34th Annual FIRST Conference | "Neart Le Chéile: Strength Together"
FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.
The Forum of Incident Response and Security Teams (FIRST) is an international not-for-profit organization bringing together a variety of security and incident response teams. FIRST is comprised of over 600 member teams from 99 countries representing government agencies, academia, commercial enterprises, and financial corporations.
Effective internet response is a global task. Based on a peer-to-peer network governance model, Computer Security Incident Response Teams (CSIRTs), Product Security Incident Response Teams (PSIRTs), and independent security researchers work together to limit the damage of security incidents. Incidents are not confined to one cultural or political corner of the internet, nor do they respect physical borders or boundaries.
The FIRST annual conference promotes worldwide coordination and cooperation among computer security and incident response teams (CSIRTs). The conference provides a forum for sharing goals, ideas, and information on how to improve computer security on a global scale. This year’s annual conference is scheduled to take place in-person with limited virtual components, June 26 through July 1, 2022 at the Convention Centre Dublin, in Dublin, Ireland.
2021 Conference Video Highlights
- A Welcome Message from FIRST Exec. Dir., Chris Gibson
- Keynote: An Unauthorized Exchange - From Targeted Espionage to the Global Cyber Pandemic
- A Playbook for Effective Corporate Communication After a Cyber Security Incident
- A Supply Chain Incident of Major Influence in Israel
- Attack Defense Graph Analysis for Supporting SOC and CSIRT Operations
- Attacking Bluetooth LE Design and Implementation in Mobile + Wearables Ecosystems
- Breaking the Chain of Trust
- Building PPP Resilience Through National Level Cyber Exercises
- The CAIS/RNP Experience in Brazilian General Data Protection Law (LGPD) Compliance
- CGN - Carrier Grade NAT - Carrier Grade Problems
- Coming Together Under a Pandemic - Case Study on the COVID-19 MISP Information Sharing Community
- Connecting the Dots in a Cyber Pandemic Era
- Considerations in CSIRT Activities in the Risk of Infection with New Real Viruses
- CSAF 2.0 - A New Sstart to Automate Advisories
- Defense Through Invisibility: Zero Trust Security for the Enterprise
- Dispatch: Crisis Management Automation for the Entire Organization
- DNS is Under Attack - the Miscreant's Offensive Playbook with a Defensive Counter
- Don't You Know That You're Toxic? Moving Towards Positive Security Practices w/in Your Organization
- Life in Security - Practitioners in the Wild (Panel)
- From 2017 to 2021: Integration of an Operational Situation Awareness Team to a CSIRT...
- From a Hospital into the Realm of Hades
- From RATs to Extorting Multibillion Companies: The Evolution of a Modern Ransomware Group
- Gaining CISO Support and Improving Security Operations Situational Awareness with Threat Briefings
- How to Apply the Machine Learning Appropriate Way for Your Security Operation
- Improving Internet Wide Scanning with Dynamic Scanning
- Influence Operations
- Practical Attack Vectors and Their Ideal Defensive Strategies for ICS & SCADA
- Practical ISP CSIRT Incident Handling w/ Network Flows, ELK Stack & Cybersecurity Intelligence...
- The Rise of the Eternal Botnet
- Root Cause Analysis (RCA) in Dell PSIRT
- Scoring Security Vulnerabilities in Medical Devices: Rubric for CVSS
- Simple Method of Automatic Risks Assessment for Web Systems Considering Assets Sensitivity
- Step 0 for a Multi-party Vulnerability Coordination is Yet Another Multi-party Vulnerability Coordination
- Story Telling Through Reports
- Surviving a Ransomware Attack - Lessons from the Field
- Towards Real World Cyber Risk (Panel)
The Convention Centre Dublin, Ireland
Become a Sponsor Today!
FIRST is seeking sponsorships for its 34th annual conference on computer security and incident handling. The annual conference is by far one of the most unique international assemblies of incident response and computer security professionals. Sponsorship opportunities are limited and are on a first-come, first-served basis.
Our cybersecurity knowledge isn't just based on our internal knowledge and experience, but on what we learn from customer feedback and reports from independent and industry security researchers. We greatly appreciate our partnership with the security community to protect customers around the globe. https://aws.amazon.com/
SentinelOne (https://www.sentinelone.com/), founded in 2013 and headquartered in Mountain View, California, is a publicly-traded (NYSE:S) cybersecurity pioneer delivering autonomous security for endpoints, data centers, and cloud environments to help organizations secure their assets with speed and simplicity.
SentinelOne’s mission is to keep the world running by protecting and securing the core pillars of modern infrastructure: data and the systems that store, process, and share information. As attackers evolve rapidly in their quest to disrupt operations, breach data, turn a profit, and inflict damage, we stay a step ahead by evolving our technology and expertise.
SentinelOne serves Global and Strategic Enterprises, Mid-Market and Small-Medium Sized Businesses (SMBs), the Public Sector, Managed Service Providers (MSPs), and Managed Security Service Provider (MSSP) sales programs to meet the needs of diverse customer profiles. SentinelOne leverages a well-established channel partner and distributor program through which we service thousands of customers.
SentinelOne technology delivers autonomous, AI & machine learning-driven cybersecurity for the endpoints, data centers, and cloud environments of today’s modern enterprises. Our Solutions enable attack prevention, detection, response, and remediation across all major vectors and encompass these functions and services:
• Extended Detection Response (XDR): Provides extensible ingestion and orchestration data lakes and takes Endpoint Detection Response (EDR) to the next level with platform-native capabilities and powerful integrations that surface actionable context through AI-driven insights. Advanced EDR tooling is available for the most demanding secure operations center and incident response teams.
• Endpoint Platform Protection (EPP): Provides prevention and detection leadership with AI-powered models that defeat the most comprehensive array of attack vectors.
• Cloud Workload Protection Platform (CWPP): Provides Cloud Workload Protection Platform (CWPP) functions within the same centralized SaaS platform: a vital requirement for organizations migrating to cloud service provider-based workloads.
• Network Visibility & Control: Simplifies asset inventory and rogue IoT discovery with endpoint-integrated discovery and defense mechanisms built right into the native codebase, helping organizations gain global network visibility and control with minimal friction.
• Additional security services to complement & augment our platform Solutions, including WatchTower intelligence-led threat hunting, Vigilance Managed Detection & Response, and Vigilance Digital Forensics & Incident Response: Vigilance enlists our in-house experts to review, act upon, Singularity Signal: our open threat intelligence platform, and document every product-identified threat that puts your network and reputation at risk, so you can focus attention and resources on the strategy behind your program.
Below are some common high-level use cases for the SentinelOne Singularity platform:
• Replacement of legacy and next-generation anti-virus solutions
• Replacement of legacy and modern active and/or passive EDR solutions
• Integration with other components of your security stack
• Vendor consolidation projects aimed at reducing architectural complexity
• Vendor consolidation projects aimed at taking an OS or platform-agnostic approach to security
• Complementary security controls alongside other security stack components
Uptycs (https://www.uptycs.com/) provides the first unified, cloud-native security analytics platform that enables both endpoint and cloud security from a common solution. The solution provides a unique telemetry-powered approach to address multiple use cases—including Extended Detection & Response (XDR), Cloud Workload Protection (CWPP), and Cloud Security Posture Management (CSPM). Uptycs enables security professionals to quickly prioritize, investigate, and respond to potential threats across a company’s entire attack surface.
The tool suite behind our telemetry-powered approach consists of:
• osquery for hosts, VMs, containers
• kubequery for container orchestration systems
• cloudquery for cloud providers
• saasquery for SaaS applications (coming soon!)
• identityquery for identity providers (coming soon!)
The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow. Through knowledge sharing, capacity building and awareness raising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure. https://www.enisa.europa.eu/
Palo Alto Networks Unit 42
Palo Alto Networks Unit 42 brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence-driven, response-ready organization passionate about helping customers more proactively manage cyber risk. With a deeply rooted reputation for delivering industry-leading threat intelligence, Unit 42 has expanded its scope to provide state-of-the-art incident response and cyber risk management services. Our consultants serve as your trusted advisors to assess and test your security controls against the right threats, transform your security strategy with a threat-informed approach, and respond to incidents in record time. Visit paloaltonetworks.com/unit42.
Torq is a no-code automation and orchestration platform for security and operations. We empower frontline security teams in their journey to becoming more efficient by allowing them to automate processes using our easy workflow builder, limitless integrations, and numerous prebuilt templates. Built as an enterprise-grade software-as-a-service, Torq can be adopted with ease, delivering results within minutes, unlike traditional security automation solutions that require weeks or months of investment prior to providing value. https://torq.io/
It is great to be back at FIRST! At Amazon, we are obsessed with customer trust. Amazon maintains this by guarding the confidentiality and integrity of Amazon and customer data worldwide. Do you want to work on security challenges at unprecedented scale? Our current security career opportunities are listed at https://www.amazon.jobs/en/teams/infosec. We have several opportunities available in global locations such as Dublin, Sydney, Iasi, Bangalore, Tokyo, and several cities in the United States! Talk with us at the Expo! Whether curious about our open positions or just feeling lucky, enter to win a great prize from Amazon! https://www.amazon.jobs/en/teams/infosec
Ericsson enables communications service providers to capture the full value of connectivity. The company’s portfolio spans the business areas Networks, Digital Services, Managed Services and Emerging Business. It is designed to help our customers go digital, increase efficiency and find new revenue streams. Ericsson’s innovation investments have delivered the benefits of mobility and mobile broadband to billions of people globally. Ericsson stock is listed on Nasdaq Stockholm and on Nasdaq New York. https://www.ericsson.com
Founded in 2003, LinkedIn connects the world's professionals to make them more productive and successful. With more than 774 million members worldwide, including executives from every Fortune 500 company, LinkedIn is the world's largest professional network. The company has a diversified business model with revenue coming from Talent Solutions, Marketing Solutions, Sales Solutions and Premium Subscriptions products. Headquartered in Silicon Valley, LinkedIn has offices across the globe. https://www.linkedin.com/
Built by security practitioners, Tines is a powerful automation platform that enables security teams to focus on high-impact work. Tines bypasses the need for technical skills and delivers powerful automation straight into the hands of security teams. Tines connects every tool in your workflow in one place. Tines provides deeper incident investigation and response and only involves an analyst when a real threat is identified, allowing them to refocus on more impactful company-specific risk-reduction. Tines is designed from the ground-up to integrate with any external system without having to build an ‘integration’ and is 100% vendor-agnostic. https://www.tines.com/
The National Cyber Security Centre (NCSC) is an operational arm of the Department of the Environment, Climate and Communications (DECC). The NCSC is responsible for advising and informing Government IT and Critical National Infrastructure providers of current threats and vulnerabilities associated with network information security. The main roles of the NCSC are to lead in the management of major cyber security incidents across government, provide guidance and advice to citizens and businesses on major cyber security incidents, and develop strong international relationships in the global cyber security community for the purposes of information sharing. https://www.ncsc.gov.ie/