FIRST is offering training courses on Sunday, 16 June. They require an additional registration, free of charge to the conference participants in the link below:
Menteith | Level -1
Lowther | Level -1
Kilsyth | Level 0
Tinto | Level 0
| Menteith Level -1 | Lowther Level -1 | Kilsyth Level 0 | Tinto Level 0 | |
|---|---|---|---|---|
| 09:00 – 10:30 | LU Forensics Challenge Workshop (Full-Day) Michael Hamm (CIRCL, LU) | CH IPv6 Security (Half-Day, Morning) Frank Herberg (SWITCH-CERT, CH) | US Train the Trainer: DDoS Mitigation (Half-Day, Morning) Krassimir Tzvetanov (US) | SIM3 for CSIRT Maturity Assessment (Full-Day) Olivier Caleff, Miroslaw Maj, Don Stikvoort (OpenCSIRT Foundation) |
| 10:30 – 10:45 | Break | |||
| 10:45 – 13:00 | LU Forensics Challenge Workshop (Full-Day) Michael Hamm (CIRCL, LU) | CH IPv6 Security (Half-Day, Morning) Frank Herberg (SWITCH-CERT, CH) | US Train the Trainer: DDoS Mitigation (Half-Day, Morning) Krassimir Tzvetanov (US) | SIM3 for CSIRT Maturity Assessment (Full-Day) Olivier Caleff, Miroslaw Maj, Don Stikvoort (OpenCSIRT Foundation) |
| 13:00 – 14:00 | Lunch Break -- Lunch Not Provided | |||
| 14:00 – 15:30 | LU Forensics Challenge Workshop (Full-Day) Michael Hamm (CIRCL, LU) | CH Train the Trainer: IPv6 Security (Half-Day, Afternoon) Frank Herberg (SWITCH-CERT, CH) | US DDoS Mitigation (Half-Day, Afternoon) Krassimir Tzvetanov (US) | SIM3 for CSIRT Maturity Assessment (Full-Day) Olivier Caleff, Miroslaw Maj, Don Stikvoort (OpenCSIRT Foundation) |
| 15:30 – 15:45 | Break | |||
| 15:45 – 18:00 | LU Forensics Challenge Workshop (Full-Day) Michael Hamm (CIRCL, LU) | CH Train the Trainer: IPv6 Security (Half-Day, Afternoon) Frank Herberg (SWITCH-CERT, CH) | US DDoS Mitigation (Half-Day, Afternoon) Krassimir Tzvetanov (US) | SIM3 for CSIRT Maturity Assessment (Full-Day) Olivier Caleff, Miroslaw Maj, Don Stikvoort (OpenCSIRT Foundation) |
Krassimir TzvetanovKrassimir Tzvetanov (, US)
Krassimir Tzvetanov is a security engineer at Fastly, a high performance CDN designed to accelerate content delivery as well as serve as a shield against DDoS attacks.
In the past he worked for hardware vendors like Cisco and A10 focusing on threat research, DDoS mitigation features, product security and best security software development practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two mission critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications.
Krassimir has established a couple of Threat Intelligence programs at past employers in the past and has been actively involved in the security community facilitating information exchange in large groups.
Currently Krassimir is a co-chair and co-founder of the FIRST CTI SIG.
Before retiring, he was a department lead for DefCon, and an organizer of the premier BayArea security event BayThreat. In the past he was also an organizer of DC650 - a local BayArea security meetup.
Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.
June 16, 2019 14:00-15:30, June 16, 2019 15:45-18:00
Michael Hamm (CIRCL, LU)
Michael Hamm has worked for more than 10 years as Ingenieur-Security in the field of classical Computer and Network Security (Firewall, VPN, AntiVirus) at the research center “Henry Tudor” in Luxembourg. Since 2010, Michael has worked as an operator and analyst at CIRCL – Computer Incident Response Center Luxembourg where he is working on forensic examinations and incident response.
Course Level: Beginner - Intermediate
Intended Audience: Security/SOC analysts, CSIRT/CERT team members, forensics investigators.
Pre-requisites: Forensic Workstation: Linux (Kali, DEFT, SANS SIFT).
Hardware Requirements: Standard Laptop, Virtual Machine sufficient.
Abstract: In this course you will solve some small size challenges to train your skills in forensics with open source tools.
Topics:
June 16, 2019 09:00-10:30, June 16, 2019 14:00-15:30, June 16, 2019 15:45-18:00, June 16, 2019 10:45-13:00
Frank Herberg (SWITCH-CERT, CH)
After completing his studies in engineering, Frank Herberg worked on IT infrastructure and security projects for a number of technology consulting firms. In 2012, he joined SWITCH-CERT, where one of his specialties is IPv6 security. In the past years, he conducted divers IPv6 security trainings and hands-on workshops for the security community. Frank is Head of SWITCH-CERT for its Commercial Sectors.
Course Level: Intermediate
Intended Audience: Security/SOC analysts, CSIRT/CERT team members, IT-Security responsible persons.
Pre-requisites: Intermediate or good IPv4 knowledge.
Hardware requirements: None.
Abstract: The Training will give an overview of the security aspects of the 'new' Internet Protocol IPv6. Participants will learn the differences to IPv4-related to security. The training also covers a deep dive into selected protocol details and their accompanied attacks including demonstrations. The participants will get recommendations on the mitigation of IPv6-related attacks and how to strategically approach IPv6 Security in an organization. Last but not least, an overview of useful IPv6 Security Resources and Tools will be provided.
Topics:
June 16, 2019 09:00-10:30, June 16, 2019 10:45-13:00
Krassimir TzvetanovKrassimir Tzvetanov (, US)
Krassimir Tzvetanov is a security engineer at Fastly, a high performance CDN designed to accelerate content delivery as well as serve as a shield against DDoS attacks.
In the past he worked for hardware vendors like Cisco and A10 focusing on threat research, DDoS mitigation features, product security and best security software development practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two mission critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications.
Krassimir has established a couple of Threat Intelligence programs at past employers in the past and has been actively involved in the security community facilitating information exchange in large groups.
Currently Krassimir is a co-chair and co-founder of the FIRST CTI SIG.
Before retiring, he was a department lead for DefCon, and an organizer of the premier BayArea security event BayThreat. In the past he was also an organizer of DC650 - a local BayArea security meetup.
Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.
June 16, 2019 09:00-10:30, June 16, 2019 10:45-13:00
The Global Forum on Cyber Expertise is a global forum on cyber capacity building. This is a meeting of the Taskforce on Cyber Incident Management within the GFCE, which focuses on: (1) collecting incident management capacity building good practices and publishing them, (2) being a broker between GFCE members on capacity building requests, and (3) develop a global capacity measurement standard under leadership of Don Stikvoort, with consulting support from TNO, the Dutch government research organization and ENISA.
This meeting will take place on Sunday, 16 June in the Sidlaw room from 9am-3pm and participation is by invitation only. Inquiries should be directed to maarten@first.org and nynke.stegink@thegfce.org.
| Date/Time | Location | |
|---|---|---|
| Sunday 16th, 09:00 – 15:00 | Sidlaw | |
Join us for an afternoon of fun challenges with an IR twist. We will provide the beat and the incident response scenarios where you can learn new skills and practice current ones against a set of simulated security incidents. Can you identify what caused the blues? What would you do differently? How can you architect multiple AWS services to prevent it from happening again? How do you automate the incident response? Take part in our jam to find out!
As the challenges develop, you will take the initial infrastructure, and challenge by challenge, improve it into a resilient and secure deployment. Use your knowledge of AWS services and information security to perform incident response in the cloud and forensic analysis to find out whodunit! We will have a number of experienced AWS experts in the room that will be available to discuss ideas, provide guidance and in general help your team get through any roadblocks that pop up. New to AWS? New to security? Come and join us! Our activities are structured to accommodate AWS users of all levels. We have AWS experts, plus guided exercises, that will ramp up your security knowledge. We will form team on the spot, provide 10 challenges to tackle. You score the points by solving and get some cool swag for all participants and a special prize for the winning team!
| Date/Time | Location | |
|---|---|---|
| Sunday 16th, 14:00 – 19:00 | Pentland Auditorium | |
Bird of a Feather Sessions, activities primarily focus on meetings which take place at the conference based on the interest of a number of members. They are not necessarily intended to lead to year round work.
BoF sessions are scheduled to take place during before conference sessions begin (8-9am) or following the final session of the day. We will have an up-to-date-schedule and bulletin board near the registration desk onsite. Attendees are welcome to request a BoF in advance by emailing first-sec@first.org and please include:
BoFs are informal or interactive discussions (not conference presentations) and marketing/product presentations are strictly prohibited. BoFs are assigned on a first come, first served basis and room assignment space is limited. A Schedule of BoFs will be posted once confirmed.
Get your PGP Key signed to increase trust!
| Date/Time | Location | |
|---|---|---|
| Wednesday, June 19th 10:45 – 11:15 | PStrathblane Hall | |
| Thursday, June 20th | At AGM in the back of the room | |
Alexander Jaeger (FIRST)
PGP is one of the foundations of the security community, and to rely on PGP there needs to be trust in the PGP keys. The trust is made by signatures and validation of identity. FIRST facilitates this community effort by hosting PGP Key signing events.
We will have at least two PGP Key signing events – listen to the opening remarks or a remark at registration desk for changes in regards time/date.
In the past we did not sign team keys and we do not plan to change that.
For those who haven’t participated in the past years it will go like to following:
Hint: Please do not upload your key an hour before the key signing, as I might be printing out the keyring a few hours earlier.
14th Annual Technical Meeting for CSIRTs with National Responsibility
Is your organization responsible for protecting the security of nations, economies, and critical infrastructures? If so, attend NatCSIRT 2019 to discuss with your peers the unique challenges you face every day. You will drive discussions that focus on current issues, tools, and methods relevant to the National CSIRT community. This year's meeting is co-located with the 31st Annual FIRST Conference in Edinburgh. This meeting is by invitation only and more details can be found at http://www.cert.org/natcsirt/.