Macau 2018 FIRST Technical Colloquium

  • Macau 2018 FIRST Technical Colloquium, Macao (MO)

Macau Cyber Security Trends for 2019

Macau (MO), November 16th, 2018

The Forum of Incident Response and Security Teams (FIRST) is proud to announce the FIRST Macau Technical Colloquium (TC) to be held on November 16, 2018 in Macau. This one-day TC event will be hosted locally by the Sands China Cyber Security Team and will bring together the finest cyber security professionals from around the world to Sands China Limited – The Parisian Macao

The FIRST Macau Technical Colloquium will offer attendees the opportunity to engage in meaningful dialogue, conversation, exercises, and sharing of knowledge, including Technical & Management.

FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST members (and non-members) and invited guests to share information about security operations, risk management, governance, legal and regulatory implications, vulnerabilities, incidents, tools and all other issues that affect cybersecurity and incident response teams. The TC intends to have will cover a variety of subjects and industries. Both advanced and novice members of all cybersecurity and incident response teams are welcome to attend and strongly encouraged to submit presentations. The Macau FIRST TC is actively seeking speakers and abstracts including perspectives from all experience levels from around the world (see below)


Venetian Parisian Hotel
Lote 3, Strip, SAR,
P.R. China,
Estr. do Istmo, Macau

For contact information:

Event Registration

Details regarding registration will be released after the call for speakers and agenda is complete. For now any questions, can be directed to

Call for Speakers

FIRST is currently looking for speakers & abstracts that would like to present at this Technical Colloquium in Macau. This is a GREAT opportunity to share best practices, novel ideas, techniques, and case studies, thought leadership and/or research related to a variety of cyber security topics.

Some suggested topics are as follows:

  1. Security Operations I — From Prevention to Network Security & Leadership
    You are encouraged to submit presentations on data protection, encryption, PKI, TLS, DLP, or email security. Presentations will be accepted on network security, firewall IDS/IPS, proxy filtering, VPN, security Gateway and DDoS protection. We are also encouraging presentations on application security including threat modeling, design review, secure coding, static analysis, web app scanning, IoT security, WAF, RASP. In addition, presentations on end point security are encouraged including anti-virus, anti-malware, HIDS / HIPS, FIM, app whitelisting, secure configurations, active defense patching.

  2. Security Operations II — From Threat Detection, Response to Active Defense
    You are encouraged to submit presentations on log management, SIEM, continuous monitoring, net flow analysis, advanced analytics, predictive analytics, threat hunting, penetration testing, red team, vulnerability scanning, human sensor, DLP, SOC operations, threat intelligence gathering, threat information sharing and developing industry partnerships. You are encouraged to submit presentations on developing incident handling plans, breach preparation, table top exercises, forensic analysis, and crisis management with breach communications.

  3. Strategy & Risk Management — From Assessment Methodology to Impact Analysis
    You are encouraged to submit presentations on risk management frameworks, risk management methodology, business impact analysis, risk assessment process, risk analysis and quantification, security awareness, vulnerability management, vendor risk management, physical security, disaster recovery (DR), business continuity planning, cyber insurance, policies and procedures and risk treatment including mitigation, planning, verification, remediation, etc.

  4. Governance, Legal, & Regulatory — From Business Alignment, Control Frameworks, Board of Directors Engagement to Resource Management You are encouraged to submit presentations on developing strategy, business alignment, risk management, program frameworks, NIST CSF, ISO 27000. In addition, presentations will be accepted on control frameworks from NIST 800-53, Critical Security Controls (CSC) as well as program structure, program management, and developing a communications plan. You are encouraged to submit presentations on developing and defining cybersecurity roles and responsibilities, workforce planning budgeting, engagement with the Board of Directors, resource management, data classification, and security policy. You are encouraged to submit presentations on creating a security culture, security training including awareness based and role playing. Finally, presentations around the topics of metrics, reporting, IT Portfolio Management, Change Management will be considered.

  5. Education & Training — From Developing Combat Ready Talent to building a Cyber Range or using Stackable Credentials
    You are encouraged to submit presentations on initiatives and innovations for identifying, recruiting, and educating the future cybersecurity workforce. This can include teaching recruiters the differences in credentials, sharing programs to inspire the next generation of cybersecurity and STEM workforce. You are encouraged to submit presentations on how to best build combat ready talent or curriculum in partnership with industry, academia or your local community resources. You are encouraged to submit presentations around how to best utilize the certifications to bridge talent gaps internally or externally within or outside your company. You are encouraged to submit presentations on pathways to bridge the skills and talent gaps between cyber security theory, cyber security degrees and preparing your workers to become combat ready. We will also accept presentations on the best ways to utilize real world or simulated experiences using experiential layer training techniques are encouraged. You are encouraged to submit presentations on the optimal ways to allow cyber security employees or students to participate with local industry practicing on their corporate run cyber ranges. Please consider sharing best practices how to collaborate with other industries, communities, or governments in joint threat hunting exercises, malware analysis, or participating in joint red team/blue team exercises.

  6. Collaboration — Nurturing Cybersecurity in your Company, Community or Industry
    You are encouraged to submit presentations on focus on creative ways that industry, government and education that can address the growing gap between cybersecurity knowledge, awareness, and helping your company, community or industry become more cyber aware. You are encouraged to submit presentations on the best ways to build a team led Security Operations Center (SOC), regional SOC, county run SOC, student run SOC, community or corporate built cyber ranges, teaching HR recruiters about cyber security, innovating awareness campaigns, or surgically running your phishing campaign. You are encouraged to submit presentations on building cyber patriot mentors clubs for high school, middle school and supporting local college cyber competition teams.

  7. Professional Development — Keeping Pace with Credentials, Education and Technology which the Cyber Criminals could care less about
    You are encouraged to submit presentations on the best ways for staying up-to-date in a fast-paced environment that encourages certifications, technical education, and career development, achieve workforce diversity initiatives yet meet the needs for retention concerns of staff and personnel management.

How to Submit

For your submission, please provide the following information and send it to

  1. Provide a brief, short summary (abstract)
  2. Provide the presenter's name, affiliation, and short biography
  3. Provide the estimated length of time your presentation may last (30 mins + 10 for questions is typical)
  4. Let us know if you are open to sitting on a panel relevant to your topic or expertise