FIRST - Improving Security Together 18th Annual FIRST Conference - June 2006 - Baltimore, Maryland

Conference program

Platinum Sponsor


Silver Sponsor


Local Host

CERT Coordination Center

Supporting Sponsors






Korea CertCC

Program Summary

June 24th (Saturday)
09:00 – 17:00

Train the Trainers Workshop (T3) (Other Related Event)

June 25th (Sunday)
09:00 – 17:00

Train the Trainers Workshop (T3) (Other Related Event)

09:00 – 17:00

Vendors Special Interest Group (SIG) Meeting (Other Related Event)

16:00 – 17:00

Program Committee Meeting (Special Sessions)

19:00 – 21:00

Welcome Icebreaker Reception (Social Event)

June 26th (Monday)
09:00 – 17:30

Tutorials (Main Conference)

18:00 – 19:00

Pre-AGM Meeting (Special Sessions)

June 27th (Tuesday)
09:00 – 17:30

Tutorials (Main Conference)

14:30 – 17:30

Joint Law Enforcement Workshop (Other Related Event)

19:00 – 21:00

Birds of a Feather (BoF) Sessions (Special Sessions)

June 28th (Wednesday)
09:00 – 17:30

Technical and management sessions (Main Conference)

19:00 – 23:00

Evening at the Aquarium (Social Event)

June 29th (Thursday)
09:00 – 15:00

Technical and management sessions (Main Conference)

15:30 – 17:30

FIRST Annual General Meeting (Special Sessions)

June 30th (Friday)
09:00 – 15:30

Technical and management sessions (Main Conference)

15:30 – 16:00


Main Conference

June 26–29, 09:00–17:30
June 30, 09:00–16:00

Over 37 countries are represented at the Annual FIRST Conference - the crossroads where security professionals, policy and decision makers with security responsibility, technical staff who implement security solutions, computer security teams, law enforcement, vendors, and other IT professionals from all over the world come together to exchange viewpoints, ideas and experiences. The latest approaches for front line protection and prevention techniques, incident response, vulnerability analysis, forensics, and related aspects of computer security are presented at this 18th Annual FIRST Conference.

The 2006 conference program combines both management and technical presentations, updates on FIRST activities, and a selection of topics sure to be of interest to the global CSIRT community. Our keynote speakers include:

  • Richard D. Pethia, Director of the CERT Program in the Software Engineering Institute at Carnegie Mellon University, and one of the founding members of FIRST.
  • Rob Thomas, Chief Executive Officer and a founding member of Team Cymru
  • Bruce Schneier, founder and Chief Technical Officer of Counterpane Internet Security, Inc.


June 26–27, 09:00–17:30

Eight half-day tutorial sessions are scheduled this year on Monday and Tuesday, June 26 and 27:

  • Exploring the Next Level of Cyber Attacks: Methodologies and Demonstration of Web Application Hacks
  • Evaluating CSIRT Operations
  • Log Data Analysis for Incident Response
  • IT Security Teams and Outsourced Managed Security Services - Working Together
  • Secure Coding in C+ and C++
  • Design Your network to Aid Forensics Investigations
  • Next Steps in Bridging the Gap
  • Honeypot Technology: Principles and Applications

These focused tutorials are conducted by respected experts in the global incident response community and will provide both beginner and experienced attendees with an opportunity to expand their knowledge on relevant topics in incident handling and management.

Special Sessions

Program Committee Meeting

Sunday, June 25, 16:00–18:00

A special meeting for the Program Committee will be held. The Program Chair will discuss logistics for Program Committee members who are assigned to be session chairs for the conference. This meeting will take place in the Renaissance Harborplace Hotel in the Federal Hill Room.

Pre-AGM Discussions and AGM Meeting (FIRST members only)

Monday, June 26, 18:00–19:00 (Pre-AGM)
Thursday, June 28, 15:30–17:30 (AGM)

Each year, FIRST team members formally meet at the AGM, a closed meeting held during the FIRST annual conference, providing a platform for teams to discuss specific issues of common interest to the FIRST membership, FIRST activities, initiatives and plans that affect the FIRST organization as a whole. The Pre-AGM meeting provides an opportunity for topics to be introduced and discussed in preparation for the AGM.

Each team is expected to be represented. Attendance and participation at the FIRST AGM is limited to FIRST Team Representatives, FIRST Team Members and their invited guests.

Bird-of-a-Feather Sessions (BoFs)

Tuesday, June 27, 19:00–21:00

These informal, interactive information gatherings are a staple of most conferences, including FIRST. They are organized for and by attendees who are interested in a particular topic. BoFs are a great way for attendees to meet their peers from around the world, to network and exchange ideas, discuss issues, and share experiences and solutions.

We already have some BoF topics scheduled: Key Signing, Educational Committee, CSIH Certification, Common Malware Enumeration (CME), Information Operations Tools. We encourage conference attendees to suggest other topics they would like to see or would be willing to lead. BoFs may also be scheduled during the conference at the Registration Desk.

BoF Sessions are open to all conference registrants.

Teams with National Responsibility

Friday, June 30, in the afternoon

This is an opportunity for CSIRTs who have national responsibility to share with other conference participants information about the team's current activities, projects, initiatives, etc. All CSIRTs, FIRST Members or not, are encouraged to come hear about these new teams. This year, the session will be held on Friday, June 30. To arrange a short presentation, please contact the Program Chair.

Others Related Events

Train the Trainers Workshop (T3)

Saturday, June 24, 09:00–17:00
Sunday, June 25, 09:00–17:00

Thanks to the TRANSITS* (Training of Network Security Incident Teams Staff) project, FIRST is planning the third "Train The Trainers" Workshop. The T3 workshop will consist of two full-day training session in CSIRT issues for potential instructors of TRANSITS. At the first step, the goal for T3 was to enhance the security training opportunities especially in Latin America and Asia-Pacific, regions where typically there are no enough training opportunities. Now by the agreement between FIRST and TERENA, FIRST is targeting also other regions to reach and enhance the capability of FIRST to secure the internet environment.

The T3 is a different event with usual TRANSITS course. The purpose of this workshop will be to provide the TRANSITS material to potential trainers in these areas, help them to familiarize with the contents, and give them the tools to deliver the training course themselves in their region.

In the past several years, various TRANSITS courses were held in the regions by the trainers that completed this course. Since FIRST started to organize the training event, three courses in Asia, three courses in Latin America and one course in Africa was held. Additionally FIRST is planning a course in the middle east region, where has a big movement these days.

As FIRST is planning to organize more training courses in the region, potential trainers are welcomed to join and expand the training opportunities and also enhance the CSIRT capabilities in their region.

Many potential trainers in the region are invited to the course and FIRST asks the potential trainers to attend the course which will be held two days ahead the main 2006 FIRST conference. Not only the potential trainers, but also the FIRST member experts in training are expected to come and share the experiences for security training. By the brainstorming during the event will give the chance to understand how to reach the trainees in different culture and enlarge the FIRST training resources.

Arnold Yoon (Educational Committee Chair) is coordinating the event and please contact him for further information,

(*) TRANSITS has been organized by two partners, TERENA and UKERNA, and is supported by the European Commission. Also, FIRST, TERENA and UKERNA are paying efforts with the common agreements for the training efforts over the world.

Vendors Special Interest Group (SIG)

Sunday, June 25, 09:00–17:00

Vendor SIG (Special Interest Group) is a forum that is aimed exclusively at Internet Infrastructure vendors. In this context the Internet infrastructure is considered to be Operating Systems, computer hardware, networking equipment and critical applications. One of the main themes is formulating and propagating best practices in the area of handling product security vulnerabilities—not only on a technical level but also on organizational, legal and other relevant levels. Vendor SIG facilitates sharing of information and experience among various groups internal to the involved vendors.

Have you ever wondered “Who are the people responsible for handling security vulnerabilities in IBM, Sun, MicroSoft or Cisco?” Join vendor SIG and you will have direct access to them and to their peers in other vendors represented in the forum. Would you like to influence the current state of the art in this area? Vendor SIG is willing to listen to you.

In order to attend the meeting you must be either a vendor or invited guest. For more information on Vendor SIG consult

Joint Law Enforcement Workshop (Hosted by FIRST and G8 Lyon Group)

Tuesday, June 27, 14:30–17:30

At 2005' AGM in Singapore, FIRST member teams voted and decided to encourage Law Enforcement entities to join the FIRST community. Since then we have one Law Enforcement member newly joined the FIRST. Although CSIRT members have made that decision, many of the member teams have some concerns and little idea how to work together with multi national Law Enforcements.

This "CSIRTs meet LEs, LEs meet CSIRTs" workshop is to bridge the gap between two different community by introducing each mission, policy and culture of responding cyber incidents and information handling. Also the existing case studies of partnership and collaboration between CSIRT and Law Enforcement will be introduced.

Social Events

Welcome Icebreaker Reception

Sunday, June 25, 19:00–21:00

The Icebreaker Reception is an excellent way to kick of the week. Meet old friends and make new ones. Dress is casual.

An Evening at the Aquarium

Wednesday, June 28, 19:00–23:00

This year our conference dinner, the social highlight of the week, will be held at Baltimore Aquarium We will have the entire aquarium to ourselves with food stations and bars placed throughout the building. You will be able to enjoy the exhibits and talk with friends as you move from one end of the aquarium to the other. Later in the evening we will be treated with a private dolphin show followed by dessert and coffee.