emphasis on large language models (LLMs) for security and incident response.

• Automation SIG

  Provide a forum where members active in the field of Incidence Response (IR) automation can exchange best practices.

• Big Data SIG

  Incident Detection and Response at Scale.

• CSIRT Framework Development SIG

  The SIG will seek to involve experts interested in that work and provide a community to discuss improvements in need, existing gaps and (potential) new developments.

• CVSS SIG: Common Vulnerability Scoring System

  For a global approach towards scoring metrics for vulnerabilities.

• Cyber Insurance SIG

  To coordinate cyber insurance actuarial and modelling work with professional incident response and digital forensic teams.

• Cyber Threat Intelligence SIG

  To define Threat Intelligence in the commercial space.

• DNS Abuse SIG

  Understanding the international customary norms applicable for detecting and mitigating DNS abuse from the perspective of the global incident response community is critical for the open Internet’s stability, security and resiliency.

• Ethics SIG

  The Ethics SIG seeks to further the professionalization of the FIRST Community and improve the global understanding of SIRTs through the development of an ethical code for FIRST Members.

• Exploit Prediction Scoring System (EPSS)

  The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for predicting when software vulnerabilities will be exploited.

• FIRST Multi-Stakeholder Ransomware SIG

  This SIG will foster collective action among the FIRST constituents, peer security organizations, and other groups who are focusing on the Ransomware Response, mitigation, remediation, investigation, and prevention.

• Human Factors in Security SIG

  People have become the main driver for breaches but the human factors remain insufficiently addressed in the IT security sector. The mission of this SIG is to improve the understanding of human factors in security among security professionals worldwide. To achieve this goal we will facilitate a regular exchange on methods, measures and skill sets to effectively address the human factors in security.

• ICS SIG: Industrial Control Systems

  In ICS-SIG we bring together expertise from several sectors to create processes, best practices and incident response support recommendations and package useful open source tools for the ICS environments.

• IEP SIG: Information Exchange Policy

  The initial goals of this SIG are to collaboratively develop an extensible framework for defining information exchange policy and a set of standard definitions for most common aspects.

• Information Sharing SIG

  The core mission is to support existing and new FIRST members to practice information sharing and acquire feedback from the members to improve the information sharing practices.

• Malware Analysis

  This SIG will advocate and promote the sharing of malware analysis tools and techniques to enable CSIRTs to combat and analyze malicious code.

• Metrics SIG

  To improve CSIRT incident management practices within the FIRST community.

• NETSEC SIG

  To foster the deployment of inter-AS network security BCPs, coordinated mitigation, and information sharing.

• Passive DNS Exchange

  Develops and maintains a standard for exchanging passive DNS information between organizations.

• PSIRT SIG

  Drive the evolution of PSIRT practices by developing and maturing product response.

• Red Team SIG

  The Red Team SIG provides a forum for practitioners to discuss the state of the art for tools, technologies, processes and methodologies for red team activities and to share experiences and best practices.

• Retail and Consumer Packaged Goods (CPG) SIG

  Share the need to get together as incident responders and cyber threat management professionals, in order to share experiences, best practices and challenges to better protect our organizations.

• Security Lounge SIG

  Designs, develops, and conducts security challenge and competition exercises for the FIRST.org community.

• Threat Intel Coalition SIG

  To improve civil society organization’s access to threat intelligence, and help coordinate mitigation efforts to civil society organizations targeted by threat actors where possible.

• TLP SIG: Traffic Light Protocol

  The TLP SIG governs the standard definition of TLP for the benefit of the worldwide CSIRT community and its operational partners.

• Vulnerability Coordination SIG

  Develop and execute a strategy for improving vulnerability coordination globally.

• Vulnerability Reporting and Data Exchange SIG

  Primarily chartered to research and recommend ways to identify and exchange vulnerability information across disparate vulnerability databases.

• Women of FIRST

  Women of FIRST is a group of gender diverse security practitioners who aim to encourage the advancement and increased participation of women in all aspects of cyber security, through mentorship, knowledge sharing and networking.