2026 Program Committee

FIRST is a member driven, not-for-profit organization with emphasis on information sharing within its global membership as well as the incident response community at large. The Program Committee is a volunteer opportunity, open to non-members and managed through an open call submission process. Program Committee members are selected for their expertise in key areas relating to program objectives, regional balance, and previous program & content committee experience.

About the Program Chair:

Cassi Rodano Cassi Rodano is a leader in the PSIRT at Dell Technologies. She leads a team that drives the end-to-end vulnerability response process, collaborating with global teams and product owners to execute Dell's vulnerability response strategy. Her focus is on modernizing PSIRT operations through standardization and automation, while building customer trust. Before joining Dell, she worked in product security at an industrial control systems (ICS) company, where she coordinated vulnerability response workstreams. In her free time, Cassi enjoys conquering virtual worlds in the video game Civilization.


Program Committee Overview

  • Bryon Gloden

    Gloden Cybersecurity Solutions LLC, US 

    Bryon Gloden is a cybersecurity architect with deep expertise in product and software security across regulated and unregulated domains. He is Founder & CEO of Gloden Cybersecurity Solutions LLC, a consultancy focused on vulnerability management, SBOM automation, and cybersecurity strategy for industries including financial services, utilities, and the public sector. In parallel with his consultancy, Bryon has built extensive experience in the biotech and medical device space, where he has led threat modeling, cybersecurity risk assessments, and secure design practices for FDA-regulated software and systems. He is particularly passionate about advancing vulnerability disclosure practices, secure development lifecycles, and aligning industry standards with real-world product security challenges.

  • David Ormrod

    Cygence, AU 

    Dr Dave Ormrod has over 25 years of experience developing and implementing strategies to defend organisations from online threats. Dave is experienced in managing blue, red and purple cybersecurity teams against advanced persistent threats, working to enhance the resilience of agencies and enterprises. Dave has extensive experience developing incident response, cyber threat intelligence and cyber security capabilities. Dave has worked in Cybersecurity Incident Response Teams and Cyber Protection Teams. Dave is a long-term member of the Information Security Registered Assessors Program (IRAP) and trainer. Dave has worked with European, United States (US), United Kingdom (UK) and Australian government representatives.

  • Derrick Scholl

    Juniper Networks, US 

    Derrick Scholl is the Sr. Director of Juniper Network’s Security Incident Response Team (SIRT). Derrick has been leading Product SIRTs for more than 25 years with previous positions at Oracle and Sun Microsystems.

    Since attending his first FIRST conference in Chicago in 2000, Derrick has been a huge FIRST enthusiast. He’s been to every Annual Conference since and attended countless regional conferences, symposia, and TCs. He was elected to the FIRST Board of Directors in 2006 and served two terms as the Chairman of FIRST in 2007 and 2008. He stepped down from the Board in 2009 but came back to serve an additional 8 years from 2011-2019.

    Because of his passion for the Annual Conference, Derrick served as the Board Liaison or Conference chair for the conferences in Berlin, Puerto Rico, and Edinburgh. Since leaving the Board, Derrick has served on the Program Committee for the last five conferences.

  • Jay Jacobs

    Empirical Security, US 

    Jay is a Co-founder and Chief Data Scientist at Empirical Security and Chief Data Scientist Emeritus at Cyentia Institute. Jay is also the lead data scientist for the Exploit Prediction Scoring System (EPSS) and is co-chair of the EPSS special interest group at FIRST. He is also a co-founder of the Society for Information Risk Analysts (SIRA), a not-for-profit association dedicated to advancing risk management practices where he served on the board of directors for several years. Finally, Jay is a co-author of “Data-Driven Security”, a book covering data analysis and visualizations for information security professionals.

  • Jean-Robert Hountomey

    Broadcom, US 

    Jean-Robert Hountomey works as a Cybersecurity and Product Security researcher for a global technology leader with more than two decades of practice. His investigation areas include Cybersecurity Health and Maturity, Product Security, Privacy Engineering, Secure Software Development Life Cycle, Incident Management, Vulnerability Research, and Technology Policy.

  • Jeffrey Guerra

    GitHub, US 

    Jeff Guerra is a Sr. Security Analyst at GitHub who enjoys vulnerability management, bounties, application security, and much more. He is an avid advocate for vulnerability disclosure programs and the effectiveness and community engagement that comes with it. He's a curious and passionate security professional who loves to talk all things security, with an emphasis in tackling vulnerabilities at scale. He loves watching and playing soccer and has recently begun his journey into time-attack track events. He's a huge car enthusiast and recently began learning to modify cars for the track and daily use.

  • Jyoti Wadhwa

    NetApp (past), US 

    Jyoti Wadhwa is a seasoned cybersecurity and transformation leader with 20+ years of global experience, most recently as Global Head of Product and Cloud Security at NetApp. A certified CISSP, HCISPP and AWS CCP with an MIT Executive Certificate in Transformative Leadership and an MBA in Information Systems, she is passionate about mentoring and helping families and young people translate their skills into meaningful careers in technology and security.

  • Ken Lee

    Independent Security Advisor, TW 

    Ken Lee is a security professional who serves as both an Independent Security Advisor and a Security Consultant at Amazon Web Services. He provides vulnerability response and cloud security governance consulting expertise in his independent role. Prior to AWS, Ken was the Product Security Officer at Synology, where he led the Bug Bounty Program and Security Incident Response Team, overseeing critical security operations across the organization. Ken's industry leadership includes serving on the program committee of the 36th Annual FIRST Conference. He has been an active contributor to the security community, sharing his expertise in Product Security and CVE Program management through speaking engagements and community initiatives.

  • Lucas Tamagna-Darr

    Tenable, US 

    Lucas Tamagna-Darr is a Senior Director with Tenable's Research organization. With over 16 years of experience in Vulnerability Management as both a Researcher and now an engineering leader, focuses on automating vulnerability coverage and expanding contextual intelligence to help drive better prioritization decisions for organizations.

  • Maggie Morganti

    Worldpay, US 

    Maggie Morganti is a seasoned leader in cyber-physical and industrial cybersecurity, currently serving as Senior Director of Product Security at Worldpay. With a career grounded in securing complex systems across energy, automation, and critical infrastructure, Maggie has shaped strategies that enhance resilience, visibility, and threat response in operational environments. Notably, she has directly led and assisted in leading multiple responses for APT custom malware against industrial control systems, including PIPEDREAM. Before joining Worldpay, she served as Product Security Research Manager at Rockwell Automation and held pivotal roles in product security at Schneider Electric. Her early career included safeguarding critical energy systems at Oak Ridge National Laboratory and analyzing real-world threats with Mandiant’s Cyber‑Physical Threat Intelligence team. Maggie is featured on RSAC’s expert roster, co-chairs the Device Security & Accessibility Program Committee, and continues to drive critical conversations on diversity, ICS policy, and proactive cyber risk governance. Her work unites technical rigor with leadership, forging secure-by-design paths for the future of industrial cybersecurity.

  • Mayuresh Dani

    Qualys, US 

    Mayuresh Dani is a cybersecurity professional specializing in threat research, detection engineering and vulnerability research. He is passionate about all things inter-networked and possesses an intellectual curiosity in secure computing and emerging technologies. His endeavors to emphasize the importance of sufficient risk quantification, proactive threat detection and the development of robust security measures to protect against complex cyber attacks by providing more effective tools and methodologies for detecting, simulating, and mitigating cyber threats.

  • Samuel Cordoba

    Smartsoft, US 

    CISSP certified with 12+ years of experience in cybersecurity, including 5+ years in leadership roles across Finance, Government, assurance, and Oil & Gas sectors. Consistently driving needle-moving initiatives. Led cybersecurity awareness initiatives and training for 2,000+ government employees and represented a major energy company in national cyber defense initiatives. Strengths include providing cybersecurity thought leadership and counsel, understanding business culture, audience, and climate. Proven expertise in Governance, Risk management, and compliance (GRC), incident response, cloud security, and AI integration.

  • Takayuki Uchimura

    Panasonic Holdings Corporation, JP 

    Takayuki Uchiyama is a member of Panasonic PSIRT. Main roles are the handling of vulnerabilities, creating and conducting product security training to product developers and providing assistance to product development teams. Aside from his role in Panasonic, Takayuki has been a CVE Board Member since 2016. Prior to joining Panasonic, he worked at JPCERT/CC, where his main tasks involved the coordination of vulnerability reports with PSIRTs, taking part in various discussions groups related to the identification / analysis / coordination / disclosure of vulnerabilities.

  • Vaman Kini

    World Bank Group, US 

    Vaman Kini is a Senior Information Security Officer with the World Bank Group’s Office of Information Security, managing the Security Operations portfolio for a large, global enterprise. He oversees a 24×7 SOC, threat intelligence, threat hunting, incident response, and the organization’s vulnerability disclosure program. With more than two decades of combined uniformed and civilian service leading mission-critical security operations, he brings a leadership lens to enterprise cyber-risk management, security awareness programs, and governance. He translates operational intelligence into policy, control improvements, and executive-ready risk narratives. Vaman mentors through the International Telecommunication Union (ITU) and Women in CyberSecurity (WiCyS) and regularly shares lessons learned through talks and training.