33rd Annual FIRST Conference Virtual Event

Conference Program At-A-Glance

Final Agenda as of June 9, 2021.

To view the main session catalog, on-demand catalog, and workshop catalog, please select the option from the main menu under Program. You may also access speaker bios from the catalogs.

If you wish to register for a workshop, please click here.

Lastly, please be sure you read the Conference Q&A so you know what to expect.

Pre-Con | Sunday, June 6

Live Schedule (UTC) WorkAdventure
21:00-22:00
Social Event: Open Networking and Explore the Conference Venue

Day 1 | Monday, June 7

Live Schedule (UTC) Breakout 1 Breakout 2 Breakout 3 WorkAdventure
12:00 - 12:15 Opening Remarks
12:15 - 13:15 Keynote Presentation: An Unauthorized Exchange - From Targeted Espionage to the Global Cyber Pandemic
Steven Adair (Volexity, Inc., US)
Speaker Q&A, Networking, Exhibitor Hall
13:15 - 13:30 BREAK
13:30 - 14:00 Tech / Intermediate
Practical Attack Vectors and Their Ideal Defensive Strategies for ICS & SCADA

Mars Cheng, YenTing Lee (TXOne Networks, TW)
Mgmt / Intermediate
Building PPP Resilience Through National Level Cyber Exercises

Antti Nyqvist (Technology Industries of Finland, FI), Julia Vainio (NCSC-FI, FI)
Mgmt / Beginner
A Playbook for Effective Corporate Communication After a Cyber Security Incident

Dr. Jason Nurse (University of Kent, UK)
Speaker Q&A, Networking, Exhibitor Hall
14:00 - 14:30 Tech / Beginner
The Rise of the Eternal Botnet

David Sancho (Trend Micro, ES)
Mgmt / Intermediate
A Supply Chain Incident of Major Influence in Israel

Chen Girat (INCD, IL)
Mgmt / Beginner
Coming Together Under a Pandemic - Case Study on the COVID-19 MISP Information Sharing Community

Andras Iklody, Alexandre Dulaunoy (CIRCL, LU)
Speaker Q&A, Networking, Exhibitor Hall
14:30 - 14:45 BREAK
14:45 - 15:15 Tech / Beginner
Practical ISP CSIRT Incident Handling with Network Flows, ELK Stack and Cybersecurity Intelligence Signal - NIMBUS, A Community Service from Team Cymru.

Francisco Badaro (ITS Telecomunicacoes, BR), James Shank (Team Cymru, US)
Academic / Beginner
Incident Response as a Lawyers' Service

Dr. Daniel Woods (University of Innsbruck, AT)
SESSION CANCELLED Speaker Q&A, Networking, Exhibitor Hall
15:15 - 15:45 Tech / Advanced
Surviving a Ransomware Attack - Lessons from the Field

Peter Morin (Grant Thornton, CA)
Mgmt/Beginner
DNS is Under Attack - the Miscreant's Offensive Playbook with a Defensive Counter

Barry Greene (Akamai, US)
Mgmt / Beginner
Don't You Know That You're Toxic? Moving Towards Positive Security Practices within your Organisation

Nicole Harris (GEANT, UK), Sigita Jurkynaite (NRD CIRT)
Speaker Q&A, Networking, Exhibitor Hall
16:00 Social Event: Sponsor Booth Scavenger Hunt & Gold Sponsor Trivia Raffle
16:00 Capture the Flag Opening Information Session - Closed Registered

Day 2 | Tuesday, June 8

Live Schedule (UTC) Breakout 1 Breakout 2 Breakout 3 WorkAdventure
12:00 - 12:30 Tech / Intermediate
Scoring Security Vulnerabilities in Medical Devices: Rubric for CVSS

Sumanth Naropanth, Rahul U (Deep Armor, IN)
Mgmt / Intermediate
Root Cause Analysis (RCA) in Dell PSIRT

David Spencer (Dell Technologies, US)
Tech / Advanced
How to Apply the Machine Learning Appropriate Way for Your Security Operation

Kunihiko Yoshimura (Fujitsu, JP)
Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag
12:30- 13:00 Tech / Beginner
Simple Method of Automatic Risks Assessment for Web Systems Considering Assets Sensitivity

Mitsuharu Sasaki (NTT, JP)
Mgmt / Beginner
The CAIS/RNP Experience in Brazilian General Data Protection Law (LGPD) Compliance

Cleberson Silva (RNP - Rede Nacionial de Pesquisa e Ensino, BR), Nicole Rieckmann (CAIS - RNP, BR)
Tech / Intermediate
CGN - Carrier Grade NAT - Carrier Grade Problems

Simon Kenin (Independent Consultant, IL)
Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag
13:00 - 13:15 BREAK
13:15 - 14:15 Featured Panel: Life in Security - Practitioners in the Wild
Nazira Carlage (Salesforce, US), Jeffrey Carpenter (Secureworks, US), Katie Moussouris (Luta Security, US), Caroline Wong (Cobalt, US)
Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag
14:15 - 14:30 BREAK
14:30 - 15:00 Tech / Intermediate / PRE
Breaking the Chain of Trust

Alex Bazhaniuk, Jesse Michael, Mickey Shkatov (Eclypsium, US)
Tech / Advanced
Panel: Towards Real World Cyber Risk

Eireann Leverett (Airbus, UK), Matilda Rhode (Airbus, UK), Sasha Romanovsky (RAND, US), Jay Jacobs (Cyentia, US), Luca Allodi (Eindhoven University of Technology, NL)
Tech / Intermediate
Improving Internet Wide Scanning with Dynamic Scanning

Alexandre Dulaunoy (CIRCL, LU)
Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag
15:00 - 15:30 Tech / Intermediate / PRE
From RATs to Extorting Multibillion Companies: The Evolution of a Modern Ransomware Group

Fernando Merces (Trend Micro, BR)
Tech / Advanced
Panel: Towards Real World Cyber Risk (continued)
Mgmt / Intermediate
From 2017 to 2021: Integration of an Operational Situation Awareness Team to a CSIRT - The Need for Specific Missions When Scaling-up.

Lena Elemento, Esther Lyonnet (ANSSI - CERT-FR, FR)
Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag
15:30-16:30 Open Social Hour, Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag

Day 3 | Wednesday, June 9

Live Schedule (UTC) Breakout 1 Breakout 2 Breakout 3 WorkAdventure
12:00 - 12:30 Tech / Intermediate
Attacking Bluetooth LE Design and Implementation in Mobile + Wearables Ecosystems

Sunil Kumar, Nitin Lakshmanan (Deep Armor, IN)
Mgmt / Intermediate
Step 0 for a Multi-party Vulnerability Coordination is Yet Another Multi-party Vulnerability Coordination

Umair Bukhari (Ericisson, FI)
Mgmt / Intermediate
Considerations in CSIRT Activities in the Risk of Infection with New Real Viruses

Seiichi Komura (NTT Advanced Technology, JP)
Speaker Q&A, Networking, Exhibitor Hall
12:30 - 13:00 Tech / Intermediate
Attack Defense Graph analysis for supporting SOC and CSIRT operations

Frank Fransen (TNO, NL), Erik Ringdahl (foreseeti, SW)
Mgmt / Advanced
Connecting the Dots in a Cyber Pandemic Era

Dana Toren (INCD, IL)
Tech / Beginner
Gaining CISO Support and Improving Security Operations Situational Awareness with Threat Briefings

Angela Wu (VMware, SG)
Speaker Q&A, Networking, Exhibitor Hall
13:00 - 13:15 BREAK
13:15 - 13:45 Tech / Intermediate
CSAF 2.0 - A new start to automate advisories

Thomas Schmidt (CERT Bund, DE)
Mgmt / Intermediate
Influence Operations

Krassimir Tzvetanov (Purdue University, US)
Tech / Intermediate
From a Hospital into the Realm of Hades

Alberto Magallon Sabado, Juan Gonzalez (Cybersecurity Agency of Catalonia, ES)
Speaker Q&A, Networking, Exhibitor Hall
13:45 - 14:15 Tech / Intermediate
Defense Through Invisibility: Zero Trust Security for the Enterprise

Jason Garbis (Individual Contributor, US)
Mgmt/Beginner
Story Telling Through Reports

James Potter, Raja Jasper (Huntington Bank, US)
Tech / Intermediate
Dispatch: Crisis Management Automation for the Entire Organization

Marc Vilanova, Kevin Glisson (Netflix, US)
Speaker Q&A, Networking, Exhibitor Hall
14:15 - 14:20 BRIEF BREAK
14:20 - 14:45 Closing Remarks Speaker Q&A, Networking, Exhibitor Hall
14:45 - 16:00 Closing Social Hour, Speaker Q&A, Networking, Exhibitor Hall

Post-Con, Member-Only | Thursday, June 10

Live Schedule (UTC) Member-Only Access
13:00
FIRST Annual General Meeting
Members-only, please log into the FIRST Portal and visit the AGM section for details on how to attend the webinar.

Post-Con, CTF Participants | Friday, June 11

Live Schedule (UTC) CTF Participants and General Interest - Registration to be posted week of June 6
12:00-13:00
SecLounge Capture the Flag Closing Remarks and Awards Presentation
This closing session is open to all who wish to view the presentation. No registration required: https://first-org.zoom.us/j/98811495162?pwd=K1FsTTBHbkxaREJEQmpFbER2OHlKUT09

Post-Con, Workshops | Thursday, June 17

Live Schedule (UTC) Open to All Participants
13:00-16:00
Writing Meaningful Threat Intel Reports in MISP - No Capacity Restrictions
Andras Iklody, Alexandre Dulaunoy, Sami Mokaddem (CIRCL, LU)

Post-Con, Workshops | Thursday, June 24

Live Schedule (UTC) Open to All Participants
13:00-14:30
Modern Threat Hunting - No Capacity Restrictions
Vicente Diaz (TotalVirus, ES)

Post-Con, Workshops | Thursday, July 1

Live Schedule (UTC) Open to All Participants
13:00-14:30
Applying CTF Framework to Online Incident Response Exercise - Capacity Restriction - 60 Seats
Yoshihiro Masuda (Fujifilm Business Innovation Corporation, JP), Hajime Ishizuka (NTT Security, JP), Takashi Kasubuchi (NTT-WEST, JP), Yusuke Kon (Trend Micro, JP)

Post-Con, Workshops | Thursday, July 15

Live Schedule (UTC) Open to All Participants
13:00-15:00
Using Yara & Strelka to Identify & Detect Malware - Capacity Restriction - 75 Seats
Derek Thomas, Paul Hutelmyer (Target, US)