Conference News

FIRST Annual Conference

The event offers conferences, keynote presentations and activities designed to maximize network opportunities and information exchanges on information security and incident response.

Join the interview in progress! Martin chats with Alex Pinto, Chief Data Scientist at Niddel and lead of the MLSec Project on his upcoming presentation, “Beyond Matching: Applying Data Science Techniques to IOC-Based Detection.” Alex talks about the glamorous life of a data scientist and shares some of the key takeaways from his presentation. Alex presents on Monday, June 12 at 11:15-12:00.

Join the interview in progress featuring Ben Stock, post-doc researcher at CISPA, Saarland University as he discusses the highlights of his research regarding vulnerability notification. Ben and his colleague Christian Rossow, Professor of IT Security at CISPA, Saarland University will be presenting, “Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification,” on Tuesday, June 13th at 11:45-12:15.

Join this week’s interview in progress as the guys talk TRUST. Lewis Philbey, Cyber-security Lead at Surevine shares his insight on issues that companies of all sizes face when sharing information. The guys also hit on some of the hurdles individuals new to the information security world face within group sharing and why organizations like FIRST exist to vet and foster trusted forums. Surevine is the official sponsor of the Sunday Ice Breaker Reception on June 11th. We’ll see you there!

Join the interview in progress featuring seasoned forensic investigator, Chad Tilbury. Chad is currently the Technical Director at CrowdStrike and a Senior Instructor at the SANS Institute. Windows credentials are arguably the largest vulnerability affecting the modern enterprise. Martin, Chris, and Chad talk common attacks, mitigation techniques, best practices, and what to attendees can expect to take away from Chad's workshop. Chad presents Monday, June 12 from 11:15-12:45 at the 29th Annual FIRST Conference at the Caribe Hilton, San Juan, Puerto Rico.

Join the interview in progress! FIRST's official podcast team, Martin McKeay and Chris John Riley, are back! Martin and Chris kick off this year's series with FIRST Board of Director and 2017 Conference Liaison, Derrick Scholl. Amazing programming and new opportunities are abundant this year. Find out more about how you can make the most of your time at the 29th Annual FIRST Conference and what NOT to miss out.

In addition to the main conference programming, additional pre and post conference programming is now available for review. Please be sure to review as additional registration may be required for certain events/meetings.

Additional rooms have been added to the FIRST room block at the Caribe Hilton. Please act fast as these rooms will fill up.

The working draft of the 29th Annual FIRST Conference agenda has been posted. Please note that the agenda will be undergoing modifications over the next few weeks as we confirm our speakers. For any specific scheduling questions, please contact the planning team at first-2017@first.org.

The FIRST Board of Directors recognizes and shares the concerns of members and event attendees about recent changes in US immigration policy. We believe global participation is a prerequisite to developing strong and successful responses to internet security issues.

For the first time the call was not extended, as a satisfying number of submissions from around the world have been received in time. Actually we have a representation of over 40 countries. While the number of submissions is much higher and much diverse from the previous years there is also a considerable lower number of presentations from the US, showing that the incident response and security teams have really become international. This year's conference chair, Prof. Dr. Klaus-Peter Kossakowski, a long term veteran in the cyber security community and past chair of FIRST, is looking forward for a fruitful discussion within the Program Committee consisting of over 60 volunteers. The reviews will be carried within the next six weeks. He is confident that a very interesting program will be presented in early February 2017 to the public.

The Forum of Incident Response and Security Teams (FIRST), a recognized global leader in incident response has released the Call for Speakers for the 29th Annual FIRST Conference to be held in Puerto Rico, June 11-17, 2017. The Program Committee is looking for presentations on leading-edge research, challenging discoveries, working solutions and established best practices already adopted by more than a single team. They also invite fresh ideas and challenges presented to the global community for discussion and consideration.

Join the interview in progress! The discussion dives into the very relevant issues that the AnubisNetworks team has been researching and fighting that have been arising out of the Asia-Pacific region. Chris chats with Joao Gouveia, CTO at AnubisNetworks and Nuno Vieira da Silva, Head of Sales at AnubisNetworks. AnubisNetworks has been a supporter and sponsor of the Annual FIRST Conference since 2015.

Join the interview in progress! Martin chats with Alex Sierra, CTO of Niddel and Alex Pinto, Chief Data Scientist at Niddel about their presentation, "Sharing is Caring: Understanding and Measuring Sharing Effectiveness." This presentation was delivered at the 28th Annual FIRST Conference in Seoul, South Korea, June 13, 2016.

The Forum of Incident Response and Security Teams (FIRST), a recognized global leader in incident response has successfully finished its 28th Annual Conference, which takes place this June (12th – 18th) in Seoul, South Korea. Co-hosted by the MSIP (Ministry of Science, ICT and Future Planning), KISA (Korea Internet Security Agency) and KrCERT/CC, the conference was held at Conrad Seoul.

Join the interview in progress! Stuart Murdoch and Chris John Riley tackle the messy subject of breach disclosures and how different companies and countries are handling the information sharing process. Does mandating this type of information sharing actually reduce the amount of information being shared? What are the platforms/infrastructure available? Stuart is Founder and CEO of Surevine, an SME specializing in smart and secure collaboration technology. Surevine is the official sponsor of the Ice Breaker Reception at the 28th Annual FIRST Conference in Seoul, South Korea. Meet Surevine on Sunday evening, June 12th and then again Tuesday, June 14th-16th at FIRSTCON16.

Join the interview in progress! Founder of Bluekaizen (a company focused on cyber security education), Moataz joins Chris Jon Riley to discuss the global issue facing organizations today – identifying and hiring skilled cyber security professionals. Moataz presents his full presentation on Wednesday, June 15th @ 16:00-16:30 at the 28th Annual FIRST Conference in Seoul, South Korea.

Join the interview in progress! While cyber-insurance isn’t necessarily anything new, it has emerged as a hot topic amongst the C-suite and those in charge of mitigating corporate risk in recent years. Marie and Eireann discuss their thoughts and research on the area of cyber-insurance, real-life cases, and why CERTs should be collaborating with insurance companies. Join Marie and Eireann for their full presentation at FIRST 2016 Seoul on Tuesday, June 14th at 15:00.

Join the interview in progress! This week’s podcast features Jason Jones, Senior Security Researcher for Arbor Networks’ ASERT team. Jason talks a little bit about his current research at Arbor that focuses on issues in South Korea as well as his upcoming presentation at FIRST 2016, “Tasty Malware Analysis with T.A.C.O.: Bringing Cuckoo Metadata into IDA Pro.” Jason presents on Monday, June 13th at 17:00.

Join the interview in progress! Art and Chris discuss their upcoming tutorial session at FIRST 2016, “Coordinate Vulnerability Disclosure for Vendors.” Their upcoming session is aimed to help vendors, providers, and CSIRTs grow their capability to handle vulnerability reports from external researchers. Art and Chris are both members of the Vulnerability Analysis Team at CERT/CC. Check their session on Monday, June 13 at 13:00 at the 28th Annual FIRST Conference.

Join the interview in progress! FIRST’s podcast duo of Martin McKeay and Chris John Riley sit down with Sparky Komiyama (JPCERT/CC) and talk about his role as conference liaison, some hints on the annual banquet dinner, and what to expect in Seoul. Gain insights in to the upcoming conference program, keynotes, and some presentations that Sparky is looking forward to hearing at the 28th Annual FIRST Conference, June 12-17, 2016 in Seoul, South Korea.

If you would still like to stay on property, please send an email to first-2016@first.org with your name, arrival date, departure date, and Hilton Honors # (if applicable). The hotel will do their best to offer their next best available rate to our participants.

Due to the record high number of submissions this year, the review process is running slightly behind schedule. We appreciate your patience and hope to issue notifications February 25, 2016. For questions regarding your submission, please contact the Program Chair at first-2016chair@first.org.

Recorded live from the 27th Annual FIRST Conference in Berlin, Germany. Martin and Chris chat with long-time supporter of the FIRST community and annual conference, Ray Stanton about the growth of the organization, attendee profiles, and what to expect next. Ray is Executive Vice President with BT Advise and has more than 27 years or experience in information technology and security.

Join the interview in progress featuring Seth Hanford, Manager of the Detection & Response Team at TIAA-CREF and chair of the CVSS Special Interest Group (SIG). Hear the latest updates on the specification and what to expect during conference week. Seth will be leading the CVSS v3 Hands-on Training session on Wednesday, June 17th at 10:30. There is also a scheduled CVSS Birds of a Feather session set for Monday, June 15th at 11am.

Join the interview in progress featuring Jake Kouns of Risk Based Security. Coffee machines, HVAC systems… What are the present-day issues facing enterprise corporations as more and more of our daily devices become connected? Jake gives some brief insight on his upcoming presentation at FIRST 2015. Jake and co-presenter, Carsten Eiram (Risk Based Security) present, “Bring Your Own Internet of Things,” Tuesday, June 16th at 14:45.

Join our interview in progress featuring Marie Moe and Eireann Leverett. Marie and Eireann discuss their upcoming presentation, “I’m Sorry to Inform You…,” focusing on last summer’s spear-phishing attacks on Norwegian Oil, Gas, and Energy sectors and the challenges of victim notification. “I’m Sorry to Inform You…,” is scheduled for Monday, June 15th at 13:00.’

Kicking it off with key 2015 players – Conference Liaison and Board Member, Derrick Scholl and 2015 Program Chair, Rob Floodeen. Gain insight on the creative process behind assembling and identifying conference content and the challenges of chairing a FIRST conference. Learn about our local hosts, events, and what to expect this June. *Please note that since the recording, there have been several program and keynote changes. For the latest program agenda, please be sure to view https://www.first.org/conference/2015/program.

FIRST is thrilled to announce the return of General Dynamics Fidelis Cybersecurity Solutions as a Gold Sponsor for 2015. The organization has been proudly supporting the annual FIRST conference and community since 2011. We look forward to having their team with us in Berlin.

Join the interview in progress featuring Raj Rajagopalan, Senior Principal Research Scientist at Honeywell; Simon Ou, Associate Professor of Computer Science at Kansas State University; and Dan Moor, Technical Lead, Digital Investigation Services at HP. Listen to the trio discuss the study, how they came up with the idea, and the importance of their findings in this ongoing study. The three presented their findings on June 25th at the 2014 FIRST Conference in Boston.

Join our interview in progress featuring Tim Slaybaugh, Forensic/Malware Analyst at Northrup Grumman as he gives us some insight into his presentation, “Pass-the-Hash: Gaining Root Access to Your Network” at the 26th Annual FIRST Conference. Tim has presented at the Federal Law Enforcement Training Center and often speaks at national and international conferences on current topics in computer forensic analysis. Tim presents on June 24th 10-11:00 in the Terrace Ballroom at the Boston Park Plaza.

Join our interview in progress featuring Art Manion of CERT/CC. Art discusses his research findings, the trend of bug bounties, responsible disclosure and where he sees vulnerability markets going in the next 12-months. Art is a member of the vulnerability & analysis team at CERT where he analyzes, coordinates, and discloses vulnerabilities. He presents, “A Survey of Vulnerability Markets,” Thursday, June 26th at the Boston Park Plaza Hotel.

Join our interview in progress featuring FIRST Steering Committee member and 2014 Conference Liaison, Ken van Wyk. Learn some fun facts about FIRST firsts and the importance of this year’s theme to reflect on our past in order to move forward. Ken is an internationally recognized information security expert, author and one of the founders of the Computer Emergency Response Team (CERT). He has also served as Chairman of FIRST.Org.

Do you use CVSS; are you new to CVSS? Chris chats with Seth Hanford, Manager of Cisco’s Threat Research Analysis and Communications about the rollout of CVSS v3, the lessons learned and improvements made since the release of v2 and what to expect at the conference. The Common Vulnerability Scoring System assists incident responders through standard characteristic classification and severity scoring for software vulnerabilities. Seth presents on Monday, June 23rd at 11:00-12:00 in the Imperial Ballroom.

Welcome back! Martin and Chris kick off our 2014 podcast series with this year’s Program Chair, Jeff Boerio of Intel. Gain insight into the program planning process, the roles and responsibilities of the program committee and find out what’s in store for attendees this June. Jeff is a Senior Information Security Specialist at Intel and has been a long-time supporter of FIRST. He has volunteered his time year-after-year as a member of the program committee and finally stepped up the challenge as chair for 2014.

FIRST would like to welcome two new sponsors to the 2014 Sponsorship Team: Lookingglass (www.lgscout.com) and CyberSponse (www.cybersponse.com). Both organizations are joining us at the Gold level and will be exhibiting during conference week.

FIRST would like to welcome back Adobe to the FIRST 2014 Sponsorship Team. Adobe has been a sponsor of FIRST since 2010 Miami. New to the team for 2014 is Co3 Systems with a Banquet sponsorship. This is their first time sponsoring at the annual conference.

FIRST welcomes back two organization to the 2014 Sponsorship Team. CIRCL (Computer Incident Response Center Luxembourg) has been sponsoring the FIRST conference since 2012 and returns to the 2014 team as a supporting sponsor. General Dynamics Fidelis will also be joining us in Boston at the Gold Sponsor level. General Dynamics Fidelis has been a sponsor of the annual conference since 2011. We give great thanks to both organizations for their continued support of the annual conference and of FIRST’s mission.

FIRST would like to welcome back and thank SAP for their continued support of the annual conference. SAP has been sponsoring the annual FIRST conference since 2011 and returns to the 2014 Sponsorship Team as a supporting sponsor. FIRST would also like to give thanks to first time exhibitor, BrandProtect for their support of the upcoming 2014 conference.

The 2014 Call for Speakers is open for the 26th Annual FIRST Conference: Back to the ‘root’ of Incident Response. More information regarding presentation qualifications can be found at the above link. Submissions are due by December 23, 2014.

FIRST welcomes back Microsoft to the 2014 conference sponsorship team! Microsoft has been a strong supporter of FIRST and a sponsor since 2005.

FIRST would like to welcome NBC Universal as the 26th Annual FIRST Conference Local Host. Led by Mike Higgins, CISO at NBC Universal, this marks NBC’s first time sponsoring the annual FIRST conference. We look forward to working with another excellent local host!

If you’d like your talk to be considered for the 24th Annual FIRST Conference, “Security is Not an Island,” please turn in your submissions no later than Friday, December 16th. The official Call for Speakers Letter from 2012 Program Chair, Dr. Jose Nazario can be found at http://conference.first.org/cfs. The submission form is located towards the bottom of the letter.

At an event at the Wales Millennium Centre, the nation's First Minister Carwyn Jones unveiled a countdown clock to indicate when Wales will be switching off its last analogue system, therefore completing the country's transition into a digital powerhouse.

This is a great opportunity to participate and be a part of the conference, please send your suggestions to Peter Allor at peter.allor@first.org. The theme winner will receive a complimentary registration to the 2011 conference. Suggestions are due by March 31st and the winner will be announced in April. And mark your calendars for attending the conference. The dates are June 12 to 17, 2011!

FIRST would like to welcome and thank two new exhibitors to the 22nd Annual FIRST Conference – DHS National Cyber Security Division’s Control Systems Security Program (CSSP) and NetWitness. This will be their first time exhibiting at the Annual FIRST Conference.

FIRST would like to thank VeriSign for supporting the 2010 Conference! VeriSign joins the sponsorship team at the Gold level. There are still sponsorship opportunities available, please visit the conference website for more information.

Steve Mancini with Intel has won the theme contest for the 2010 conference: Past the Faded Perimeter - Threat and Incident Response. Congratulations to Steve! The prize is a complimentary registration for the 2010 conference.

The world’s economic woes haven’t stopped unprecedented levels of sponsorship being pledged for the 21st Annual Conference of FIRST with six months still to go before proceedings open on June 28, 2009, in Kyoto.

The Cisco CSIRT team provided the network connectivity for the 20th annual FIRST conference in Vancouver, BC Canada in June 2008. Through the deployment of their "mobile monitoring rack", the CSIRT built and managed a secure and fast conference network. Many security technologies were put in place to protect the attendees from malicious websites and malware throughout the span of the event resulting in hundreds of blocked connections to "bad" sites and banner ads as well as protection from Internet attacks towards the conference network.

Well that's your lot for now, podcast and blog wise. I'll occasionally be checking in and perhaps if the guys at ITProportal let me, even publish a few more rants and podcasts here.

In this year’s 2008 FIRST conference, keynote speaker, Microsoft's George Stathakpolous showed us some statistics which indicated that Japan had the least amount of malware infections in the world by a huge order of magnitude. In addition Japan is a country that has had to cope with a large amount of natural disasters and yet they are still one of the most feared economies in the world. 

In this short podcast, FIRST steering committee member and Director of Technical Operations for Japan Cert, Yurie Ito gives us the inside information on the 2009 FIRST Conference in Kyoto.

Whilst working at the FIRST 2008 Conference, I got to share an office with the 2008 and 2009 program chairs, who would share with me some pretty interesting and useful aspects of how members can influence the FIRST security conference program structure.  So I couldn't resist having a podcast with them. 

In this podcast 2008 and 2009 FIRST Program Chairs, Reneaue Raulton and Mick Creane share their thoughts on the conference programs and how you can incluence the direction of the program as well as win a prize for coming up with a great theme for a conference.

This is my last blog on Microsoft's End to End Trust vision.  It looks at a different way of viewing security and summarises my thoughts after the disucssions I had with keynote speakers, Microsoft's George Stathakopolous, Ivan Krsti? and Cisco's John Stewart.  Do go to the links for Microsoft and add your comments, good or bad.

There are some who would want to remove the anoymity of the internet to help protect against cyber crime.  This is in itself a noble idea but as security people we should be ever mindful that we are here to enable people.  I think the following really expresses the opposing view.

The Common Vulnerability Scoring System Special Interest Group (CVSS- SIG) had a very busy and successful working meeting during the 20th annual FIRST conference in Vancouver. We covered many of the CVSS use cases post v2 deployment - namely PCI and S-CAP - thanks for all the great participation.

As we've mentioned over and over again, FIRST is a truly international conference aimed at enabling delegates worldwide to network and swap stories and tips to better defend their environments and systems.   In this podcast, Uri, a delegate from Estonia, talks about why he enjoys being at FIRST over other conferences.

In this blog we look a the difficulties of hardware and O/S trust which are the forth and fifth elements of the Microsoft Trust Stack.  

In this blog we look a the difficulties of software trust which is the third component of the Microsoft Trust Stack. 

Trust in People

Trust in Data

Trust in Software

Trust in O/S

Trust in Hardware

 

Can we ever trust any kind of identity module?  What if everyone had a chip to identify them and this chip was required to logon to a computer, network or the internet?  Would this be failsafe?  We think not.  Here's why.

What is it like being a Chairman and a Vice Chair.  Long time steering committee member, Kennneth R Van Wyk has given his time to work in several of these positions. In this short podcast he tells us what they do and why they are important to the smooth running of the FIRST organisation.

Continuing a series of blogs on the Microsoft Trusted Stack model, Ben Chai looks at whether we can ever really trust data.

Ben begins a series on perceived issues with the Microsoft Trusted Stack model

In this three minute podcast, Ben Chai finds out why George Stathakopolous, general manager of security at Microsoft enjoys being at FIRST.

What is the trusted stack and how can it help improve your overal security posture?

In this podcast, Peter Allor of IBM tells Ben Chai what it’s like being the FIRST 2008 Conference Liaison and the importance of this role for the FIRST membership.

Back in 2001, Microsoft's security strategy was originally the 3Ds

  • Secure by Design
  • Secure by Default and
  • Secure in Deployment

Since then they have had evolved this strategy to cope with the modern day threat landscape.

End to End Trust - a new framework for secure business transactions.  What is it and how does it work?  This blog is based on George Stathakopolous, general manager of security engineering and communications at Microsoft Keynotes talk at FIRST 2008.

Ivan Krstic, the second keynote speaker, at the FIRST 2008 conference talks about how each component within a system from the CPU, motherboard, graphics card, coolant system up to the hard disk and network card could be hacked or have malware inserted.

Zika Updates

FIRST is aware of concerns surrounding Zika and are providing updates from the Centers for Disease Control and Prevention and the local CVB.

More information at Zika Updates page.