Additional Programming


Sunday, June 16th

FIRST Training

FIRST is offering training courses on Sunday, 16 June. Training courses require an additional registration form (free of charge) and are open to any registered conference attendee.

Individuals may register for ONE training course. Exception: participants can register for BOTH Train the Trainer sessions.

Train the Trainer

The courses below listed as Train the Trainer are sessions for people wishing to teach the FIRST DDoS Mitigation Fundamentals and the IPv6 Security training courses at a future engagement on behalf of FIRST. The sessions will be taught by Krassimir Tzvetanov and Frank Herberg, respectively, the original authors of the material. (Prospective trainers may choose to take both the course and then the Train the Trainers sessions if desired).

The trainings are open to qualified members of the FIRST community. By signing up for this training, you commit to volunteer in the FIRST training activities as outlined in our Trainers documentation.

Please submit your request to register for the training(s) or any questions about the trainer program by 15 May to first-sec@first.org. We will review your request and respond as soon as possible.

Pre-requisites for Train the Trainer DDoS session:

To attend this session, basic networking and systems know-how is required, and possibly some experience as a trainer is required.

As a benchmark, we expect people to be familiar with materials covered in any of the following certifications:

Pre-requisites for Train the Trainer IPv6 Security session:

Participants of this module are required to have a solid understanding of networking fundamentals – in particular, a solid understanding of IPv4 and a good understanding of IPv6.

You should be familiar with the materials covered in Chapters 2,3,5 and 6 of the NIST Guidelines for the Secure Deployment of IPv6.

Register for FIRST Training

Sunday, 16 June

Lowther
Level -1
Menteith
Level -1
Kilsyth
Level 0
Tinto
Level 0
Moorfoot
Level 0
Pentland
Level 3
09:00 – 10:30
 CH

IPv6 Security (Half-Day, Morning)

Frank Herberg (SWITCH-CERT, CH)

 US

Train the Trainer: DDoS Mitigation (Half-Day, Morning)

Krassimir Tzvetanov (US)

 LU

Forensics Challenge Workshop (Full-Day)

Michael Hamm (CIRCL, LU)

SIM3 for CSIRT Maturity Assessment (Full-Day)

Olivier Caleff, Miroslaw Maj, Don Stikvoort (OpenCSIRT Foundation)

 NO

ACT Threat Intelligence Platform (Full-Day)

Dr. Martin Eian (mIRT/mnemonic AS, NO)

 US

You Found A Malware, Now What? (Full-Day)

Uttang Dawda (US)

10:30 – 10:45

Break

10:45 – 13:00
 CH

IPv6 Security (Half-Day, Morning)

Frank Herberg (SWITCH-CERT, CH)

 US

Train the Trainer: DDoS Mitigation (Half-Day, Morning)

Krassimir Tzvetanov (US)

 LU

Forensics Challenge Workshop (Full-Day)

Michael Hamm (CIRCL, LU)

SIM3 for CSIRT Maturity Assessment (Full-Day)

Olivier Caleff, Miroslaw Maj, Don Stikvoort (OpenCSIRT Foundation)

 NO

ACT Threat Intelligence Platform (Full-Day)

Dr. Martin Eian (mIRT/mnemonic AS, NO)

 US

You Found A Malware, Now What? (Full-Day)

Uttang Dawda (US)

13:00 – 14:00

Lunch Break -- Lunch Not Provided

14:00 – 15:30
 CH

Train the Trainer: IPv6 Security (Half-Day, Afternoon)

Frank Herberg (SWITCH-CERT, CH)

 US

DDoS Mitigation (Half-Day, Afternoon)

Krassimir Tzvetanov (US)

 LU

Forensics Challenge Workshop (Full-Day)

Michael Hamm (CIRCL, LU)

SIM3 for CSIRT Maturity Assessment (Full-Day)

Olivier Caleff, Miroslaw Maj, Don Stikvoort (OpenCSIRT Foundation)

 NO

ACT Threat Intelligence Platform (Full-Day)

Dr. Martin Eian (mIRT/mnemonic AS, NO)

 US

You Found A Malware, Now What? (Full-Day)

Uttang Dawda (US)

15:30 – 15:45

Break

15:45 – 18:00
 CH

Train the Trainer: IPv6 Security (Half-Day, Afternoon)

Frank Herberg (SWITCH-CERT, CH)

 US

DDoS Mitigation (Half-Day, Afternoon)

Krassimir Tzvetanov (US)

 LU

Forensics Challenge Workshop (Full-Day)

Michael Hamm (CIRCL, LU)

SIM3 for CSIRT Maturity Assessment (Full-Day)

Olivier Caleff, Miroslaw Maj, Don Stikvoort (OpenCSIRT Foundation)

 NO

ACT Threat Intelligence Platform (Full-Day)

Dr. Martin Eian (mIRT/mnemonic AS, NO)

 US

You Found A Malware, Now What? (Full-Day)

Uttang Dawda (US)

GFCE Meeting: Taskforce on Cyber Incident Management

The Global Forum on Cyber Expertise is a global forum on cyber capacity building. This is a meeting of the Taskforce on Cyber Incident Management within the GFCE, which focuses on: (1) collecting incident management capacity building good practices and publishing them, (2) being a broker between GFCE members on capacity building requests, and (3) develop a global capacity measurement standard under leadership of Don Stikvoort, with consulting support from TNO, the Dutch government research organization and ENISA.

This meeting will take place on Sunday, 16 June in the Sidlaw room from 9am-3pm and participation is by invitation only. Inquiries should be directed to maarten@first.org and nynke.stegink@thegfce.org.

Date/Time Location
Sunday 16th, 09:00 – 15:00 Sidlaw

FIRST & AWS 2019 Security Jam!

Join us for an afternoon of fun challenges with an IR twist. We will provide the beat and the incident response scenarios where you can learn new skills and practice current ones against a set of simulated security incidents. Can you identify what caused the blues? What would you do differently? How can you architect multiple AWS services to prevent it from happening again? How do you automate the incident response? Take part in our jam to find out!

As the challenges develop, you will take the initial infrastructure, and challenge by challenge, improve it into a resilient and secure deployment. Use your knowledge of AWS services and information security to perform incident response in the cloud and forensic analysis to find out whodunit! We will have a number of experienced AWS experts in the room that will be available to discuss ideas, provide guidance and in general help your team get through any roadblocks that pop up. New to AWS? New to security? Come and join us! Our activities are structured to accommodate AWS users of all levels. We have AWS experts, plus guided exercises, that will ramp up your security knowledge. We will form team on the spot and provide challenges for you to tackle. Just bring your laptop to score the points by solving and get some cool prizes!

Register Here!

Date/Time Location
Sunday 16th, 13:00 – 17:00 Lammermuir, Level -2

Monday–Friday, June 17th–21st

Birds of a Feather (BoFs)

Bird of a Feather Sessions, activities primarily focus on meetings which take place at the conference based on the interest of a number of members. They are not necessarily intended to lead to year round work.

BoF sessions are scheduled to take place during before conference sessions begin (8-9am) or following the final session of the day. We will have an up-to-date-schedule and bulletin board near the registration desk onsite. Attendees are welcome to request a BoF in advance by emailing first-sec@first.org and please include:

BoFs are informal or interactive discussions (not conference presentations) and marketing/product presentations are strictly prohibited. BoFs are assigned on a first come, first served basis and room assignment space is limited. A Schedule of BoFs will be posted once confirmed.

Monday, 17 June

Lowther Suite
Level -1
18:15 – 19:00
 US

Coordinated Vulnerability Disclosure for CSIRTs

Art Manion (CERT/CC, US)

Tuesday, 18 June

Lowther Suite
Level -1
Menteith
Level -1
08:00 – 09:00

ENISA Training Program: What's New, What's Coming Up & Pooling Ideas

Theodoros Nikolakopoulos, ENISA

 LV BE

Metrics for Assessing the Cybersecurity Posture of a Nation or Region

Baiba Kaskina (CERT NIC.LV, LV); Trey Darley (CERT.be, BE)

13:00 – 13:30
 ES

Hosting a FIRST TC

Javier Berciano (INCIBE-CERT, ES)

17:00 – 18:00
 GR

Reference Security Incident Taxonomy Working Group (RSIT WG)

Rossella Mattioli (ENISA - European Union Agency for Network and Information Security, GR)

Wednesday, 19 June

Lowther Suite
Level -1
Harris 1
Level 1
Harris 2
Level 1
08:00 – 09:00

ICS ATT&CK Discussions

Chip Greene, GE

 US

DNS Abuse, Present and Future

Carlos Alvarez (ICANN CIRT, US); Merike Kaeo (Double Shot Security, US)

13:45 – 14:30
 US

CACAO Introduction

Allan Thomson (LookingGlass CERT – LookingGlass Cyber Solutions, US)

Membership Information BoF

Alexander Jaeger

 ES

How to be a Trainer

Javier Berciano (INCIBE-CERT, ES)

17:00 – 18:00
 US

ACM Digital Threats: Research & Practice - Bridging the Gap

Deana Shick (CERT/CC, US)

Thursday, 20 June

Lowther Suite
Level -1
Menteith
Level -1
Carrick 1
Level 1
08:00 – 09:00
 NO

OpenC2 in Action: New Real-World Implementations & Use Cases

Daniel Riedel (New Context); Kamer Vishi, Vasileios Mavroeidis (University of Oslo, NO)

 US

Software Bill of Materials

Allan Friedman (National Telecommunications and Information Administration, US)

 US

Future of the Metrics SIG

Michael Murray (Secureworks, US); Robin Ruefle (CERT Program, SEI/CMU, US)

12:00 – 13:00
 US

Women of FIRST

Shawn Richardson (Palo Alto Networks, US)

Friday, 21 June

Lowther Suite
Level -1
08:00 – 09:00
 US

Future of DNS

Carlos Alvarez (ICANN CIRT, US); Merike Kaeo (Double Shot Security, US)

Wednesday, June 19th

PGP Key Signing

Get your PGP Key signed and sign other keys to increase trust!

Date/Time Location
Wednesday, June 19th 10:45 – 11:15 PStrathblane Hall
Thursday, June 20th At AGM in the back of the room

Alexander Jaeger (FIRST)

Why?

PGP is one of the foundations of the security community, and to rely on PGP there needs to be trust in the PGP keys. The trust is made by signatures and validation of identity. FIRST facilitates this community effort by hosting PGP Key signing events.

We will have at least two PGP Key signing events – listen to the opening remarks or a remark at registration desk for changes in regards time/date.

In the past we did not sign team keys and we do not plan to change that.

Preparation before the conference

For those who haven’t participated in the past years it will go like to following:

Hint: Please do not upload your key an hour before the key signing, as I might be printing out the keyring a few hours earlier.

Link: http://biglumber.com/x/web?keyring=4284

Friday–Saturday, June 21st–22nd

NatCSIRT Meeting 2019

14th Annual Technical Meeting for CSIRTs with National Responsibility

Is your organization responsible for protecting the security of nations, economies, and critical infrastructures? If so, attend NatCSIRT 2019 to discuss with your peers the unique challenges you face every day. You will drive discussions that focus on current issues, tools, and methods relevant to the National CSIRT community. This year's meeting is co-located with the 31st Annual FIRST Conference in Edinburgh. This meeting is by invitation only and more details can be found at http://www.cert.org/natcsirt/.