Strengthening the community of Incident Response and Security Teams

by Thomas Schreck, FIRST Board of Directors
Tuesday, October 31th, 2017

FIRST was created so that Computer Security Incident Response Teams (CSIRTs), can share best practices and exchange information. This with an overarching goal to enable them to react more efficiently to security incidents. After almost 30 years, this sharing is more important than ever before. However, a lot has changed since FIRST was started and in order to continue to make progress on our goals, it’s important for us to understand the needs of our members, to offer the right tools for them to collaborate.

In the last four months as Chair, I talked with a lot of members, discussed with experts in our community, and also had a several great conversations with other security community members. These conversations have been instrumental in allowing me to understand our community.

In the first week of October, the FIRST Board had its fall meeting in Montreal where we conducted a strategy, weaknesses, opportunities and threats (SWOT) workshop. It was a very productive and at times controversial discussion, and it helped us as a group to better understand our organisation.

Using this input, we are working to further improve member services, but also position FIRST as an organization which educates and represents the work of its technical community. We’re currently planning out some new initiatives which we look forward to announcing soon, through this blog and other channels. We’re really looking forward to partnering with our community, our partners and our sponsors on these initiatives.

One example here is that we are currently drafting a Welcome Kit which should help new teams to get a better overview of our services and how they can use them. Further this Welcome Kit should also help teams which have a change in management to better show the value proposition of FIRST.

Lastly, we’re inviting everyone to participate in our events, and whilst there, make your voices heard on where you would like to see FIRST go. One place where you can start, is our Technical Symposium about Cyber Threat Intelligence in cooperation with OASIS. At this event, practitioners will meet tool developers and standardization professionals to help work on new protocols, supporting one of our key goals:

"We develop standards, provide guidance on information sharing, and enable teams to share information and brainstorm at events"

Another event where we bring together an underrepresented community is the FIRST-ITU Regional Symposium & Cyber Drill for Africa and Arab Regions. We are working with ITU to facilitate an open forum, where security teams in that region can meet and discuss their current problems and maybe start working on new approaches to tackle those. Further we bring in experts around the world to talk about their experience in the field of incident response.

You can always share your thoughts with me.