35th Annual FIRST Conference | Empowering Communities

Program Committee


FIRST is a member driven, non-profit organization with emphasis on information sharing within its global membership as well as the incident response community at large. The Program Committee is a volunteer opportunity, open to non-members and managed through an open call submission process. The Program Committee comprises of 20 members who are nominated by the Conference Program Chair and approved by the FIRST Board of Directors. Program Committee members are selected for their expertise in key areas relating to program objectives, regional balance, and previous program & content committee experience.

We are no longer accepting Program Committee volunteers for the 2023 conference.

2023 Program Chair

Edward "Ted" Norminton (CCCS) manages the Operational Relationships team for the Canadian Centre for Cyber Security, promoting domestic and international cooperation. Over his 30-year career he has been a programmer, database designer, business analyst and during major part of the past decade has focused on operational coordination and cyber planning for major events, as well as providing practical advice for cyber policy makers in the government of Canada. Ted is an active member of the Traffic Light Protocol SIG and looks forward to chairing the 2023 annual FIRST conference in Montreal.

2023 Program Committee

  • Adli Wahid

    APNIC, AU 

    Adli Wahid is a Senior Internet Security Specialist at APNIC. He is an active member of the security community and involved in many capacity development project. Adli is currently the lead for the APNIC Community Honeynet Project. Prior to joining APNIC, he had served the Bank of Tokyo Mitsubishi-UFJ & the Malaysia CERT (MYCERT).

  • André Oosterwijk

    KPN, NL 

    My name is André Oosterwijk and I work as a Senior Security Specialist – Incident Response at KPN CERT. I have worked in the public sector from 1997-2015 in different roles related to Incident response and security analysis at the Ministry of Defense and the National Cyber Security Centre (NCSC-NL). The 1st FIRST conference I attended was in 2007 - Seville. And have been an active member of the community throughout the years. Since 2019 I have a seat in the Steering committee of TF-CSIRT, currently residing under the OpenCSIRT Foundation.

    From 2015-2017 I worked in the private sector for several multinational companies on Incident Response/Forensics and SOC/CSIRT deployment. Since 2017, I am employed at the Dutch telco KPN as part of the KPN-CERT team.

  • Brian Honan

    BH Consulting & IRISSCERT, IE 

    Brian Honan CEO of BH Consulting, a world leading consulting firm in the areas of cybersecurity and data protection, and he is a recognised internationally as an expert on cybersecurity. He has acted as a special advisor to Europol's Cybercrime Centre (EC3), he is founder and head of IRISSCERT which is Ireland's first CERT, and sits on the advisory board for several innovative security companies. Brian is the author of several books and regularly contributes to various publications. For his contribution to the cybersecurity industry Brian was inducted into the Infosecurity Hall of Fame and has also been awarded the "SC Magazine Information Security Person of the Year."

  • Carlos Friaças


    Carlos was born in Lisbon (Portugal), and graduated in Computer Science at the University of Lisbon in 1999. He was a Systems Engineer at University of Lisbon from 1996 to 2000 -- with a short spell at FCCN, working for the Portuguese Schools' Network Team and ccTLD .PT. Back to FCCN during 2000, he managed the Portuguese Internet Exchange (Gigapix) for 15 years, participating at Euro-IX (euro-ix.net), while also contributing to the Networking Team, responsible for AS1930's backbone. Over the years Carlos has delivered IPv6 courses (around Europe and Portuguese speaking countries in Africa) and also some talks at TERENA Networking Conferences and RIPE meetings. He is also a co-author of several policy proposals. Since late 2015 he moved into CyberSecurity, taking a leadership role at RCTS CERT, the Portuguese R&E Network's Computer Emergency Response Team. From 2016 to 2018 he was the Chairman of the Portuguese CSIRT Network's General Assembly (redecsirt.pt). He was also LinhaAlerta's manager between 2016 and 2018, and represented the portuguese Hotline at the INHOPE Association (inhope.org). He now usually attends FIRST, TF-CSIRT and RIPE meetings, mostly focusing on incident response and anti-abuse issues.

  • Chung Kuan 'CK' Chen


    Chung-Kuan Chen is currently a senior researcher in CyCraft, and responses for organizing research team. He earned his PHD degree of Computer Science and Engineering from National Chiao-Tung University (NCTU). His research focuses on cyber attack and defense, machine learning, software vulnerability, malware and program analysis. He tries to utilize machine learning to assist malware analysis and threat hunting, and build automatic attack and defense systems. He has published several academic journal and conference papers, and has involved in many large research projects from digital forensic, incident response to malware analysis. He also dedicates to security education. Founding of NCTU hacker research clubs, he trained students to participate world-class security contests, and has experience of participating DEFCON CTF (2016 in HITCON Team and 2018 as coach in BFS team). He organized BambooFox Team to join some bug bounty projects and discover some CVEs in COTS software and several vulnerabilities in campus websites. Besides, he has presented technical presentations in technique conferences, such as BlackHat, HITCON, HITB, RootCon, CodeBlue OpenTalk, FIRST and VXCON. As an active member in Taiwan security community, he is in the chairman of HITCON review committee, and ex-chief of CHROOT - the top private hacker group in Taiwan.

  • David Durvaux

    European Commission, BE 

    David is leading the incident response team of the European Commission (EC DIGIT CSIRC) for 4 years. He is active in the incident response community and FIRST especially for more than a decade.

  • Derrick Scholl

    Juniper, US 

    Derrick Scholl is the Sr. Director of Juniper Network’s Security Incident Response Team (SIRT). Derrick has been leading Product SIRTs for more than 20 years with previous positions at Oracle and Sun Microsystems.

    Since attending his first FIRST conference in Chicago in 2000, Derrick has been a huge FIRST enthusiast. He’s been to every Annual Conference since and attended countless regional conferences, symposia, and TCs. He was elected to the FIRST Board of Directors in 2006 and served two terms as the Chairman of FIRST in 2007 and 2008. He stepped down from the Board in 2009 but came back to serve an additional 8 years from 2011-2019.

    Because of his passion for the Annual Conference, Derrick served as the Board Liaison or Conference chair for the conferences in Berlin, Puerto Rico, and Edinburgh. Since leaving the Board, Derrick has served on the Program Committee for the last two conferences.

  • Egon Lampert

    Swisscom (Schweiz) AG, CH 

    Egon Lampert is a Senior Security Analyst and Incident Responder at Swisscom’s internal CSIRT. Prior to Swisscom, Egon was working in CSIRTs within the Swiss financial sector. Next to Incident Handling and Digital Forensics, he is passionate about Automation and Containerization.

  • Eireann Leverett

    Concinnity Risks, GB 

    Eireann Leverett is CTO of Waratah Analytics, and a has an interest in quantitative risk within the digital forensics and incident response community. He has written academic papers on vulnerability forecasting, ransomware, ddos, cyber insurance, liability and the internet of things, and industrial systems. He is a proud FIRST member, and looks for collaborative research capturing cyber problems from a interdisciplinary perspective.

  • Jeffrey J. Carpenter

    Secureworks, US 

    Jeffrey Carpenter has dedicated more than 35 years to improving the state of information security. In 1995, Jeffrey joined the CERT® Coordination Center at Carnegie Mellon University's Software Engineering Institute, initially as an incident response analyst, then five years later managing more than 50 technical individuals. He was instrumental in helping the U.S. Department of Defence and the U.S. Department of Homeland Security create teams to exchange incident information and indicators between government and critical infrastructure organizations. He also worked closely with the U.S. Department of Homeland Security on the formation of US-CERT, the national computer security incident response team (CSIRT) for the United States. Jeffrey helped many other governments and regional organizations around the world establish national incident response capabilities. He founded a successful annual conference for technical staff working for CSIRTs with national responsibility to promote collaboration among these organizations. Jeffrey's active involvement in the incident response community over the years has included presenting in various forums and serving on Forum of Incident Response and Security Teams (FIRST) committees and working groups. Jeffrey currently is the Secureworks Senior Director of Incident Response Consulting and Threat Intelligence.

  • Jorge Merchan

    CEDIA, EC 

    Jorge Merchán, cybersecurity specialist in CEDIA's CSIRT, experience in Project Management, Research, Security Control, Identity Management, QA Security (SAST/DAST), SecDevOps, Ethical Hacking, Hardening, Event and Incident Management of IT Security, Regulations (ITIL, ISO 27001/27002, 27701, GDPR), passionate about technology, cybersecurity, information security, IT security.

  • Konrads Klints

    KPMG, SG 

  • Lisa Bradley


    Dr. Lisa Bradley is the Director of Product & Application Security at Dell Technologies focusing on Vulnerability Response & Customer Trust. In this role, she oversees the Product Security Incident Response Team (PSIRT) where she defines and drives vulnerability response and builds customer trust into the core of product and application security practices. Lisa has 20 years of Enterprise-class engineering and leadership experience including over eight years leading PSIRT programs for NVIDIA and IBM. Lisa is part of the FIRST PSIRT Sig and contributed to the FIRST PSIRT Services Framework, training, and PSIRT Maturity document. Lisa has spoken at many tech-related events including FIRST, BSIMM, DerbyCon, DEF CON, ISACA and Security Journey. Lisa enjoys spending time with her three children and teaching as an adjunct professor at local universities.

  • Lucimara Desiderá

    CERT.br / NIC.br, BR 

    Lucimara is a Security Analyst at CERT.br/NIC.br where she works in the areas of Outreach and Internet Security Awareness. She is also co-Chair of the Latin American and Caribbean Anti-Abuse Working Group (LAC-AAWG). Her activities include building awareness and fomenting the adoption of Internet Security best practices, as well as developing new best practices and supporting materials, working in cooperation with other incident response teams, with international organizations (such as LACNIC, LACNOG, FIRST and M3AAWG) and with different Internet sectors in Brazil. She has been speaker and program committee member at several national and international conferences. She is the Program Committee Chair for the 32nd Annual FIRST Conference (2020).

  • Mark T. Zajicek

    CERT/CC, Software Engineering Institute, Carnegie Mellon University, US 

    Mark Zajicek is a Member of the Technical Staff in the CERT Monitoring and Response directorate in the world-renowned CERT Division at Carnegie Mellon University’s Software Engineering Institute (SEI). Zajicek’s current work is focused on helping other organizations to build their own computer security incident response team (CSIRT) or incident management capability. As a member of the CERT CSIRT Development and Training team, Zajicek is responsible for providing guidance to new and existing CSIRTs worldwide. He has co-developed a variety of documents and training materials, and he is an instructor for a suite of several courses that provide training for CSIRT managers and technical staff. Previously, Zajicek was the Daily Operations team leader for the CERT Coordination Center (CERT/CC), after having joined the CERT/CC’s incident handling staff in 1992. Prior to joining the CERT/CC, he was a user consultant for the Computing Facilities group at the SEI. Zajicek also helped support the CERT/CC during its initial start-up in 1988.

  • Martin Roesler

    Trend Micro, DE 

    Martin is a veteran in IT Security. After his university degree in civil engineering, he right away started as a programmer and system engineer, then had multiple lead functions and since >20 years he is employed by Trend Micro. He founded the “Virus Help Munich” 1992 and is working in the field of Security since then. He is heading the Forward looking Threat Research team (FTR) at TREND MICRO and in this function working with CERTs and law enforcement around the globe. He is attending FIRST conferences since 2009, participated in the PC 2020 and his team is an active contributor to all FIRST events and activities.

  • Milan Pikula

    SK-CERT, SK 

    Milan had the privilege of observing the transition of a society from paper to the IT era, not only from the above but as a directly involved person. His main areas of passion are software development, Unix/Linux, networks, and cyber security. His past software projects include developing a large-scale Linux kernel security project, a TCP/IP stack for ZX Spectrum, and many more.

    Currently, he is a Deputy Director at National Cyber Security Center SK-CERT in Slovakia. He enjoys the variety of tasks the position provides, including local tooling development and several international projects. His many side jobs include teaching exploitation techniques at the Slovak University of Technology.

  • Nguyen Huu Nguyen


    • Education & skills certificates:
      • Physical Sciences Bachelor, graduated in 1990)
      • Engineering Master in Telecommunications, graduated in 2003
      • Certified Information System Auditor (CISA), 2022
    • Work experience:
      • Dalat University lecturer: 1990-1993
      • Informatics Engineer, specialist, managers positions in Lam Dong Posts and Telecommunications of Vietnam: 1994-2008
      • CEO at businesses at Ho Chi Minh city, Vietnam: 2009-2014
      • Branch manger, deputy director of Vietnam Cybersecurity Emaergency Response Team / Coordination Center (VNCERT/CC), formerly was Vietnam Computer Emergency Response Team (VNCERT): 2014-now
    • Live in Ho Chi Minh city of Vietnam
    • Married, 2 sons.
  • Ruben Olague

    Santander, ES 

    Ruben is a cyber security professional with more than 20 years of experience in the field. He has held different roles at Telecom, Gov, and Financial industries in investigations (cyber, ethics, fraud), incident response, cyber exercises, and readiness, among others, being grateful for having led multicultural teams at different countries and regions. He is an Information Systems engineer and MBA, graduated from Tec de Monterrey (Mexico). Ruben has also achieved multiple certifications, such as CISSP, EnCE, GSTRT, GCIH, etc. After a short season in Dublin, he’s now living with his family and dog in Madrid, enjoying the great Spanish cuisine, trekking routes, and better weather.

  • Ryusuke Masuoka

    Fujitsu System Integration Laboratories, JP 

    Dr. Ryusuke Masuoka is a research principal at Fujitsu System Integration Laboratories LTD (FSI), working on Cyber Security. Over 30 years, he has conducted research in neural networks, simulated annealing, agent system, pervasive/ubiquitous computing, Semantic Web, bioinformatics, Trusted Computing, Software/Security Validation, Cloud Computing, Smart Grid, the Internet of Things, Cyber Security Policy, and Cyber Security. He also led numerous standardization activities and collaborations with universities, national and private research institutes, and startups. He is an ACM senior member and an IEEE senior member.

  • Shin Adachi


    CISSP, CISM, CISA and PMP. A seasoned incident responder for decades with the Internet Protocol based information systems design and administration experience for decades, including carrier grade multinational networks as well as multinational corporate IT. Based in Silicon Valley now after living and working experience in both east and west coast of the United States, Japan and other APAC, and Europe in my life.

  • Thomas V. Fischer

    Riot Games, IE 

    Thomas has over 30 years of experience in the IT industry ranging from software development to infrastructure & network operations and architecture to settle in information security. He has an extensive security background covering roles from incident responder to security architect at fortune 500 companies, vendors and consulting organisations. He is currently security advocate and threat researcher focused on advising companies on understanding their data protection activities against malicious parties not just for external threats but also compliance instigated.

    Thomas is also an active participant in the InfoSec community not only as a member but also as director of Security BSides London, ISSA UK chapter board member and speaker at events like SANS DFIR EMEA, DeepSec, Shmoocon, and various BSides events.

  • Tom Behaeghe

    CERT.be / Centre for Cyber Security Belgium (CCB), BE 

  • Ulrich Stadie

    Energie Baden-Wuerttemberg EnBW, DE 

    Ulrich holds an MSc in Computer Sciences (main topics: forensic, security and robotics). After serving in the German Navy as a Naval Flight Officer for 15 years and completing his universal degree, he joined the KIT-CERT of the KIT (Karlsruher Institute of Technology in Karlsruhe, Germany) from 2011 to 2019. Since 2019 he is a senior IT security manager at the "Energie Baden-Württemberg AG" (EnBW; a German energy provider and power authority) and is one of two team leaders of the EnBW-IT-CERT.

  • Vasileios Mavroeidis

    University of Oslo, NO 

    Dr. Vasileios Mavroeidis is a Cybersecurity Scientist and Educator at University of Oslo specializing in the domains of security automation and cyber (threat) intelligence. He has been involved in different European (CEF, Horizon 2020, and Horizon Europe) and National (Norwegian) cybersecurity research and innovation projects and has authored numerous scientific papers and technical reports contributing to the body of knowledge. Vasileios is a member of ENISA's Cyber Threat Landscapes ad-hoc working group and Cybersecurity Playbooks task force. He is actively involved in cybersecurity standardization with contributions to a multitude of standards (e.g., OpenC2, CACAO, and STIX/TAXII) and is currently co-chairing the OASIS Threat Actor Context technical committee.