33rd Annual FIRST Conference • Virtual Event
Natsuko Inui works with FS-ISAC colleagues in the AP region to foster the community in sharing, collaboration and engagement in the Asia Pacific region. Previous to FS-ISAC, she was an Analyst at Cyber Defense Institute involved in government research projects regarding incident response and cyber-exercises. She is also Vice Chair of the Nippon CSIRT Association, the CSIRT community of Japan.
Adli Wahid is a Senior Internet Security Specialist at the Asia Pacific Network Information Centre (APNIC). He's responsible for APNIC's security outreach activities which includes engagements with CERTs/CSIRTs, LEAs and network operators . Adli had also served as a member of the FIRST board from 2014 to 2019.
Andrew has been a member of the FIRST community for more than 20 years. From 1999-2004 he was Head of CSIRT for the UK's National Research and Education Network; nowadays he looks at how technology and data can be used in ways that can support policy and regulatory objectives, including incident response. He writes in all formats from tweets to blogs and peer-reviewed papers. He is a frequent speaker at national and international conferences, and was programme chair for the Edinburgh conference in 2019.
Baiba Kaskina is the general manager of CERT.LV (Latvian National and governmental CSIRT) managing all activities including incident response, awareness raising and liaison with the constituencies. She has been leading CSIRT teams in Latvia since 2006 and used to work for GEANT / TERENA (the Netherlands) managing large scale projects including secretariat for TF-CSIRT. From 2014-2019 Baiba was the Chair of TF-CSIRT. Baiba has been involved in different CSIRT related projects including responsible disclosure related debates, CSIRT maturity definition, assistance to newly developed teams and legal aspects of CSIRT work. Baiba is also one of the TRANSITS training courses teachers and co-chair of the FIRST Membership Committee.
RCTS CERT, PT
Carlos was born in Lisbon (Portugal), and graduated in Computer Science at the University of Lisbon in 1999. He was a Systems Engineer at University of Lisbon from 1996 to 2000 -- with a short spell at FCCN, working for the Portuguese Schools' Network Team and ccTLD .PT. Back to FCCN during 2000, he managed the Portuguese Internet Exchange (Gigapix) for 15 years, participating at Euro-IX (euro-ix.net), while also contributing to the Networking Team, responsible for AS1930's backbone. Over the years Carlos has delivered IPv6 courses (around Europe and Portuguese speaking countries in Africa) and also some talks at TERENA Networking Conferences and RIPE meetings. He is also a co-author of several policy proposals. Since late 2015 he moved into CyberSecurity, taking a leadership role at RCTS CERT, the Portuguese R&E Network's Computer Emergency Response Team. From 2016 to 2018 he was the Chairman of the Portuguese CSIRT Network's General Assembly (redecsirt.pt). He was also LinhaAlerta's manager between 2016 and 2018, and represented the portuguese Hotline at the INHOPE Association (inhope.org). He now usually attends FIRST, TF-CSIRT and RIPE meetings, mostly focusing on incident response and anti-abuse issues.
Dell/Product and Application Security, US
Chung Kuan Chen
CyCraft Technology, TW
Chung-Kuan Chen is currently a senior researcher in CyCraft, and responses for organizing research team. He earned his PHD degree of Computer Science and Engineering from National Chiao-Tung University (NCTU). His research focuses on cyber attack and defense, machine learning, software vulnerability, malware and program analysis. He tries to utilize machine learning to assist malware analysis and threat hunting, and build automatic attack and defense systems. He has published several academic journal and conference papers, and has involved in many large research projects from digital forensic, incident response to malware analysis. He also dedicates to security education. Founding of NCTU hacker research clubs, he trained students to participate world-class security contests, and has experience of participating DEFCON CTF (2016 in HITCON Team and 2018 as coach in BFS team). He organized BambooFox Team to join some bug bounty projects and discover some CVEs in COTS software and several vulnerabilities in campus websites. Besides, he has presented technical presentations in technique conferences, such as BlackHat, HITCON, HITB, RootCon, CodeBlue OpenTalk, FIRST and VXCON. As an active member in Taiwan security community, he is in the chairman of HITCON review committee, and ex-chief of CHROOT - the top private hacker group in Taiwan.
Target Corporation, US
David has more than 20 years of experience in the information security field, with a particular focus on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of incident detection, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project (http://ThreatHunting.net). You can follow him on Twitter as @DavidJBianco or subscribe to his blog, "Enterprise Detection & Response" (http://detect-respond.blogspot.com).
European Commission, BE
Incident handler for 10 years at CERT.be till 2014 then in the European Institutions. Leading the European Commission Incident Reponse Team (EC DIGIT CSIRC) since 2019.
Juniper Networks, US
Derrick Scholl is the Sr. Director of Juniper Network’s Security Incident Response Team (SIRT). Derrick has been leading Product SIRTs for more than 20 years with previous positions at Oracle and Sun Microsystems.
Since attending his first FIRST conference in Chicago in 2000, Derrick has been a huge FIRST enthusiast. He’s been to every Annual Conference since and attended countless regional conferences, symposia, and TCs. He was elected to the FIRST Board of Directors in 2006 and served two terms as the Chairman of FIRST in 2007 and 2008. He stepped down from the Board in 2009 but came back to serve an additional 8 years from 2011-2019.
Because of his passion for the Annual Conference, Derrick served as the Board Liaison or Conference chair for the conferences in Berlin, Puerto Rico, and Edinburgh. Since leaving the Board, Derrick has served on the Program Committee for the last two conferences.
Emer O’Neill is the Senior Manager of the VMware Security Response Center, a group which is part of VMware Engineering Services, a central function within R&D. With more than 20 years of technical and management experience in the high-tech industry, Emer has been with VMware for the past 14 years and worked in the customer facing Global Support Services (GSS) as both a technical support engineer and then manager and more recently in 2016 moved to R&D leading a global team whom are responsible for analysis and remediation of software security issues in VMware products and services. Emer holds a MBS in Business Practice from UCC & the Irish Management Institute. Emer is passionate about security and has been an active member of FIRST for the past three years.
Enrico Lovat received his PhD from the Technical University of Munich for his research on the topics of usage control and information flow tracking. He joined Siemens CERT in 2016 as incident handler. Currently, he is responsible for the Cyber Threat Intelligence team at Siemens CERT.
Eric is the Security Engineering Manager at AMI responsible for Product Security Incidence Response, Secure Development Lifecycle, secure development training, etc.
Eric Zielinski is the Director of Security Operations for Veeva Systems where he is responsible for design, implementation, and maintenance of the detection, response, and threat intelligence processes. Prior to Veeva, Eric led the Cloud Security Engineering organization at Nationwide, where his teams were responsible for vulnerability management, data protection, identity access management, and security automation. He is a frequent speaker at conferences such as FS ISAC, SANS, O’Reilly, etc.. Zielinski holds a bachelor’s degree in Information Systems from Franklin University and several certifications, such as GCCC, GMON, EnCE, and GCIH.
Ernesto Perez Estevez
In charge of CSIRT CEDIA since 2013. Long time Linux fan (1995-present).
After completing his studies in engineering, Frank Herberg worked on IT infrastructure and security projects for a number of technology consulting firms. In 2012, he joined SWITCH-CERT. Today, Frank is Head of SWITCH-CERT for its Commercial Sectors. Frank is the author of the FIRST IPv6 Security training materials. In the past years, he conducted divers IPv6 security trainings and hands-on workshops for the security community.
Recorded Future, US
Gavin Reid is the CSO for Recorded Future. Recorded Future delivers advanced security intelligence to disrupt adversaries, empower defenders, and protect organizations. Reid has global responsibility for ensuring the protection, integrity, confidentiality, and availability of all customer-facing services, internal operational systems, and related information assets. Gavin has 20 years of experience in the management of all aspects of security for large enterprises. Strong ability to create and direct fast-moving technical security teams with industry-leading incident response, security research, and threat intelligence capabilities. Creator of Cisco's Security Incident Response Team (CSIRT), Cisco's Threat Research and Communications (TRAC) and Fidelity's Cyber Information Group (CIG).
After his IT apprenticeship with a focus on software development at a Swiss financial service provider, Gregor Wegberg decided to study computer science at the Swiss Federal Institute of Technology (ETH) in Zurich. After graduating with a master’s degree in computer science (MSc ETH CS), he joined Oneconsult AG in January 2017 as a penetration tester and security consultant and was promoted to senior security consultant & penetration tester in December 2017. Since February 2020 he has been Head of Digital Forensics & Incident Response.
LACERT, Cyber Emergency Center, Incident Management Group, JP
Hendrik Adrian was a bachelor of Electrical Engineering when received Master of Science in Computer & Information Sciences & Support Services. Hendrik was working straight in the IT security field with UNIX skills in security hardening on various systems, his noted achievement was as co-founder and CEO of Kaspersky Labs regional office in Japan acted as technical leader & business executive, his retired to establish his own security protocol filtration product in a Japan security entity. Hendrik has joined LACERT works afterwards, he is in Japan government support for various educational security lecture activities in IPA, he is putting more efforts in contribution to local (Japan) and international security communities as an active speaker in various conferences i.e. IOTSecJP, R2CON, BotConf, AV Tokyo, ROOTCON, Brucon, DefCon Japan HACK.LU, etc, along with contribution as lecturer in security educational events in Japan at All Japan Security Camp and IPA ICSCoE's CyberCrest supporter. Aside of his daily work, in August 2012 he gathered world-wide security/network engineers to form a malware analysis initiative movement to then known as MalwareMustDie.org, an organization formed to suppress the growth of malware distribution, his shared technical writing on UNIX cyber threats can be viewed in https://blog.malwaremustdie.org with achievement listed in https://en.wikipedia.org/wiki/MalwareMustDie
Activity & achievements to support security community:
SECOM Co., Ltd.,, JP
NTTDATA, Corp., JP
8 years experiences in Computer Forensic, Malware Analysis, Network log analysis, and Inciden Handling, and held some presentations in academic conferences, such as IPSJ / Computer Security Symposium.
Jeroen van der Ham
NCSC-NL & University of Twente, NL
Jeroen van der Ham is senior researcher at NCSC-NL and associate professor of Cyber Security Incident Response at the University of Twente. At NCSC-NL he focuses on the many developments in coordinated vulnerability disclosure and ethics of the security profession. At the University of Twente he focuses on incident response, ethics of incident response and internet security research, denial of service attacks, and anonimization in network measurements.
DePaul University, US
John is a network architect in the Information Services division and adjunct faculty in the College of Computing and Digital Media at DePaul University. He is also a PhD candidate in Computer Science at the University of Illinois Chicago studying under the tutelage of Chris Kanich. He also currently serves as a research fellow at ICANN, sits on the NANOG program committee, and operates DataPlane.org.
In 12+ years of experience in infosec, I've been both in red and blue teams. After several years performing penetration testing breaking into information systems and assessing the security of web and mobile applications, I joined the defence side first working as a security researcher for an MSSP and now as a CTO for Hacknowledge, a Swiss security monitoring solution. My background in offensive techniques allows me to have a different view on how to protect enterprises and their critical assets. Once an avid CTF player, I know keep practicing software exploitation and reverse engineering on the side. I spoke and gave software exploitation or reverse engineering workshops at several Swiss and European conferences including Hack.lu, Security BSides London, EUSecWest, Insomni'hack, OWASP Geneva, and Swiss Cyber Storm. Most of my public presentations could be found under : https://speakerdeck.com/milkmix
Karthik has first hand experience working in the trenches, defending organizations from cyber threats, with emphasis on Security Operations, Threat Intelligence and Threat Hunting. In his current position, Karthik has the privilege of leading a team of DFIR and Threat Intel Specialists.
CERT NZ, NZ
A Chicagoan lost in the Asia-Pacific, Klée is currently working as the Principal Pacific Partnership Advisor at CERT NZ, the national incident response team for New Zealand. He works to build stronger partnerships across the Pacific and with the global incident response community to support capacity building in the region. He is also a member of the Research Committee of the Global Forum on Cyber Expertise (GFCE), which works for more informed, complementary, and impactful cyber capacity building. Klée has worked on Asia-Pacific digital issues since 2013 having also served as a GFCE Advisory Board member; Senior Advisor - Strategic Engagement and Capacity Building at the Asia-Pacific Regional Internet Registry, APNIC; and as an analyst with the International Cyber Policy Centre at the Australian Strategic Policy Institute (ASPI).
Koen Van Impe
cudeso.be Comm.V., BE
Incident Response, Security Monitoring and Threat Intelligence https://www.vanimpe.eu
Purdue University, US
Krassimir Tzvetanov is a graduate student at Purdue University focusing his research on Threat Intelligence, Operational Security Research, and Social Media Influence Operations, in the cyber domain. In the recent past Krassimir was a security architect at Fastly, a content delivery network (CDN) designed to accelerate content delivery as well as serve as a WAF and a shield against DDoS attacks. His current focus is on incident response and investigations, threat intelligence and security systems architecture. In the past he worked for hardware vendors like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation features, product security and security software development best practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two mission critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications. Krassimir is very active in the security research and investigation community, has a number of contributions to FIRST SIGs, as well as participates in the Honeynet Project. In addition, Krassimir ran the BayThreat security conference and has contributed to a number of other events like DefCon, where he ran the Radio Communications group, and ShmooCon and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.
NTT DATA Corporation, JP
He worked sections related to research and development above 20 years, and works NTTDATA-CERT - CSIRT for NTT DATA Group - for 10 years. He received B.D from University of Electro-Communications(1991), and Ph.D degree from INSTITUTE of INFORMATION SECURITY(2011).
Ericsson PSIRT, FI
Security professional and leader heading the Ericsson PSIRT (Product Security Incident Response Team).
Dr. Lisa Bradley is the Director of Product & Application Security at Dell Technologies focusing on Vulnerability Response & Customer Trust. In this role, she oversees the Product Security Incident Response Team (PSIRT) where she defines and drives vulnerability response and builds customer trust into the core of product and application security practices. Lisa has 20 years of Enterprise-class engineering and leadership experience including over eight years leading PSIRT programs for NVIDIA and IBM. Lisa is part of the FIRST PSIRT Sig and contributed to the FIRST PSIRT Services Framework, training, and PSIRT Maturity document. Lisa has spoken at many tech-related events including FIRST, BSIMM, DerbyCon, DEF CON, ISACA and Security Journey. Lisa enjoys spending time with her three children and teaching as an adjunct professor at local universities.
CERT.br / NIC.br, BR
Lucimara is a Security Analyst at CERT.br/NIC.br where she works in the areas of Outreach and Internet Security Awareness. She is also co-Chair of the Latin American and Caribbean Anti-Abuse Working Group (LAC-AAWG). Her activities include building awareness and fomenting the adoption of Internet Security best practices, as well as developing new best practices and supporting materials, working in cooperation with other incident response teams, with international organizations (such as LACNIC, LACNOG, FIRST and M3AAWG) and with different Internet sectors in Brazil. She has been speaker and program committee member at several national and international conferences. She is the Program Committee Chair for the 32nd Annual FIRST Conference (2020).
Margrete Raaum is manager for KraftCERT, the Norwegian CERT for energy (oil&gas&electric), water&waste water and industrial control system industry. She has a background from IC design, computer networking, and information security. She has worked on information security since 1998: for the ISP community, in academia for a number of years, as well the Norwegian Security Authority/National CERT (NSM/NorCERT) and at the grid- and transmission system operator (Statnett). She was on the board of directors of FIRST (The Forum for Incident Response and Security Teams) for 8 years, serving as chairman for 2 years.
Niantic, Inc., CH
Martin Nagel is a Senior Security Engineer at Niantic and responsible for Threat monitoring, Incident Response and digital forensics. Prior to Niantic, Martin was working in the financial industry as a member of the corporate CSIRT team, responsible for digital forensics, malware and threat analysis, vulnerability management, the company own PKI and maintaining a wide set of security tools and solutions.
CERT-Bund / Federal Office for Information Security (BSI), DE
Michael Dwucet graduated as a Diplom-Informatiker in Computer Science at the University of Bonn in 2008. After his graduation, he worked as an officer for the Federal Office for Information Security (BSI) in Germany. Beginning as an Incident Responder and later as an Incident Manager for the Computer Emergency Response Team for the Federal Government (CERT-Bund), he handled many high profile cases in the Government and in Critical Infrastructures. In addition, he was one of the main relation officers for the CERT and worked with many national and international bodies and communities. He is one of the FIRST representatives for CERT-Bund and a regular conference attendee. Since 2020, he is the head of the section "CERT-Bund Incident Response and Liaison Office to the National Cyber Response Centre", responsible for the Incident Response of CERT-Bund for the German government and Critical Infrastructures.
Zwienenberg started dealing with computer viruses in 1988 after encountering the first virus problems at the Technical University of Delft. His interest thus kindled and studied virus behavior and presented solutions and detection schemes ever since. Initially starting as an independent consultant, in 1991 he co-founded CSE Ltd. In November 1995 Zwienenberg joined the Research and Development department of ThunderBYTE. In 1998 he joined the Norman Development team to work on the scanner engine. In 2005 Zwienenberg took the role of Chief Research Officer. After AMTSO – Anti Malware Testing Standards Organization – was formed, Zwienenberg was elected as president. He is serving on the board of AVAR and on the Technical Overview Board of the WildList. In 2011 Zwienenberg was looking for new opportunities and started as a Senior Research Fellow at ESET. In April 2012 Zwienenberg stepped down as President of AMTSO to take the role as CTO and later as CEO. In 2016 he rejoined the AMTSO board for another two-year run. He also is the Vice Chair of the Executive Committee of IEEE ICSG. In 2018, Zwienenberg joined the Europol European Cyber Crime Center (EC3) Advisory Group as an ESET representative. Zwienenberg has been a member of CARO since late 1991. He is a frequent speaker at conferences – among these Virus Bulletin, EICAR, AVAR, RSA, InfoSec, SANS, CFET, ISOI, SANS Security Summits, IP Expo, Government Symposia, SCADA seminars, etc. – and general security seminars. His interests are not limited to malicious code but have broadened to include general cybersecurity issues and encryption technologies over the past years.
Ronaldo de Vasconcellos
Fox-IT - part of NCC Group, BR
Fujitsu System Integration Laboratories, JP
Dr. Ryusuke Masuoka is a research principal at Fujitsu System Integration Laboratories LTD (FSI), working on Cyber Security. Over 30 years, he has conducted research in neural networks, simulated annealing, agent system, pervasive/ubiquitous computing, Semantic Web, bioinformatics, Trusted Computing, Software/Security Validation, Cloud Computing, Smart Grid, the Internet of Things, Cyber Security Policy, and Cyber Security. He also led numerous standardization activities and collaborations with universities, national and private research institutes, and startups. He is an ACM senior member and an IEEE senior member.
CISSP, CISM, CISA and PMP. A seasoned incident responder for decades with the Internet Protocol based information systems design and administration experience for decades, including carrier grade multinational networks as well as multinational corporate IT. Based in Silicon Valley now after living and working experience in both east and west coast of the United States, Japan and other APAC, and Europe in my life.
Thomas has over 30 years of experience in the IT industry ranging from software development to infrastructure & network operations and architecture to settle in information security. He has an extensive security background covering roles from incident responder to security architect at fortune 500 companies, vendors and consulting organisations. He is currently security advocate and threat researcher focused on advising companies on understanding their data protection activities against malicious parties not just for external threats but also compliance instigated.
Thomas is also an active participant in the InfoSec community not only as a member but also as director of Security BSides London, ISSA UK chapter board member and speaker at events like SANS DFIR EMEA, DeepSec, Shmoocon, and various BSides events.
DFN-CERT Services GmbH, DE
Tobias holds an MSc in Computer Science, specializing in Systems Security, Cryptography, and Networking. After working as a sysadmin at the Scientific Supercomputing Centre Karlsruhe (SSCK) since 2004, he became a founding member of the Karlsruhe Institute of Technology's CERT (KIT-CERT) in 2008, which he headed as team lead from 2011 to 2018. Since 2020, he is a senior analyst with DFN-CERT, the German NREN CERT.
CERT/CC, Software Engineering Institute, US
Tracy A. Bills is a Senior Cybersecurity Operations Researcher at the CERT® Division of Carnegie Mellon University’s Software Engineering Institute (SEI). She has over 20 years of combined experience in cybersecurity and intelligence analysis. She has helped build and mature national-level cybersecurity information sharing programs. Tracy has worked extensively to assist both public and private computer security incident response teams (CSIRTs) and security operations centers (SOCs) to develop, implement, and refine effective processes. Currently, her focus is on helping national-level CSIRTs build capabilities and capacity.
Former Naval Flight Officer in the German Navy till 2006; from 2006 to 2010 university degree in computer sciences (main topics: forensic, security and robotics); 2011 to 2019 member of the KIT-CERT at the KIT (Karlsruher Institute of Technology in Karlsruhe, Germany); since 2019 senior IT security manager at Energie Baden-Württemberg (EnBW; German large energie provider and power authority).
Vaddi Venkateswara Rao
Scientist at Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics and Information Technology, Government of India. Have 13 years of experience in the field of cybersecurity. My area of work is focused on cybersecurity incident response, investigations, vulnerability assessment and penetration testing of cyber infrastructure. International cybersecurity coordination, cooperation and lead of international working groups such as APCERT IoT Security Working Group. Reviewer of technical papers at various conferences & journals and program committee member at APCERT since 2017.