36TH Annual FIRST Conference BRIDGING SECURITY RESPONSE GAPS

BoFs, SIGs, & Scheduled Side Meetings

Schedule is subject to change. Please be sure to refer to the conference mobile app during conference week for the latest and most accurate times.

Monday, June 10th

Ran
3rd Floor
Sumire
3rd Floor
Koh
3rd Floor
Kei
3rd Floor
11:00 – 12:20

Security Lounge SIG Meeting (CLOSED)

TLP:GREEN
11:30 – 12:30
 US

BoF: Sharing Cyber Incident Data

Thomas Millar (CISA, US)

TLP:CLEAR
14:00 – 15:00
 IN

BoF: Digital Security Maturity Scoring System: Proposing A New Global Scoring System for Security Maturity

Rohit Srivastwa (KAS Cyber Ventures , IN)

TLP:GREEN

Law Enforcement SIG Meeting

TLP:CLEAR

14:00 – 15:20

Malware Analysis SIG Meeting

TLP:CLEAR

14:00 – 15:20

16:00 – 17:00
 AU

BoF: Challenges in Establishing Secure Software Development Culture

Dr. Pedram Hayati (SecDim, AU)

TLP:CLEAR

Tuesday, June 11th

Ran
3rd Floor
Sumire
3rd Floor
Koh
3rd Floor
Kei
3rd Floor
09:00 – 10:20

Vulnerability Coordination SIG Meeting

TLP:CLEAR
12:45 – 13:30
 US

BoF: FIRST Membership - Informational Session

Nora Duhig (FIRST.Org – FIRST Secretariat, US)

TLP:CLEAR
14:15 – 15:45

Metrics SIG Meeting

TLP:CLEAR

NETSEC SIG Meeting

TLP:CLEAR
14:30 – 15:30
 US

BoF: Cybersecurity Awareness Alone Won’t Save Us: Why Human-Centered Design is Crucial to the Future of Cybersecurity

Thomas Millar (CISA, US)

TLP:CLEAR

Wednesday, June 12th

Ran
3rd Floor
Sumire
3rd Floor
Koh
3rd Floor
Kei
3rd Floor
10:30 – 11:50

Ai Security SIG Meeting

TLP:CLEAR
12:30 – 13:15
 US

BoF: Student SIG Exploration

Nora Duhig (FIRST.Org – Secretariat, US)

TLP:CLEAR
13:15 – 14:45

Academic Security SIG Meeting

TLP:CLEAR
14:00 – 15:20

Multi-Stakeholder Ransomware SIG Meeting

TLP:CLEAR
14:30 – 15:30
 US

BoF: IEP-SIG Rejuvenation

Thomas Millar (CISA, US)

TLP:CLEAR

Thursday, June 13th

Ran
3rd Floor
Sumire
3rd Floor
Koh
3rd Floor
Kei
3rd Floor
10:30 – 11:30
 US

BoF: CISA's UN!TE Framework for Operational Collaboration - Give Us Your Feedback!

Matthew Grote (Cybersecurity and Infrastructure Security Agency, US)

TLP:CLEAR

DNS Abuse SIG Meeting

TLP:CLEAR

10:30 – 11:50

11:15 – 11:50

Traffic Light Protocol SIG Meeting

TLP:CLEAR
14:00 – 15:20

Industrial Control Systems SIG Meeting

TLP:CLEAR
17:00 – 18:00
 CZ

FIRST Standards Community Meetup

Olin Darley (Accenture, CZ)

TLP:CLEAR

Friday, June 14th

Sumire
3rd Floor
09:00 – 10:20

Cyber Threat Intelligence SIG Meeting

TLP:CLEAR
  •  AUTLP:CLEAR

    BoF: Challenges in Establishing Secure Software Development Culture

    Dr. Pedram Hayati is the Founder and CEO of SecDim, where he focuses on redefining developer engagement in security through developer-oriented wargames. As a security researcher proficient in OffSec and AppSec, he has reported thousands of vulnerabilities to Fortune 500 companies, published over 25 zero-days, and has led a global penetration testing team. Pedram lectures at the University of New South Wales, Australian Defence Force Academy. He is the founder of SecTalks.org, the largest non-profit security community in Australia. He has presented at top security conferences and hosted AppSec wargames at DEF CON, BlackHat, HITB and FirstCon.

    Security teams often find themselves racing against the clock, struggling to keep pace with the rapid evolution of software development. Meanwhile, developers, the very architects of these systems, often find themselves disengaged from the security process, merely checking off boxes to get the green light. This misalignment poses a significant challenge in an era where cyber threats loom large and vulnerabilities lurk in every line of code.

    Let's come together for a discussion where we'll explore the importance of developers actively participating in software security. We'll examine the challenges posed by mandatory developer security training and the limitations of automated security scanning tools, including the widely talked-about AI solutions. We'll uncover why these approaches often miss the mark in addressing the dynamic nature of cybersecurity threats.

    June 10, 2024 16:00-17:00

  •  USTLP:CLEAR

    BoF: CISA's UN!TE Framework for Operational Collaboration - Give Us Your Feedback!

    Matt is a Senior Lead for Cyber Defense Innovations in the Joint Cyber Defense Collaborative where his mission is to identify and support community projects that help shift advantage away from attackers and toward defenders. His career has focused on national cybersecurity policy, including strategy and operations oversight roles in CISA, the Department of Defense, and the United States Senate.

    CISA's new UN!TE framework aims to help cyber defenders understand their role in operational collaboration between organizations.

    Tackling Advanced Persistent Threats requires teamwork across many organizations nationally and internationally. UN!TE is unique from other frameworks in that it shows what actions are necessary to contribute to a national/international effort against an ATP, rather than only defending one’s own enterprise.

    CISA is seeking feedback from the FIRST community! Come provide feedback on the draft UN!TE framework to better reflect your operational realities. Let's "red team" the UN!TE framework together to make sure it can be useful for the global community!

    June 13, 2024 10:30-11:30

  •  USTLP:CLEAR

    BoF: Cybersecurity Awareness Alone Won’t Save Us: Why Human-Centered Design is Crucial to the Future of Cybersecurity

    What if we could improve cybersecurity outcomes by designing systems to nudge users to make more security-conscious decisions as they interact with these systems? It's time to augment the traditional human behavior change approach with human-centered design.

    The importance of cybersecurity education and awareness is undeniable, but simply educating users without providing built-in behavioral incentives has not been and will not be the best cybersecurity risk reduction method. We can reduce the dangers associated with human error and make cybersecurity more effective and sustainable by using human-centered design as a first layer of defense.

    June 11, 2024 14:30-15:30

  •  INTLP:GREEN

    BoF: Digital Security Maturity Scoring System: Proposing A New Global Scoring System for Security Maturity

    Seeking volunteers interested in developing a novel global security maturity scoring system, aiding organizations in fortifying their infrastructures and providing measurable scores for their efforts. The system which will guide what to do, how to do and measure how much is done.

    One measuring system that’s action oriented and easy to understand

    • CxO Friendly
    • SecOps Friendly
    • Action Oriented

    June 10, 2024 14:00-15:00

  •  USTLP:CLEAR

    BoF: FIRST Membership - Informational Session

    This BoF will be an interactive session lead by the FIRST Secretariat and the Membership Committee to assist teams applying to FIRST.  Please attend if:

    • You would like to learn more about membership/benefits of FIRST
    • Would like an overview of the FIRST application process and requirements
    • Are already working on your application and would like assistance
    • Have questions about SIM3 and would like to understand more about FIRST parameters and scoring  
    • Are an application sponsor (current member) or interested in learning more about sponsoring a team/liaison for membership

    June 11, 2024 12:45-13:30

  •  USTLP:CLEAR

    BoF: IEP-SIG Rejuvenation

    Extending from the prior work of the IEP-SIG and last year’s presentation on “UMQ? What Comes After TLP” in Montreal, this BoF session will focus on expanding how we can share information across boundaries (public, private and international) even more effectively than TLP and current editions of IEP support. Topics will include:

    • Handling
    • Action
    • Licensing
    • Requested Acknowledgment
    • And possibly more!

    June 12, 2024 14:30-15:30

  •  USTLP:CLEAR

    BoF: Sharing Cyber Incident Data

    Today we share information related to cyber incidents, via methods that are unstructured and error prone. We want to share the work we completed to solve for this so far using STIX. We look forward to discussing with those interested on how we could we can shape the work for the future to meet the global need.

    June 10, 2024 11:30-12:30

  •  USTLP:CLEAR

    BoF: Student SIG Exploration

    The FIRST Membership Committee would like to get input on starting a 'Student SIG'. Currently there is not a category of membership for students - and most do not have sponsors to apply as liaisons.

    Would like to have a discussion regarding an entry point to FIRST for students. Is a SIG the right way to proceed and what would that charter look like (what services/support can FIRST offer to students) -- and would members support the effort?

    June 12, 2024 12:30-13:15

  •  CZTLP:CLEAR

    FIRST Standards Community Meetup

    This will be a combiner meetup of the FIRST Standards Committee and the broader standards community, similar to what we did in Montreal.

    June 13, 2024 17:00-18:00

  • TLP:GREEN

    Security Lounge SIG Meeting (CLOSED)

    Closed meeting to Security Lounge SIG Members Only.

    June 10, 2024 11:00-12:20