Amsterdam 2017 FIRST Technical Colloquium

Amsterdam (NL), 25 – 26 April, 2017


Register now!

FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams.

For you that are new in FIRST or never have attended a TC&S, the colloquium typically provides one whole day of plenary sessions for informal discussions and presentations on topics of FIRST membership interest, or that are more sensitive in nature and related to the day-to-day work of participants.

The FIRST colloquia are typically hosted by members and since 2005 are being organized in a regional basis - the current regions being Latin-America, North-America, Europe and Asia-Pacific. For each region the goal is to organize one TC per year - either standing on its own, or jointly with regional CSIRT initiatives.


Event Summary

The tentative program is as follows:

Date Session
Mon April 24th Morning: Optional full day Training Session. More details TBD.
Tue-Wed April 25-26th FIRST TC

Full day Training Session on Monday:

Incident Response, Forensics, and Vulnerability Management Lessons Learned
It is no secret that the security landscape has changed. Adversaries employ sophisticated ways and all it takes is one small crack in your armor and the next thing you know they have compromised your devices, finding sensitive data, and holding your business hostage. In this course we will cover several use cases explaining the threat exploitation based on target industry-types. We will cover several lessons learned while performing forensics of compromised embedded devices and infrastructure platforms. With number of attacks against networking infrastructure growing, it has become essential to be able to determine the integrity of your network infrastructure. This session also outlines the tools and processes for determining the integrity of network infrastructure devices. We will discuss the indicators of comprise (IoC) that govern the level of risk associated with a device. We will examine the details of custom sophisticated malware including SynFul Knock, exploits revealed by Shadow Brokers, and other examples. We will also discuss and show how Cisco proactively fights systemic issues and show details about tools we have created to identify and confirm new vulnerabilities.

  • Sasa Rasovic, is a Security Architect/Incident Manager in Cisco’s Product Security Incident Response Team (PSIRT) where he works on investigation and resolution of critical security vulnerabilities affecting customers running Cisco products. Sasa's been part of the security industry for 17 years (7 at Cisco). In his many roles for multiple leading vendors in the field over the years, Sasa has designed, implemented and supported some of the world's largest networks. Prior to his current role, he was a technical leader for security group within Cisco's Technical Assistance Center (TAC) in Brussels where he served as an escalation point for critical network outages and product design reviews.
  • Omar Santos, is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations. Omar is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. Omar is often delivering technical presentations at many conferences and to Cisco customers and partners. He is the author of over a dozen books, video courses, and several other publications.
  • Stefano De Crescenzo is a senior incident manager with the Cisco Product Security Incident Response Team (PSIRT) where he focuses on products vulnerability management Cisco products forensic. He is author of several blog post and white papers about security best practices and forensic. He is an active member of the security community and invited speakers at several security conferences. Stefano is specialized in malware detection and integrity assurance in critical infrastructure devices and he is author of integrity assurance guidelines for Cisco IOS, IOS-XE and ASA.
    Stefano holds a B.Sc. and M.Sc. in telecommunication engineering from Politecnico di Milano, Italy and a M.Sc. in telecommunication from Danish Technical University, Denmark. He also holds a CCIE in Security #26025 and he is CISSP and CISM certified.

Number of students: 25-30

Call for Speakers

The FIRST Amsterdam Technical Colloquium (TC) 2017 will be hosted by Cisco Systems in Amsterdam, Netherlands. The event will be a plenary style conference held on the 25th and 26th of April 2017.

FIRST is looking for speakers that would like to present at this Technical Colloquium. This is a GREAT opportunity to give something back to FIRST and the industry, while practicing your speaking skills and sharing your hard work.

Any novel ideas, techniques, case studies, or research related to incident and threat response are welcome. Some suggested topics are as follows:

For your submission, please provide the following information:

Proposal submissions end date: Feb 18th, 2017.

If you're interested in speaking, please contact us at We are hoping to have the program on the event website by February 2017, so please get in touch with us ASAP. Feel free to reach out with any questions.


The event will be held at the Cisco Campus, located at:

Haarlerbergpark, Haarlerbergweg 13-19
1101 CH Amsterdam
Phone: +31 (0)20 357 1000

Amsterdam 2017 FIRST Technical Colloquium

Click on the map to see it enlarged on Google Maps.