FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

The Forum of Incident Response and Security Teams (FIRST) is an international not-for-profit organization bringing together a variety of security and incident response teams. FIRST is comprised of over 550 member teams from over 95 countries representing government agencies, academia, commercial enterprises, and financial corporations.

The FIRST annual conference promotes worldwide coordination and cooperation among computer security and incident response teams (CSIRTs). The conference provides a forum for sharing goals, ideas, and information on how to improve computer security on a global scale.

The 32nd Annual FIRST Conference: Where Defenders Share, held November 16-18, 2020 saw over 2,500 online registrants from over 111 countries. The second virtual FIRST conference aims to be more thoughtful and engaging than the last!

The 33rd Annual FIRST Conference: Crossing Uncertain Times, will once again be presented virtually and will be held the week of June 6, 2021. Main programming will take place June 7-9 with pre and post social activities throughout the week. The conference program agenda is forthcoming, please keep this site bookmarked!

For queries, please contact

View Replays of Live Sessions, Pre-con Sessions, and Sponsor Sessions Now!

2020 Conference Video Highlights

  • Day 1 Conference Opening & Keynote | Tracking Targeted Digital Threats: A View from the Citizen Lab
  • Day 2 Keynote | Project Zero's Disclosure Philosophy
  • Day 3 Keynote | Transforming Security
  • Where Human and System Defenders Share - Seamless CTI Sharing and Utilization
  • Scaling Vulnerability Coordination
  • Physical Consequences from Cyber Attack: CISA's Hands-On Experience and Insights
  • Know Your Audience: Using Personas for Better PSIRT Outcomes
  • Colouring Outside the Lines
  • Doing More with Less: Detecting Malicious Activity through Responsible and Privacy-Preserving AI
  • Bridging the Gap on SBOM: Collaborating for Software Component Transparency
  • Pwning Password Complexity: Simple, Long-Lived Passphrases in the Real World
  • Scan, Analyze and Test! DATA, OH MY! How to Get Over the Results Rainbow.
  • The Phish Pandemonium: The Value of Machine Learning to Extract Insights from Phishing URLs
  • New Age - New Rules
  • CERT Capacity in the Petroleum Sector of the North Sea
  • Deploying DNS over HTTPS Without Confrontation
  • Gear Up Regional CSIRT Community for More Robust Global Collaboration
  • Cyberespionage: Targeted Attacks Abusing Third-Party Cloud Services
  • Data Anomaly Driven Web Threat Hunting
  • Targeted Attacks in Kazakhstan: An Attempt to Thieve All They Can Steal!
  • Applying Military Operational and Organizational Methodologies to Defend Large-Scale Enterprises
  • Boom! Now what??
  • Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident Response
  • When HTTP is Not Enough: A Review of Stealthy Command and Control Protocols
  • ADTimeline - Threathunting with Active Directory Data
  • What Makes a Successful Criminal Hoster
  • First Step in the Quest for Manufacturing Cyber-Resilient IoT Devices
  • Defending the Community Through Trusted Sharing
  • Observing your MANRS
  • The Craft of Cyber-Resilience: Lessons from the Trenches
  • Has EDR Made Host Forensics Artifact Analysis Obsolete? How to Combine them Effectively
  • Education and Prevention through Root Cause Analysis in Secure Software Development Lifecycle
  • Cyber Rating Companies: Field Experience
  • Design of a Flexible Model for Indicators Life-Cycle Management
  • Building ML-based Threat Hunting System from Scratch
  • Blueprints of Hierarchical CSIRT Structures
  • More About HYDSEVEN Adversary and Cryptocurrency
  • Off Label Use of DNS - Is DNS Providing Domain Name Service Only?
  • The Nightmare of Tracking Open-Source Malware: Five Years of Ursnif
  • TIP of the Iceberg: Lessons Learned from Building a Threat Intelligence Platform
  • Day 3 Closing Remarks
  • I2HOP: Canadian Maple Syrup, French Fries and German Sausages: Cyber Potluck Parties or Lessons Learned from Cross-Border Incident Handling
  • The Intelligent Process Lifecycle of Active Defenders
  • CiviCERT - Joining Forces to Defend Civil Society Worldwide
  • How to Improve and Accelerate Detection Rule Development using CI/CD

Conference Q&A

Q. What are the specific dates, live time zone, and platform for online viewing?

A. Main session programming will run June 7-9 from 12:00-17:00 UTC daily. Pre and post social activities are planned throughout that week, beginning June 6.

Conference sessions will be live streamed via FIRST's YouTube channel and open to the public (member and non-member)—there will be no login credentials required for viewing or accessing the streams. Live streams will also be recorded and available for on-demand viewing within 24 hours of airing.

Q. Will there be workshops this year?

A. Yes, there will be four workshops scheduled starting June 17 through July 15. Workshops typically run anywhere between 1.5-4 hours in length. Detailed scheduling can be found here and registration can be completed here. There is no fee to attend the workshops. Some workshops may have a limited number of registration seats available. Registration is open to the public and is first-come, first-served.

Q. Do I need to register for access to the live streams on YouTube and is there a fee?

A. Registration is not required to view the live streams. There is no registration fee. URLs to the streams will be posted to the event website the day of and advertised via FIRST’s social media accounts. Alternatively, you can also bookmark or subscribe to FIRST's YouTube channel for a live stream notification.

Q. How do I participate in the conference social activities and do I need to register for access? Is this also free?

A. While registration is NOT required for viewing conference sessions streamed over YouTube, a free registration IS required to access daily conference networking activities hosted on the WorkAdventure 2D platform. WorkAdventure will provide participants the ability to navigate a virtual conference venue in a 2D simulation with live chat and camera features.

Access to WorkAdventure will be available to all registered delegates from June 6-9 (daily 24-hour access). The platform will be the exclusive host of all live networking activities, including the following:

  • exhibitor hall
  • conference social events including a booth crawl scavenger hunt
  • attendee lounges
  • impromptu meeting rooms
  • speaker Q&A rooms
  • capture the flag challenges

More information about WorkAdventure can be found here.

Q. Do I need to download or install software or plugins in order to use WorkAdventure?

A. There are no plugins or software to install in order to use WorkAdventure.

Q. What devices can I use to access WorkAdventure?

More information about WorkAdventure can be found here.

A. WorkAdventure is supported by most desktop browsers. Supported browsers include Google Chrome, Firefox, Safari, and Microsoft Edge.

WorkAdventure is not compatible with mobile browsers.

A camera and microphone are ideal, but not required to access and interact in the simulation. Access to FIRST's WorkAdventure space will be restricted to those registered.

WorkAdventure is GDPR and CCPA compliant.

More information about WorkAdventure can be found here.

Q. How and when will I receive my WorkAdventure access?

A. Access information will be provided via email one week prior to the event kick-off to all participants, sponsors, and speakers that have completed their online registration. This email will also include a sponsor live chat schedule and a PDF map for perusal.

More information about WorkAdventure can be found here.

Q. What language will the conference be presented in?

A. The conference will be presented in English.

Q. Will the conference sessions be translated into other languages?

A. YouTube offers free closed captioning to those in need of translation or captioning services. Keep in mind that translation accuracy is not guaranteed using YouTube's closed captioning service, but is a great option, nonetheless.

All content presented during the 33rd Annual FIRST Conference: Crossing Uncertain Times is TLP:WHITE

For more information on TLP, click here.


Program Committee

  • Natsuko Inui

    FS-ISAC, JP 


    Natsuko Inui works with FS-ISAC colleagues in the AP region to foster the community in sharing, collaboration and engagement in the Asia Pacific region. Previous to FS-ISAC, she was an Analyst at Cyber Defense Institute involved in government research projects regarding incident response and cyber-exercises. She is also Vice Chair of the Nippon CSIRT Association, the CSIRT community of Japan.

  • Adli Wahid

    APNIC, AU 

    Adli Wahid is a Senior Internet Security Specialist at the Asia Pacific Network Information Centre (APNIC). He's responsible for APNIC's security outreach activities which includes engagements with CERTs/CSIRTs, LEAs and network operators . Adli had also served as a member of the FIRST board from 2014 to 2019.

  • Andrew Cormack

    Jisc, GB 

    Andrew has been a member of the FIRST community for more than 20 years. From 1999-2004 he was Head of CSIRT for the UK's National Research and Education Network; nowadays he looks at how technology and data can be used in ways that can support policy and regulatory objectives, including incident response. He writes in all formats from tweets to blogs and peer-reviewed papers. He is a frequent speaker at national and international conferences, and was programme chair for the Edinburgh conference in 2019.

  • Baiba Kaskina

    CERT.LV, LV 

    Baiba Kaskina is the general manager of CERT.LV (Latvian National and governmental CSIRT) managing all activities including incident response, awareness raising and liaison with the constituencies. She has been leading CSIRT teams in Latvia since 2006 and used to work for GEANT / TERENA (the Netherlands) managing large scale projects including secretariat for TF-CSIRT. From 2014-2019 Baiba was the Chair of TF-CSIRT. Baiba has been involved in different CSIRT related projects including responsible disclosure related debates, CSIRT maturity definition, assistance to newly developed teams and legal aspects of CSIRT work. Baiba is also one of the TRANSITS training courses teachers and co-chair of the FIRST Membership Committee.

  • Carlos Friaças


    Carlos was born in Lisbon (Portugal), and graduated in Computer Science at the University of Lisbon in 1999. He was a Systems Engineer at University of Lisbon from 1996 to 2000 -- with a short spell at FCCN, working for the Portuguese Schools' Network Team and ccTLD .PT. Back to FCCN during 2000, he managed the Portuguese Internet Exchange (Gigapix) for 15 years, participating at Euro-IX (, while also contributing to the Networking Team, responsible for AS1930's backbone. Over the years Carlos has delivered IPv6 courses (around Europe and Portuguese speaking countries in Africa) and also some talks at TERENA Networking Conferences and RIPE meetings. He is also a co-author of several policy proposals. Since late 2015 he moved into CyberSecurity, taking a leadership role at RCTS CERT, the Portuguese R&E Network's Computer Emergency Response Team. From 2016 to 2018 he was the Chairman of the Portuguese CSIRT Network's General Assembly ( He was also LinhaAlerta's manager between 2016 and 2018, and represented the portuguese Hotline at the INHOPE Association ( He now usually attends FIRST, TF-CSIRT and RIPE meetings, mostly focusing on incident response and anti-abuse issues.

  • Celia Savidge

    Dell/Product and Application Security, US 

  • Chung Kuan Chen

    CyCraft Technology, TW 

    Chung-Kuan Chen is currently a senior researcher in CyCraft, and responses for organizing research team. He earned his PHD degree of Computer Science and Engineering from National Chiao-Tung University (NCTU). His research focuses on cyber attack and defense, machine learning, software vulnerability, malware and program analysis. He tries to utilize machine learning to assist malware analysis and threat hunting, and build automatic attack and defense systems. He has published several academic journal and conference papers, and has involved in many large research projects from digital forensic, incident response to malware analysis. He also dedicates to security education. Founding of NCTU hacker research clubs, he trained students to participate world-class security contests, and has experience of participating DEFCON CTF (2016 in HITCON Team and 2018 as coach in BFS team). He organized BambooFox Team to join some bug bounty projects and discover some CVEs in COTS software and several vulnerabilities in campus websites. Besides, he has presented technical presentations in technique conferences, such as BlackHat, HITCON, HITB, RootCon, CodeBlue OpenTalk, FIRST and VXCON. As an active member in Taiwan security community, he is in the chairman of HITCON review committee, and ex-chief of CHROOT - the top private hacker group in Taiwan.

  • David Bianco

    Target Corporation, US 

    David has more than 20 years of experience in the information security field, with a particular focus on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of incident detection, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project ( You can follow him on Twitter as @DavidJBianco or subscribe to his blog, "Enterprise Detection & Response" (

  • David Durvaux

    European Commission, BE 

    Incident handler for 10 years at till 2014 then in the European Institutions. Leading the European Commission Incident Reponse Team (EC DIGIT CSIRC) since 2019.

  • Derrick Scholl

    Juniper Networks, US 

    Derrick Scholl is the Sr. Director of Juniper Network’s Security Incident Response Team (SIRT). Derrick has been leading Product SIRTs for more than 20 years with previous positions at Oracle and Sun Microsystems.

    Since attending his first FIRST conference in Chicago in 2000, Derrick has been a huge FIRST enthusiast. He’s been to every Annual Conference since and attended countless regional conferences, symposia, and TCs. He was elected to the FIRST Board of Directors in 2006 and served two terms as the Chairman of FIRST in 2007 and 2008. He stepped down from the Board in 2009 but came back to serve an additional 8 years from 2011-2019.

    Because of his passion for the Annual Conference, Derrick served as the Board Liaison or Conference chair for the conferences in Berlin, Puerto Rico, and Edinburgh. Since leaving the Board, Derrick has served on the Program Committee for the last two conferences.

  • Emer O'Neill

    VMware, IE 

    Emer O’Neill is the Senior Manager of the VMware Security Response Center, a group which is part of VMware Engineering Services, a central function within R&D. With more than 20 years of technical and management experience in the high-tech industry, Emer has been with VMware for the past 14 years and worked in the customer facing Global Support Services (GSS) as both a technical support engineer and then manager and more recently in 2016 moved to R&D leading a global team whom are responsible for analysis and remediation of software security issues in VMware products and services. Emer holds a MBS in Business Practice from UCC & the Irish Management Institute. Emer is passionate about security and has been an active member of FIRST for the past three years.

  • Enrico Lovat

    Siemens, US 

    Enrico Lovat received his PhD from the Technical University of Munich for his research on the topics of usage control and information flow tracking. He joined Siemens CERT in 2016 as incident handler. Currently, he is responsible for the Cyber Threat Intelligence team at Siemens CERT.

  • Eric Johnson


    Eric is the Security Engineering Manager at AMI responsible for Product Security Incidence Response, Secure Development Lifecycle, secure development training, etc.

  • Eric Zielinski

    Veeva, US 

    Eric Zielinski is the Director of Security Operations for Veeva Systems where he is responsible for design, implementation, and maintenance of the detection, response, and threat intelligence processes. Prior to Veeva, Eric led the Cloud Security Engineering organization at Nationwide, where his teams were responsible for vulnerability management, data protection, identity access management, and security automation. He is a frequent speaker at conferences such as FS ISAC, SANS, O’Reilly, etc.. Zielinski holds a bachelor’s degree in Information Systems from Franklin University and several certifications, such as GCCC, GMON, EnCE, and GCIH.

  • Ernesto Perez Estevez

    CEDIA, EC 

    In charge of CSIRT CEDIA since 2013. Long time Linux fan (1995-present).

  • Frank Herberg


    After completing his studies in engineering, Frank Herberg worked on IT infrastructure and security projects for a number of technology consulting firms. In 2012, he joined SWITCH-CERT. Today, Frank is Head of SWITCH-CERT for its Commercial Sectors. Frank is the author of the FIRST IPv6 Security training materials. In the past years, he conducted divers IPv6 security trainings and hands-on workshops for the security community.

  • Gavin Reid

    Recorded Future, US 

    Gavin Reid is the CSO for Recorded Future. Recorded Future delivers advanced security intelligence to disrupt adversaries, empower defenders, and protect organizations. Reid has global responsibility for ensuring the protection, integrity, confidentiality, and availability of all customer-facing services, internal operational systems, and related information assets. Gavin has 20 years of experience in the management of all aspects of security for large enterprises. Strong ability to create and direct fast-moving technical security teams with industry-leading incident response, security research, and threat intelligence capabilities. Creator of Cisco's Security Incident Response Team (CSIRT), Cisco's Threat Research and Communications (TRAC) and Fidelity's Cyber Information Group (CIG).

  • Gregor Wegberg


    After his IT apprenticeship with a focus on software development at a Swiss financial service provider, Gregor Wegberg decided to study computer science at the Swiss Federal Institute of Technology (ETH) in Zurich. After graduating with a master’s degree in computer science (MSc ETH CS), he joined Oneconsult AG in January 2017 as a penetration tester and security consultant and was promoted to senior security consultant & penetration tester in December 2017. Since February 2020 he has been Head of Digital Forensics & Incident Response.

  • Hank Nussbacher


  • Hendrik Adrian

    LACERT, Cyber Emergency Center, Incident Management Group, JP 

    Hendrik Adrian was a bachelor of Electrical Engineering when received Master of Science in Computer & Information Sciences & Support Services. Hendrik was working straight in the IT security field with UNIX skills in security hardening on various systems, his noted achievement was as co-founder and CEO of Kaspersky Labs regional office in Japan acted as technical leader & business executive, his retired to establish his own security protocol filtration product in a Japan security entity. Hendrik has joined LACERT works afterwards, he is in Japan government support for various educational security lecture activities in IPA, he is putting more efforts in contribution to local (Japan) and international security communities as an active speaker in various conferences i.e. IOTSecJP, R2CON, BotConf, AV Tokyo, ROOTCON, Brucon, DefCon Japan HACK.LU, etc, along with contribution as lecturer in security educational events in Japan at All Japan Security Camp and IPA ICSCoE's CyberCrest supporter. Aside of his daily work, in August 2012 he gathered world-wide security/network engineers to form a malware analysis initiative movement to then known as, an organization formed to suppress the growth of malware distribution, his shared technical writing on UNIX cyber threats can be viewed in with achievement listed in


    Activity & achievements to support security community:

  • Hiroki Kuzuno

    SECOM Co., Ltd.,, JP 

  • Hiroki Mashiko

    NTTDATA, Corp., JP 

    8 years experiences in Computer Forensic, Malware Analysis, Network log analysis, and Inciden Handling, and held some presentations in academic conferences, such as IPSJ / Computer Security Symposium.

  • Jeroen van der Ham

    NCSC-NL & University of Twente, NL 

    Jeroen van der Ham is senior researcher at NCSC-NL and associate professor of Cyber Security Incident Response at the University of Twente. At NCSC-NL he focuses on the many developments in coordinated vulnerability disclosure and ethics of the security profession. At the University of Twente he focuses on incident response, ethics of incident response and internet security research, denial of service attacks, and anonimization in network measurements.

  • John Kristoff

    DePaul University, US 

    John is a network architect in the Information Services division and adjunct faculty in the College of Computing and Digital Media at DePaul University. He is also a PhD candidate in Computer Science at the University of Illinois Chicago studying under the tutelage of Chris Kanich. He also currently serves as a research fellow at ICANN, sits on the NANOG program committee, and operates

  • Julien Bachmann

    Hacknowledge, CH 

    In 12+ years of experience in infosec, I've been both in red and blue teams. After several years performing penetration testing breaking into information systems and assessing the security of web and mobile applications, I joined the defence side first working as a security researcher for an MSSP and now as a CTO for Hacknowledge, a Swiss security monitoring solution. My background in offensive techniques allows me to have a different view on how to protect enterprises and their critical assets. Once an avid CTF player, I know keep practicing software exploitation and reverse engineering on the side. I spoke and gave software exploitation or reverse engineering workshops at several Swiss and European conferences including, Security BSides London, EUSecWest, Insomni'hack, OWASP Geneva, and Swiss Cyber Storm. Most of my public presentations could be found under :

  • Karthik Yetukuri

    VMware, US 

    Karthik has first hand experience working in the trenches, defending organizations from cyber threats, with emphasis on Security Operations, Threat Intelligence and Threat Hunting. In his current position, Karthik has the privilege of leading a team of DFIR and Threat Intel Specialists.

  • Klée Aiken

    CERT NZ, NZ 

    A Chicagoan lost in the Asia-Pacific, Klée is currently working as the Principal Pacific Partnership Advisor at CERT NZ, the national incident response team for New Zealand. He works to build stronger partnerships across the Pacific and with the global incident response community to support capacity building in the region. He is also a member of the Research Committee of the Global Forum on Cyber Expertise (GFCE), which works for more informed, complementary, and impactful cyber capacity building. Klée has worked on Asia-Pacific digital issues since 2013 having also served as a GFCE Advisory Board member; Senior Advisor - Strategic Engagement and Capacity Building at the Asia-Pacific Regional Internet Registry, APNIC; and as an analyst with the International Cyber Policy Centre at the Australian Strategic Policy Institute (ASPI).

  • Koen Van Impe Comm.V., BE 

    Incident Response, Security Monitoring and Threat Intelligence

  • Konrads Klints

    KPMG, SG 

  • Krassimir Tzvetanov

    Purdue University, US 

    Krassimir Tzvetanov is a graduate student at Purdue University focusing his research on Threat Intelligence, Operational Security Research, and Social Media Influence Operations, in the cyber domain. In the recent past Krassimir was a security architect at Fastly, a content delivery network (CDN) designed to accelerate content delivery as well as serve as a WAF and a shield against DDoS attacks. His current focus is on incident response and investigations, threat intelligence and security systems architecture. In the past he worked for hardware vendors like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation features, product security and security software development best practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two mission critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications. Krassimir is very active in the security research and investigation community, has a number of contributions to FIRST SIGs, as well as participates in the Honeynet Project. In addition, Krassimir ran the BayThreat security conference and has contributed to a number of other events like DefCon, where he ran the Radio Communications group, and ShmooCon and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.

  • Kunio Miyamoto

    NTT DATA Corporation, JP 

    He worked sections related to research and development above 20 years, and works NTTDATA-CERT - CSIRT for NTT DATA Group - for 10 years. He received B.D from University of Electro-Communications(1991), and Ph.D degree from INSTITUTE of INFORMATION SECURITY(2011).

  • Lasse Laukka

    Ericsson PSIRT, FI 

    Security professional and leader heading the Ericsson PSIRT (Product Security Incident Response Team).

  • Lisa Bradley

    Dell, US 

    Dr. Lisa Bradley is the Director of Product & Application Security at Dell Technologies focusing on Vulnerability Response & Customer Trust. In this role, she oversees the Product Security Incident Response Team (PSIRT) where she defines and drives vulnerability response and builds customer trust into the core of product and application security practices. Lisa has 20 years of Enterprise-class engineering and leadership experience including over eight years leading PSIRT programs for NVIDIA and IBM. Lisa is part of the FIRST PSIRT Sig and contributed to the FIRST PSIRT Services Framework, training, and PSIRT Maturity document. Lisa has spoken at many tech-related events including FIRST, BSIMM, DerbyCon, DEF CON, ISACA and Security Journey. Lisa enjoys spending time with her three children and teaching as an adjunct professor at local universities.

  • Lucimara Desidera /, BR 

    Lucimara is a Security Analyst at where she works in the areas of Outreach and Internet Security Awareness. She is also co-Chair of the Latin American and Caribbean Anti-Abuse Working Group (LAC-AAWG). Her activities include building awareness and fomenting the adoption of Internet Security best practices, as well as developing new best practices and supporting materials, working in cooperation with other incident response teams, with international organizations (such as LACNIC, LACNOG, FIRST and M3AAWG) and with different Internet sectors in Brazil. She has been speaker and program committee member at several national and international conferences. She is the Program Committee Chair for the 32nd Annual FIRST Conference (2020).

  • Margrete Raaum

    KraftCERT, NO 

    Margrete Raaum is manager for KraftCERT, the Norwegian CERT for energy (oil&gas&electric), water&waste water and industrial control system industry. She has a background from IC design, computer networking, and information security. She has worked on information security since 1998: for the ISP community, in academia for a number of years, as well the Norwegian Security Authority/National CERT (NSM/NorCERT) and at the grid- and transmission system operator (Statnett). She was on the board of directors of FIRST (The Forum for Incident Response and Security Teams) for 8 years, serving as chairman for 2 years.

  • Martin Nagel

    Niantic, Inc., CH 

    Martin Nagel is a Senior Security Engineer at Niantic and responsible for Threat monitoring, Incident Response and digital forensics. Prior to Niantic, Martin was working in the financial industry as a member of the corporate CSIRT team, responsible for digital forensics, malware and threat analysis, vulnerability management, the company own PKI and maintaining a wide set of security tools and solutions.

  • Michael Dwucet

    CERT-Bund / Federal Office for Information Security (BSI), DE 

    Michael Dwucet graduated as a Diplom-Informatiker in Computer Science at the University of Bonn in 2008. After his graduation, he worked as an officer for the Federal Office for Information Security (BSI) in Germany. Beginning as an Incident Responder and later as an Incident Manager for the Computer Emergency Response Team for the Federal Government (CERT-Bund), he handled many high profile cases in the Government and in Critical Infrastructures. In addition, he was one of the main relation officers for the CERT and worked with many national and international bodies and communities. He is one of the FIRST representatives for CERT-Bund and a regular conference attendee. Since 2020, he is the head of the section "CERT-Bund Incident Response and Liaison Office to the National Cyber Response Centre", responsible for the Incident Response of CERT-Bund for the German government and Critical Infrastructures.

  • Olivier Caleff


  • Righard Zwienenberg

    ESET, NL 

    Zwienenberg started dealing with computer viruses in 1988 after encountering the first virus problems at the Technical University of Delft. His interest thus kindled and studied virus behavior and presented solutions and detection schemes ever since. Initially starting as an independent consultant, in 1991 he co-founded CSE Ltd. In November 1995 Zwienenberg joined the Research and Development department of ThunderBYTE. In 1998 he joined the Norman Development team to work on the scanner engine. In 2005 Zwienenberg took the role of Chief Research Officer. After AMTSO – Anti Malware Testing Standards Organization – was formed, Zwienenberg was elected as president. He is serving on the board of AVAR and on the Technical Overview Board of the WildList. In 2011 Zwienenberg was looking for new opportunities and started as a Senior Research Fellow at ESET. In April 2012 Zwienenberg stepped down as President of AMTSO to take the role as CTO and later as CEO. In 2016 he rejoined the AMTSO board for another two-year run. He also is the Vice Chair of the Executive Committee of IEEE ICSG. In 2018, Zwienenberg joined the Europol European Cyber Crime Center (EC3) Advisory Group as an ESET representative. Zwienenberg has been a member of CARO since late 1991. He is a frequent speaker at conferences – among these Virus Bulletin, EICAR, AVAR, RSA, InfoSec, SANS, CFET, ISOI, SANS Security Summits, IP Expo, Government Symposia, SCADA seminars, etc. – and general security seminars. His interests are not limited to malicious code but have broadened to include general cybersecurity issues and encryption technologies over the past years.

  • Ronaldo de Vasconcellos

    Fox-IT - part of NCC Group, BR 

  • Ryusuke Masuoka

    Fujitsu System Integration Laboratories, JP 

    Dr. Ryusuke Masuoka is a research principal at Fujitsu System Integration Laboratories LTD (FSI), working on Cyber Security. Over 30 years, he has conducted research in neural networks, simulated annealing, agent system, pervasive/ubiquitous computing, Semantic Web, bioinformatics, Trusted Computing, Software/Security Validation, Cloud Computing, Smart Grid, the Internet of Things, Cyber Security Policy, and Cyber Security. He also led numerous standardization activities and collaborations with universities, national and private research institutes, and startups. He is an ACM senior member and an IEEE senior member.

  • Shin Adachi


    CISSP, CISM, CISA and PMP. A seasoned incident responder for decades with the Internet Protocol based information systems design and administration experience for decades, including carrier grade multinational networks as well as multinational corporate IT. Based in Silicon Valley now after living and working experience in both east and west coast of the United States, Japan and other APAC, and Europe in my life.

  • Thomas Fischer


    Thomas has over 30 years of experience in the IT industry ranging from software development to infrastructure & network operations and architecture to settle in information security. He has an extensive security background covering roles from incident responder to security architect at fortune 500 companies, vendors and consulting organisations. He is currently security advocate and threat researcher focused on advising companies on understanding their data protection activities against malicious parties not just for external threats but also compliance instigated.

    Thomas is also an active participant in the InfoSec community not only as a member but also as director of Security BSides London, ISSA UK chapter board member and speaker at events like SANS DFIR EMEA, DeepSec, Shmoocon, and various BSides events.

  • Tobias Dussa

    DFN-CERT Services GmbH, DE 

    Tobias holds an MSc in Computer Science, specializing in Systems Security, Cryptography, and Networking. After working as a sysadmin at the Scientific Supercomputing Centre Karlsruhe (SSCK) since 2004, he became a founding member of the Karlsruhe Institute of Technology's CERT (KIT-CERT) in 2008, which he headed as team lead from 2011 to 2018. Since 2020, he is a senior analyst with DFN-CERT, the German NREN CERT.

  • Tracy Bills

    CERT/CC, Software Engineering Institute, US 

    Tracy A. Bills is a Senior Cybersecurity Operations Researcher at the CERT® Division of Carnegie Mellon University’s Software Engineering Institute (SEI). She has over 20 years of combined experience in cybersecurity and intelligence analysis. She has helped build and mature national-level cybersecurity information sharing programs. Tracy has worked extensively to assist both public and private computer security incident response teams (CSIRTs) and security operations centers (SOCs) to develop, implement, and refine effective processes. Currently, her focus is on helping national-level CSIRTs build capabilities and capacity.

  • Ulrich Stadie

    EnBW, DE 

    Former Naval Flight Officer in the German Navy till 2006; from 2006 to 2010 university degree in computer sciences (main topics: forensic, security and robotics); 2011 to 2019 member of the KIT-CERT at the KIT (Karlsruher Institute of Technology in Karlsruhe, Germany); since 2019 senior IT security manager at Energie Baden-Württemberg (EnBW; German large energie provider and power authority).

  • Vaddi Venkateswara Rao


    Scientist at Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics and Information Technology, Government of India. Have 13 years of experience in the field of cybersecurity. My area of work is focused on cybersecurity incident response, investigations, vulnerability assessment and penetration testing of cyber infrastructure. International cybersecurity coordination, cooperation and lead of international working groups such as APCERT IoT Security Working Group. Reviewer of technical papers at various conferences & journals and program committee member at APCERT since 2017.

Gold Sponsor Highlight

FIRST is seeking sponsorships for its virtual edition of the 33rd annual conference on computer security and incident handling. Well-attended and well-received, the past virtual FIRST conference attracted over 2,500 delegates from over 110 countries. The annual conference is by far one of the most unique international assemblies of incident response and computer security professionals. Sponsorship opportunities are limited and are on a first-come, first-served basis. Contact for more information.

Checkout our full sponsorship team and exhibitor listing here.