conference overview

2009 Local Host


Diamond & Program

BT - Diamond

Platinum Sponsors

CERT/CC - Platinum Best Practices

JFIRST - Platinum Banquet

IPA - Platinum

Gold Sponsors

NRI Secure - Gold

NTT - Gold

IIJ - Gold & Internet

Microsoft - Gold

>> View the full 2009 <<
Sponsorship Team Here!


The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRT's) and includes response teams from 194 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.

The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the wider global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. Just as importantly, the conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries.

FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel. FIRST conferences cover a broad range of security related topics such as (but not limited to):

  • Advanced techniques in security incident prevention, detection and response.
  • Latest advances in computer and network security tools.
  • Shared views, experiences, and resolutions in the computer security incident response field.

The Conference

The conference is a five-day event running from Monday through Friday with registration starting at 14:00 on Sunday. Each day will begin with a keynote address and be followed by one or more invited speakers. The following presentations, SIGs and panel sessions will be split into three tracks; one focusing on issues central to Incident response, one focusing on managerial issues and the third on more wide ranging technical topics.

Features planned for this year's conference include:

  • Specialist tracks with increased focus on Management, Incident Response and Technical topics relevant to CSIRTs.
  • Case Studies — Lessons learned in dealing with real events, from discovery to remediation. Share practical experiences in dealing with cyber incidents along with the tools that provided most valuable.
  • SIG (Special Interest Group) meetings.
  • Vendor Showcase where vendors demonstrate their equipment.

The theme for the 2009 conference is Aftermath: Crafts and Lessons of Incident Recovery.

The conference language is English.

Conference attire is business casual.

Who can attend the conference?

You do not need to be a member of FIRST to attend the 21st Annual Conference. Any incident response and security team or security professional who has responsibility for coordinating how an organization responds to digital security incidents should be there. The conference will also be of interest to:

  • Technical staff who determine security product requirements and implement solutions
  • Policy and decision makers with overall security responsibility
  • Law enforcement staff who are involved in investigating cyber crimes
  • Legal counsel who work with policy and decision makers in establishing security policies
  • Senior managers directly charged with protecting their infrastructure
  • Government managers and senior executives who are responsible for protecting systems and critical infrastructures

Past participants at conferences have included CISOs, IR management, system and network administrators, software and hardware vendors, security solutions providers, ISPs, telecommunication providers and general computer and network security personnel.

Conference Benefits

FIRST conferences promote worldwide coordination and cooperation among Computer Security Incident Response Teams (CSIRTs). The conference provides a forum for sharing goals, ideas, information, and experiences on how to improve global computer security. The five-day event includes tutorials and technical sessions where a range of topics of interest to teams in this global response community will be discussed.

As well as sharing our focus on Incident Recovery, attending the 21st conference will enable you to:

  • Learn the latest security strategies in incident management
  • Increase your knowledge and technical insight about security problems and their solutions
  • Keep up-to-date with the latest incident response and prevention techniques
  • Gain insight on analyzing network vulnerabilities
  • Hear how the industry experts manage their security issues
  • Interact and network with colleagues from around the world to exchange ideas and advice on incident response

Conference Location

The 21st Annual FIRST Conference will be held at Hotel Granvia Kyoto at Kyoto Station, Japan. A block of rooms is being held for conference attendees at a discount rate of 21,500-25,000 JPY (approximate $231.45-$269.13 USD; approximate €168.55-€195.98 Euros*) depending on room type and dates of arrival and departure. These rates will be honored four days before and four days after the official meeting dates, based on availability. To receive the discount rate, you must make your reservation prior to June 1, 2009, and mention that you are attending the FIRST Computer Security Conference. Reservation requests received after June 1st will be accepted on a space and rate availability basis. All reservations must be made using an assigned password through the Granvia's online reservation service. Online reservations will be accepted from January 1-June 1, 2009.

Online room reservations will be available on the conference website starting January 5, 2009. Book your hotel now!

*Exchange rates are subject to change. Current rates posted 1/7/2009. Check exchange rates here:

Powered by Conference & Publication Services, LLC