33rd Annual FIRST Conference Virtual Event

Call For Speakers - 2021 is CLOSED

To ensure the safety of FIRST community members and to deliver the best possible conference, the decision has been made for the 33rd Annual FIRST Conference to be held virtually on the originally planned week of June 6-11, 2021. The Japanese incident response community is saddened we cannot welcome you to Japan, but we believe the decision was made in the best interest for all. Thanks to everyone’s feedback and advice, we are working towards creating an even more interactive and engaging conference online.

The annual FIRST conference brings together global security and incident response professionals from all stages of their careers and from public, private, and academic sectors to exchange information and ideas, learn together, build trust relationships, and co-operate on areas of mutual interest. We are looking for engaging speakers to present on the latest Incident Response and Information Security topics and ideas, to strengthen our individual and collective ability to prevent, and to detect and respond to computer security incidents. The virtual FIRST Annual Conference in 2020 proved the FIRST community brings some of the best content, and a highly engaged and enthusiastic audience; most if not all sessions were full of questions from the audience. We look forward to sharing content, engaging questions, and fostering dialogue to a truly worldwide community of security organizations and individuals.

Speaker Privileges

Accepted presenters of workshops and presentations will receive a complimentary conference registration. This offer extends to co-presenters. There will be a nominal fee of $200 USD for all non-member registrants this year.


Under the conference theme, “Crossing Uncertain Times,” we invite submissions on the following broad topics:

  • Crossing Uncertain Times - Lessons learned from 2020
    • What have we learned, what can we learn, experiences, stories, advice
  • New Attacks – technical, human, supply chain, etc.
    • Learning what attackers are doing now, and what they may do in the future
  • New Defenses – beyond the broken perimeter
    • Using new approaches, technologies, and fields of knowledge to do security better
  • New Targets – security and incident response for mobile, ICS, IoT, cloud, etc.
    • Protecting computers/devices/networks/data in new environments
  • Detection – new techniques, data analysis
    • Identifying suspicious activity quickly and accurately
  • Analyzing Attacks and Intrusions – tools, techniques, analysis, results
    • Understanding what happened, how it happened, and what the consequences are
  • Building Better Products – product security, secure software development
    • Finding and fixing bugs, and avoiding them in the first place, coordination, disclosure
  • Defenses in Place – skills, maturity, resilience, awareness, communication, etc.
    • Developing teams and team staff that can cope under pressure, building the next generation of responders
  • Defending Others – national CSIRTs, third-party incidents
    • Responding to incidents when it’s not your systems or networks that are attacked; managing and preparing for third-party vendor incidents, including contractually
  • Joining Forces – sharing, collaboration, working with others
    • Sharing knowledge and providing help, within and beyond the IR community
  • Sharing Stories – case studies
    • Mitigation and response, lessons learned from actual incidents, preventing repeats
  • Playing by the Rules – privacy, ethics, norms, governance, standards & best practices
    • How they impact IR, ensuring incident response enhances the online world

We are looking for ideas, developments or experiences that can be applied to advance the state of security and incident response practice. Ideas that can be implemented by other teams - without requiring proprietary information or software - are particularly welcome. We hope this list helps you think of work you or your team members can present. We are not looking for introductory presentations, for example on the need for incident response or the use of common tools.

We do not allow presentations with the aim of gaining the audience’s interest in any commercial application, solution, or product. In other words, NO SALES OR MARKETING PRESENTATIONS!

Conference Format

The conference will be presented virtually and will comprise of parallel tracks, providing a range of different styles of learning and different levels of technical/management content. Submissions should indicate whether their content is best described as technical, management or academic; also, whether journal publication would be of interest.

The official language of the FIRST Annual Conference is English. However, please keep in mind that many participants will not be native English speakers.

TLP Classification

The 33rd Annual FIRST conference will be classified as TLP:WHITE. Submitters will need to check a box in the submission form to confirm the content will be TLP:WHITE. For more information on the Traffic Light Protocol (TLP), please visit https://www.first.org/tlp/.

ACM Digital Threats: Research and Practice Journal

FIRST cooperates with the ACM Digital Threats: Research and Practice journal to create a special issue for the conference. After the conference, there is an opportunity for presenters to submit to this issue. An invitation for submission will be sent after the conference.

Submission Types

Submissions should propose one of the following formats (note that the Program Committee may contact you to suggest a different format for a talk or session):

  • Presentations (30 min, exclusive of Q&A): conventional presentation to an audience
  • Tutorials/Workshops (suggested duration for virtual workshops is up to 90 min.): hands-on practical workshops. FIRST can only provide download storage for workshop materials, and any infrastructure needed for the workshop must be provided by the presenters. Must also include a statement of any prior knowledge/skills that attendees will be assumed to have.
  • Panels (up to 60 min, exclusive of Q&A): Must include details of the moderator, suggested duration, and tentative list of panelists including bios

You will be required to specify if you would like to deliver your talk live or pre-recorded, or open to both.

Submittal and Review Process

All submissions are reviewed by an international volunteer program committee composed of experts and practitioners representing a diverse set of teams and organizations. These are responsible for selecting the best and most relevant papers to make up the conference program.

FIRST does not require you to submit a formal paper for consideration. However, your submission must provide enough detail to, at least, let the reviewers understand:

  • What problem is this addressing?
  • How does this help? Who will benefit?
  • What will attendees learn?
  • You must provide an abstract (no more than 200 words) and a detailed outline (300-1,000 words) to explain what the talk is about in a way that makes people interested in hearing it.

The following sections on the CFP submissions form are mandatory and notated by red asterisks within the form:

  • Speaker Information – Name, Company/Organization, Job Position, Contact information, Bio
  • Session Title - A concise summary of the submission
  • Submission Type - Presentation, tutorial or workshop, panel
  • Track Type – Choose the intended audience: Technical, Leadership/Management or Academic
  • Session Level – Beginner, Intermediate or Advanced
  • Session Tags/Keywords – Select the tags/keywords for your submission (multiple choices)
  • Is your talk TLP:WHITE? – Due to the nature of online conferences, submissions need to be TLP:WHITE
  • Preferred Presentation Option: Would you like to present live, pre-recorded, or open to both?
  • Session Abstract - Summary of the talk that will be posted on the conference agenda
  • Session Details/Outline - Either an explanation or bullet points that explains the actual content
  • Attendee Takeaways? - Concrete takeaways of the session, what will attendees learn from your talk?
  • Additional Submission Information: If there is other information not covered in above sections and/or links to related material, please include them here.
  • Additional Speakers – If there are multiple contributors, please add them in this section, and also include bios of all speakers and authors in the speaker bio section

** Tutorial and workshop submissions should also specify the ideal number of attendees for the session. Please fill in the workshop duration item in the submission form.

You are welcome to include additional material to support your proposal (e.g. a whitepaper, a draft paper, a workshop guideline, etc.). The clearer your ideas are organized and presented, the better reviewers can comprehend and evaluate your proposal.

Submissions must be complete by the closing date (see Important Dates) or they will be rejected. You are, therefore, encouraged to submit two weeks earlier, to give us time to check and let you know if you have not provided sufficient information for the reviewers to assess.

FIRST requires a non-exclusive copyright license for all materials delivered at the conference. Where employer, client or government authorization is needed, it is the responsibility of the author(s) to obtain that authorization prior to submitting the final materials.

Accepted submissions will be published on the conference website with associated speaker biographies and head shots (if applicable), for which the same usage rights are required by FIRST.

NOTE: FIRST 2021 is an online conference, which welcomes non-members, press and social media coverage. After the conference, presentation materials will be made available on the public area of the FIRST website. Please be sure you are comfortable with the content of your presentation being handled as TLP:WHITE.

Code of Conduct

FIRST aims to develop a global community of security teams. One of the main goals is for FIRST events to be places where trust is built. Therefore, FIRST events are intended to be inclusive, open, collaborative, and enjoyable to all participants. For that, all speakers are required to follow the FIRST Code of Conduct (https://www.first.org/about/policies/code-of-conduct).

Important Dates

  • January 7, 2021 – CFS Open
  • February 5, 2021 (15:00 UTC) – CFS Close
  • February 6, 2021 - March 31, 2021 – Submission Review, PC Collaboration Calls, Final Selections
  • Early April 2021 – Acceptance Notifications


If you have any questions about the conference submission process or need additional information, please contact the Program Chair, Natsuko Inui, at first-2021chair@first.org.

On behalf of the Program Committee and the Conference Planning Team, we are creating a compelling program for you and look forward to hearing your ideas online!

For all other queries, or assistance with the submission form, please send email to events@first.org.