Program Committee
Overview
FIRST is a member driven, non-profit organization with emphasis on information sharing within its global membership as well as the incident response community at large. The Program Committee is a volunteer opportunity, open to non-members and managed through an open call submission process. The Program Committee comprises members who are nominated by the Conference Program Chair and approved by the FIRST Board of Directors. Program Committee members are selected for their expertise in key areas relating to program objectives, regional balance, and previous program & content committee experience.
2026 Program Chair
Merike Kaeo is CEO and founder of Double Shot Security.
She has over 25 years of experience in pioneering Internet technology deployments and developing strategic security initiatives. Her passion for building cooperation and collaboration between operational, technical, law enforcement and policy sectors in all things related to ‘information security’ has led to many unofficial global liaison roles. In 2007, Merike was instrumental in fostering cooperation and trust among the global operational security community and the Estonian National CERT during the cyber attacks against Estonia.
Merike instigated and led the first security initiative for Cisco Systems in the mid 1990s and authored the first Cisco book on security, Designing Network Security, which was translated into multiple languages and widely used in security accreditation programs. She has held a variety of executive leadership positions and has a deep rooted history in the global Internet community.
Merike is a member of the IEEE, a pioneer member of ISOC and has been an active contributor in the IETF since 1992. She was named an IPv6 Forum Fellow in 2007 for her continued efforts to raise awareness of IPv6 related security paradigms. Merike was appointed to the American Registry for Internet Numbers (ARIN) Board of Trustees in 2016 to serve a one-year term from Jan 1, 2017 to Dec 31, 2017. From 2010-2024 she was an active member on ICANN's Security and Stability Advisory Council (SSAC) and from 2018 through 2021 served as the SSAC Liaison to the ICANN Board.
In recent years Merike has led and contributed to several global threat intelligence sharing initiatives. In 2014 she was part of the EU Network and Information Security (NIS) Working Group 2 that created guidelines and recommendations to promote the sharing of cyber threat information and incident coordination in both the public and private sectors in the EU. She was a founding co-chair of the FIRST Information Exchange Policy SIG.
Merike earned a MSEE from George Washington University and a BSEE from Rutgers University.
Merike Kaeo
Chair
Adli Wahid
APNIC, AU
Adli Wahid is a Senior Internet Security Specialist at APNIC. He has been involved in the CSIRT community for more than 10 years. His previous role includes leading Malaysia CERT (MyCERT) and working for a CERT in the financial sector. Adli is also serving board member of FIRST.Org
Andreas Bråthen
mnemonic, NO
Andreas is a seasoned Cyber Threat Intelligence (CTI) analyst and Threat Hunter (TH) with over 15 years in cybersecurity. He currently specializes in the analysis of adversary tradecraft, providing actionable intelligence for strategic and tactical use, and leading and supporting hunting programs and various intelligence initiatives for mission success.
Throughout his career, Andreas has led multiple teams in threat intelligence, detection engineering, and incident investigation. His experience includes hands-on work as a CSIRT manager for multiple organisations, and conducting CSIRT maturity assessments and advisory roles based on frameworks such as SIM3, MRD-IMC, CSF, ISO/IEC 27035, and NIST SP 800-61. Additionally, he has acted as an incident commander and forensics expert in incident response engagements involving advanced threat actors, incl. nation-state actors and organized crime groups (OCG).
He strongly advocates for intelligence-driven defense to mitigate complex cyber threats and collaborates with other CTI researchers for investigation, profiling and tracking. He is dedicated to improving detection- and hunting capabilities by deeply understanding adversary tactics and techniques, as well as refining methods for operationalizing intelligence. Andreas holds a Master’s degree in Information Security and is an active participant in Capture the Flag events, continuously honing his skills.
Apart from pivoting and dissecting threats, Andreas is found coaching young football- and chess talents in his local community.
Angela Matlapeng
BOCRA , BW
Angela is a cybersecurity professional who is enthusiastic about data-driven decisionmaking, helping organizations build cyber resilience, as well as empowering her community on how to keep safe online. With over a decade of cross-functional experience spanning cybersecurity risk, governance & compliance, domain infrastructure management & internet governance, ICT policy development & implementation, as well software development, she brings a unique blend of technical expertise, leadership, and strategic insight. Angela thrives at the intersection of people, data, and technology, for business transformation.
She holds an MSc in Business Analytics from Trinity College Dublin in Ireland (2024), as well as a BSc Honors degree in Computer Systems Engineering from University of Sunderland, UK (2015).
Angela has been working for the Botswana CSIRT for 7years at BOCRA, and in her current role as a Senior CSIRT Analyst, she has led her team in national cyber incident response & vulnerability management and threat intelligence initiatives, cyber resilience & maturity assessments, risk, compliance, & business continuity, industry-specific capacity building, as well as public safety campaigns. Angela also served as Botswana’s ccTLD Engineer, where she grew the .bw domain to more than 10,000 domains during the covid19 pandemic, implementing DNSSEC and actively combating DNS Abuse. She also drove inclusive internet policy amongst others, through a multistakeholder consultative process.
Beyond her technical role at BOCRA , She served as Vice Chairperson of the Africa Top Level Domains (AFTLD) LTD from 2019 to 2022, and actively participated in several working groups such as the ccNSO Policy Development Process (ccPDP3) on retirement of country code Top Level Domain Names (ccTLD), the DNS Abuse Standing Committee (DASC) and TLD-Ops, an incident response team for ccTLDs at ICANN, as well as the DNS Abuse Special Interest Group (SIG) at FIRST. She also actively mentors women in tech and cybersecurity and currently an envoy and mentor of the International Telecommunications Union (ITU) Women in Cyber Mentorship program.
Outside the office, Angela enjoys fencing, traveling, nature and outdoor activities, learning new languages, music, and volunteering in my community! She is currently the Chairperson of the Alumni Association of a reputable College – Botswana Accountancy College (BAC), and by virtue of this position, sits in the BAC Board where she is part of the Academic Oversight Committee as well as the Finance and Risk Advisory Committee.
Derrick Scholl
Juniper Networks, US
Derrick Scholl is the Sr. Director of Juniper Network’s Security Incident Response Team (SIRT). Derrick has been leading Product SIRTs for more than 25 years with previous positions at Oracle and Sun Microsystems.
Since attending his first FIRST conference in Chicago in 2000, Derrick has been a huge FIRST enthusiast. He’s been to every Annual Conference since and attended countless regional conferences, symposia, and TCs. He was elected to the FIRST Board of Directors in 2006 and served two terms as the Chairman of FIRST in 2007 and 2008. He stepped down from the Board in 2009 but came back to serve an additional 8 years from 2011-2019.
Because of his passion for the Annual Conference, Derrick served as the Board Liaison or Conference chair for the conferences in Berlin, Puerto Rico, and Edinburgh. Since leaving the Board, Derrick has served on the Program Committee for the last five conferences.
Enrico Lovat
Siemens, DE
Enrico Lovat received his PhD from the Technical University of Munich for his research on the topics of usage control and information flow tracking. He joined Siemens CERT in 2016 in the dual role of Incident Handler and Cyber Threat Intelligence Team Lead. In 2022 he moved to Siemens Technology as Principal Key Expert, supervising the research in technologies and innovations for cybersecurity services.
Harish Shankar
Schneider Electric, IN
Harish Shankar is currently working as Director – Head of Product Vulnerability Management in Schneider Electric. In this role, he heads Schneider Electric’s PSIRT Team which is represented as SE - Corporate Product Cyber Emergency Response Team (CPCERT) where he is responsible for defining and governing product vulnerability response.
Prior to this role, he handled Product Incident Response and has hands-on experience on Incident Response and Digital Forensics. He also held the positions of Information Security Officer for the APAC region in Schneider Electric.
Jeffrey J. Carpenter
Accuray, US
Jeffrey Carpenter has dedicated more than 30 years to improving the state of information security. In 1995, Jeffrey joined the CERT® Coordination Center at Carnegie Mellon University's Software Engineering Institute, initially as an incident response analyst, then five years later managing more than 50 technical individuals. He was instrumental in helping the U.S. Department of Defence and the U.S. Department of Homeland Security create teams to exchange incident information and indicators between government and critical infrastructure organizations. He also worked closely with the U.S. Department of Homeland Security on the formation of US-CERT, the national computer security incident response team (CSIRT) for the United States.
Jeffrey helped many other governments and regional organizations around the world establish national incident response capabilities. He founded a successful annual conference for technical staff working for CSIRTs with national responsibility to promote collaboration among these organizations. Jeffrey's active involvement in the incident response community over the years has included presenting in various forums and serving on Forum of Incident Response and Security Teams (FIRST) committees and working groups.
Jeroen van der Ham
University of Twente, NL
Jeroen van der Ham is associate professor in the Design and Analysis of Communication Systems (DACS) group at the University of Twente. He enjoys interdisciplinary research, bridging the gap between theory and practice, and is a proud member of the FIRST community. His research focuses on vulnerability prioritisation and management, incdent response, the many developments in coordinated vulnerability disclosure and ethics of cybersecurity and computer science.
Justin Murphy
CISA, US
Justin Murphy is a Vulnerability Analyst with the Cybersecurity and Infrastructure Security Agency (CISA). He helps to coordinate the remediation, mitigation, and public disclosure of newly identified cybersecurity vulnerabilities in products and services with affected vendor(s), ranging from industrial control systems (ICS), operational technology (OT), medical devices, and traditional information technology (IT) vulnerabilities. Justin is involved with many other vulnerability management related efforts, including CISA's Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) work, and he serves as a co-chair for the OASIS Common Security Advisory Framework (CSAF) and OpenEoX Technical Committees. Justin is also the co-founder of the Global Community of Practice on Coordinated Vulnerability Disclosure (Global CVD-COP). Justin is a former high school mathematics teacher turned cybersecurity professional and has a M.Sc. in Computer Science from Tennessee Technological University, and a B.Sc. degree in Statistics from the University of Tennessee (Knoxville).
Krassimir Tzvetanov
Hydrolix/Purdue University, US
For the past five years Krassimir Tzvetanov has been a graduate student at Purdue University focusing on Homeland Security, Threat Intelligence, Operational Security and Influence Operations, in the cyber domain. Before that, Krassimir was a security engineer at a small CDN, where he focused on incident response, investigations and threat research. Previously he worked for companies like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation, product security. Before that Krassimir held several operational (SRE) and security positions at companies like Google and Yahoo! And Cisco. Krassimir is very active in the security research and investigation community and has contributed to FIRST SIGs. He is also a co-founder and ran the BayThreat security conference, and has volunteered in different roles at DefCon, ShmooCon, and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications), Masters in Digital Forensics and Investigations, and Masters in Homeland security.
Lawrence Muchilwa
FIRST, KE
Mr. Lawrence Muchilwa is a highly accomplished professional in the fields of cybersecurity, IT operations, strategy, policy, and stakeholder engagement, with a particular focus on National CSIRTs, critical information infrastructure, cyber threat intelligence, and incident response management. Building on his academic background in Information Systems Technology, and Computer Science, he has over a decade of experience in diverse roles such as senior consultant, subject matter expert, lead trainer, and departmental head. He is currently the African Regional Liaison for the Forum of Incident Response and Security Teams and lead the Research and innovation working group at the Kenya Cybersecurity and Forensics Association.
Lisa Lobmeyer
Security Research Labs, DE
Lisa Lobmeyer works as a Lead Security Consultant at Security Research Labs. She is an experienced DFIR-Specialist, leading and building teams that help organizations affected by IT security incidents while at the same time trying to minimize the impact by upping organizations' Cyber Defense capabilities.
Mars Cheng
TXOne Networks PSIRT, TW
Mars Cheng (@marscheng_) is the Head of Cyber Threat & Product Defense Center at TXOne Networks Inc., responsible for leading the three subgroups under the center, including PSIRT, Advanced Threat Research, and Threat Operation. Additionally, he serves as the Executive Director of the Association of Hackers in Taiwan (HIT/HITCON), General Coordinator of HITCON CISO Summit 2025, and review board member of HITCON conference; he plays a pivotal role in fostering collaboration between enterprises and government entities to strengthen cybersecurity. His expertise encompasses ICS/SCADA systems, malware analysis, threat intelligence and hunting, blue team, and enterprise security. A seasoned speaker, Mars has delivered over 60 presentations at international cybersecurity conferences, including Black Hat USA, Europe, and MEA, RSA Conference, DEF CON, CODE BLUE, FIRST, HITB, HITCON, Troopers, NOHAT, SecTor, S4, SINCON, ROOTCON, among others. He has successfully organized several notable HITCON events, such as the HITCON CISO Summit in 2024 and 2023, HITCON PEACE 2022, and HITCON 2021 and 2020.
Martin Johannes Nagel
Niantic, Inc. , CH
Martin Nagel is Head of Incident Response at Niantic, with 25+ years of experience in security across the financial, technology, and gaming industries. He leads global incident response, threat detection, and digital forensics initiatives. Martin holds an MSc in Cybersecurity from the Cork Institute of Technology (MTU) and is an active member of FIRST’s Multi-Stakeholder Ransomware SIG. He also helps organize and volunteers at Swiss security conferences, including Area41 and BSides Switzerland.
LinkedIn profile: https://www.linkedin.com/in/martin315/
Milan Pikula
SK-CERT, SK
Milan is the head of SK-CERT, Slovakia's national CSIRT team. He has been active in cybersecurity, software development, Unix/Linux, and networking for 30 years. His expertise lies in technical topics such as low-level programming, penetration testing, malware analysis, building CSIRT capabilities, and troubleshooting. He has co-authored several projects, including the security framework in the Linux OS kernel and the TCP/IP stack in Z80 assembler. In his spare time, he teaches courses on binary vulnerabilities and forensic analysis at the Faculty of Informatics and Information Technologies at the Slovak University of Technology (STU). Milan has not missed a FIRST annual conference since 2018 and served on the Program Committee for the 2023 annual event in Montreal.
Morton Swimmer
Trend Micro, DE
Dr. Morton Swimmer is a researcher in the Forward-Looking Threat Research (FTR) team in Trend Micro Research. His focus is on future threats, especially Web3, machine learning and quantum computing.
Olivier Caleff
csirt.fr, FR
Olivier CALEFF is a FIRST Liaison member in the FIRST community, and is a member of the Board of Directors at FIRST. He has been involved in incident management and CSIRT-related organizations (FIRST, TF-CSIRT, CSIRTs Network, InterCERT-FR) since 1996. He contributed to bootstrap CSIRTs in France since 2005 and performed FIRST site visits since 2013. He is an advocate of OpenCSIRT Foundation’s SIM3 (Security Incident Management Maturity Model), and a SIM3 Certified Auditor. He also contributes to various SIGs. Olivier CALEFF is currently a Cyber Resilience and CSIRT Expert at ERIUM. He previously worked for SANODI, global healthcare supplier, and CERT-FR – the French governmental CSIRT. He has been teaching security for 30 years in French and English, including the delivery of TRANSITS and FIRST security trainings.
LinkedIN profile: https://www.linkedin.com/in/caleff/
Sergio H. Guivala
National Institute of ICT , MZ
Shinichi (Shin) Adachi
Consulting Business, US
Shin Adachi is a distinguished incident responder with extensive global experience, having worked across the East and West coasts of the United States, Japan, and various Asia Pacific countries.
He has been active in FIRST community by contributing to various Committees and special interest groups. He has also actively contributed to, or spoke at other renowned security communities, including ENISA, NIST, ITU-T, Liberty Alliance, Infosec Taiwan, Asia PKI Consortium, and a notable public-private partnership. He holds CISSP, CISM, CISA, and PMP.
Stephen Cudjoe-Seshie
Cyber Security Authority, GH
Stephen is a versatile Technology Manager with over twenty years of experience in ICT infrastructure strategy, planning, design, deployment, and operations. He is currently the Ag. Deputy Director-General at the CSA with responsibility for technical operations encompassing the national CERT operations, critical information infrastructure protection, cybersecurity technology standards development, law enforcement liaison activities, and IT services. He holds an MBA in Engineering Management from Coventry University, UK and a Bachelor of Engineering (Hons.) in Electronics Engineering from the Multimedia University, Malaysia. He is a co-founder and current President of the Ghana Chapter of ISC2. The Chapter has been selected as the 2025 ISC2 Global Achievement Award recipient for the ISC2 Chapter Recognition Award in the EMEA region.
Sung-ting Tsai
TeamT5, TW
Tsai Sung-Ting (TT) is the founder and CEO of TeamT5. The company is dedicated to providing top-tier threat intelligence and endpoint threat-hunting solutions, guided by a customer centric philosophy.
With over 20 years of deep involvement in the cybersecurity field and community, TT specializes in Advanced Persistent Threats (APT) and threat intelligence research across the Asia- Pacific region. He has extensive hands-on experience in developing cybersecurity solutions and has discovered and disclosed multiple CVE vulnerabilities. He has also been invited to speak at numerous internationally renowned cybersecurity conferences, including the world's premier hacker event, Black Hat, CODE BLUE, etc.
TT has long served as a cybersecurity advisor to several government agencies, offering strategic guidance on issues such as critical infrastructure protection and supply chain attacks. He currently serves as Vice President of the Taiwan Digital Defense Consortium and Chairman of the NextGen Cybersecurity Innovation Association, actively contributing to the growth of the cybersecurity community and industry.
He is also the co-founder and first chief director of HITCON (Hacks in Taiwan Conference), where he has played a key role in nurturing and expanding Taiwan's hacker community.
Susan Ballestero
US Bank, IE
Tim Myers
National Cyber Security Centre, NZ
Tim Myers is the Principal Advisor for Incident Response in the Pacific Partnerships Team at NCSC New Zealand, where he focuses on delivering meaningful and impactful cyber capacity building in the region. Tim also served as a Digital Forensic Analyst within the New Zealand Police where he conducted digital forensic investigations related to serious crime, fraud and cybercrime. Building on his experience, Tim is dedicated to improving cyber security capabilities in the Pacific through fostering Pacific-led initiatives and capacity building activities.
Tobias Dussa
DFN-CERT Services GmbH, DE
Tobias holds an MSc in Computer Science, specializing in Systems Security, Cryptography, and Networking. After working as a sysadmin at the Scientific Supercomputing Centre Karlsruhe (SSCK) since 2004, he became a founding member of the Karlsruhe Institute of Technology's CERT (KIT-CERT) in 2008, which he headed as team lead from 2011 to 2018. Since 2020, he is a senior analyst and team leader of the Cyber Threat Intelligence team at DFN-CERT the German NREN CERT. He is also a member of the EGI CSIRT and the eduGAIN CSIRT as well as a founding member of SAFER.
Tom Millar
CISA, US
Tom Millar has served in CISA for 15 years, working to strengthen the agency's information sharing capabilities, increasing the level of public, private and international partner engagement, and supporting initiatives to improve information exchange by both humans and machines, such as the standardization of the Traffic Light Protocol and the development of the Structured Threat Information eXpression. Prior to his cybersecurity career, he served as a linguist with the 22nd Intelligence Squadron of the United States Air Force. Mr. Millar holds a Master's of Science from the George Washington University and is a Distinguished Graduate of the National Defense University's College of Information and Cyberspace.
Trey Darley
BE
Trey Darley began his career as a teenage sysadmin and, with much help along the way, became a respected cybersecurity practitioner, technical diplomat, and occasional standards leader. He co-founded the FIRST Standards SIG, co-chaired the STIX/TAXII technical committee, and has advised governments and CERTs worldwide on information sharing and incident response. A longtime voice on the Year 2038 problem, he co-founded the Epochalypse Project to raise awareness of its global risks. He brings both technical depth and community experience to the FIRST Program Committee, committed to curating a 2026 conference that strengthens resilience across our shared problem space through the application of science. Brussels-based, he runs Proper Tools srl, a consultancy focused on infrastructure resilience.
Ulf Bremer
Juniper Networks, DE
Ulrich Stadie
Energy Baden-Württemberg AG (EnBW), DE
Ulrich holds an MSc in Computer Sciences (main topics: forensic, security and robotics). After serving in the German Navy as a Naval Flight Officer for 15 years and completing his universal degree, he joined the KIT-CERT of the KIT (Karlsruher Institute of Technology in Karlsruhe, Germany) from 2011 to 2019. Since 2019 he is a senior IT security manager at the "Energie Baden-Württemberg AG" (EnBW; German energy provider and power authority) and is one of two team leaders of the EnBW-CERT.