Incident Response Hall of Fame Inductees

Note: This list reflects Hall of Fame members in each calendar year.

Jeffrey J. CarpenterJeffrey J. Carpenter

Jeffrey J. Carpenter


Jeffrey Carpenter has dedicated more than 30 years to improving the state of information security. In 1995, Jeffrey joined the CERT® Coordination Center at Carnegie Mellon University's Software Engineering Institute, initially as an incident response analyst, then five years later managing more than 50 technical individuals. He was instrumental in helping the U.S. Department of Defence and the U.S. Department of Homeland Security create teams to exchange incident information and indicators between government and critical infrastructure organizations. He also worked closely with the U.S. Department of Homeland Security on the formation of US-CERT, the national computer security incident response team (CSIRT) for the United States.

Jeffrey helped many other governments and regional organizations around the world establish national incident response capabilities. He founded a successful annual conference for technical staff working for CSIRTs with national responsibility to promote collaboration among these organizations. Jeffrey's active involvement in the incident response community over the years has included presenting in various forums and serving on Forum of Incident Response and Security Teams (FIRST) committees and working groups. Jeffrey currently is the Secureworks Senior Director of Incident Response Consulting and Threat Intelligence.

Dan KaminskyDan Kaminsky

Dan Kaminsky

Dan Kaminsky (1979 – 2021) was a noted American security researcher - best known for his work finding a critical flaw in the Internet's Domain Name System (DNS) and leading what became the largest synchronized fix to the Internet infrastructure of all time in 2008. He was also known for being a great human - helping colleagues, friends, and community members attend events, working on many health apps, assisting color-blind people, hearing aid technology and telemedicine, and fighting as a privacy rights advocate. His ethos was to do things because they were the right thing to do, not because they would elicit financial gain.

Dan was co-founder and chief scientist of WhiteOps (recently renamed Human) and spent his career advising several Fortune 500 companies such as Cisco, Avaya, and Microsoft on their cybersecurity. In addition, Dan spent three years working with Microsoft on their Vista, Server 2008, and Windows 7 releases. 

Many FIRST members are aware of Dan - some had the privilege of meeting and working with him. All of us will miss him and the energy, creativity, curiosity, and, above all, the fun he brought to our world.

The New York Times labeled him an "Internet security savior" - an honorific too often given but, in this case, very well deserved.

Photo: Dave Bullock / eecue

Don StikvoortDon Stikvoort

Don Stikvoort


In 1988 Don joined the Dutch national research network SURFnet, after studying physics and 2 years in the army. Don was among the pioneers who created the European Internet starting in 1989. He recognized “security” as a concern in 1991, chaired SURFcert between 1992-8, and was the founding father of NCSC-NL, the Dutch national team, and of the European TF-CSIRT community. Don became a member of FIRST in 1992 and has been very active during his membership from chairing the FIRST conference in Australia in 1999, co-chair of the Traffic Light Protocol working group and participating in CSIRT, Metrics and Ethics working groups. In 1998 he co-wrote the ‘Handbook for Computer Security Incident Response Teams (CSIRTs)’. Don continues to support the global cyber security community through S-CURE the company he founded in 1998. Don created the SIM3 maturity model for CSIRTs, is a sought-after keynote speaker and also finds the time to do executive coaching and psycho therapy with a limited set of clients.


Ian CookIan Cook

Ian Cook

Corbels Security Services Ltd.

Ian Cook has held senior technical and management positions at the UK NHS, Tricentrol Oil Corporation, Saudi American Bank, Citigroup, Merrill Lynch, Pentest Ltd, Barclays Bank and Team Cymru. On leaving Team Cymru in 2014, he was awarded the title ‘Team Cymru Emeritus’ which is conferred upon Cymraeg who retire after a particularly noteworthy career and is a mark of distinguished service.

Ian is a true cybersecurity veteran. When he first started in the industry, over 43 years ago, Microsoft, Google, Facebook, CISCO and Amazon didn’t exist, PCs had not yet been invented and storing the world's business and personal data on something called “The Cloud” would have sounded like classic science fiction, as would the notion of criminals hiding out in something known as the “Dark Web”. “Cybercrime” itself is another term that would have sounded as if it might have sprung straight from the pages of Arthur C. Clarke.

He is very happy to share his vast experience with industry newcomers and currently provides Virtual CISO and mentoring Services to SME’s and start-ups as well as acting as a Talent Scout for VC's and Angels. He is also a mentor at the Cylon and HutZero startup accelerators and is on Advisory Boards at IOActive, CTM360 and Assuria. Ian plans to retire in October 2020, which will give him additional time to help security professionals cope with the growing mental health issues caused by being in a job where you are never off duty and never have adequate resources. His mantra is: “It’s OK not to be OK.”

Ian first joined FIRST as the Citibank FIRST Representative in 1997 and attended the Annual Conference in Bristol which was hosted by JANET-CERT. From this time Ian has been an active member and has sponsored many companies into FIRST and shepherded them thru the membership process. Ian was elected to the FIRST Steering Committee in 2000 and served for 6 years. During this time the SC began to transition FIRST from being a club of Incident Responders to being a professional Organization with Global Influence and he is proud to have been at the start of this process. In 2001, Ian worked with Gavid Reid to setup the Best Practice Guide Library which contains security guides and templates submitted by FIRST members and for many years Ian ran a Security News mailing list that was daily sent to all FIRST members.

In 2007 Ian was co-Chair with Arjen De Landgraaf at the 19th Annual FIRST Conference in Seville, Spain. That year the conference included many new features such as Beer 'n Gear – where vendors demonstrated their equipment whilst handing out free beer, a Security Conference Blog, a Security News Podcast and a Geek Zone which included a hands-on Security Challenge. To advertise the event he even got the First Conference Logo prominently displayed on a Stealth B6 racing car at Silverstone’s GT90’s Revival race.

More recently Ian has been instrumental in forming the FIRST Cyber Threat Intelligence SIG and helping to facilitate the 2019 FIRST CTI Symposium held in London which was hosted by Digital Shadows and BT.


Klaus-Peter KossakowskiKlaus-Peter Kossakowski

Klaus-Peter Kossakowski


Prof. Dr. Klaus-Peter Kossakowski has worked in the security field for more than 30 years. In 1988 he was one of the first members of the Virus Test Center in Hamburg where he focused on malicious network programs. In January 1993 when DFN-CERT became the first German CERT for an open network he started to work there and became managing director of it in 2003. He also founded PRESECURE Consulting GmbH, a privately-owned company specialized in cyber security, critical information infrastructure protection, situational awareness, early warning and developing specialized services like CERTs or SOCs. He successfully led the team from a research effort to a functional and well-respected operational entity. He was a visiting professor at the University of Hamburg from 2008 to 2011 and became a full professor at the University of Applied Science in Hamburg in 2014.

Since 1998 he is continuously providing feedback on research topics, operational experiences and lessons learned to the community. This started with the “CSIRT Handbook” in 1998, republished in 2003, that he co-authored with Moira West-Brown and Don Stikvoort. His research work was mostly supported by the CERT Coordination Center at the CMU/SEI for which he worked as visiting scientist from 1998 to 2011.

He was elected as a member of the FIRST Steering Committee in 1997 and had been on the committee until 2005, being re-elected three times and served the two last years as Chair of the FIRST Steering Committee. Frequently he has been involved with FIRST Conferences as volunteer, organizer and presenter or served on the program committee. In 2015 he was representing the local host of the FIRST Conference in Berlin, in 2017 he was the Program Chair for the FIRST Conference on Puerto Rico.

Together with Don Stikvoort he developed the accreditation and certification frameworks for CERTs and security teams including the now commonly accepted SIM3 maturity model adopted by ENISA and now maintained by the openCSIRT Foundation. Since 2011 he coordinates the Trusted Introducer framework providing infrastructure services, accreditation and certifications to nearly 400 security, product security and incident response teams internationally. Through the Trusted Introducer service and the support of his university he promotes and supports approaches like SIM3 or emerging frameworks or taxonomies for CERTs, most namely the “FIRST CSIRT Services Framework” and the “eCSIRT Incident Taxonomy”, which goes back to the project of 2003 successfully lead by him.

Prof. Dr. Kossakowski helped considerably to raise the awareness for CERTs concentrating on international issues, information sharing and coordinated cooperation, and establishing an international infrastructure for Cyber Defense.