Incident Response Hall of Fame Inductees

Note: This list reflects Hall of Fame members in each calendar year.

Don StikvoortDon Stikvoort

Don Stikvoort


Don Stikvoort MSc is founder of the companies “S-CURE” and “Cross Your Limits”. S-CURE offers senior consultancy in the area of cyber security – specialising in security incident management (CSIRT), governance/policy matters and translating theories and policies to real life. Cross Your Limits offers life/exec coaching and trainings in “human arts”. Based in The Netherlands, Don’s client base is global.

After his Master’s degree in Physics, he became Infantry platoon commander in the Dutch Army. In 1988 he joined the Dutch national research network SURFnet. In that capacity he was among the pioneers who together created the European Internet since November 1989. He recognised “security” as a future concern in 1991, and was co-founder and chair of the 2nd CSIRT in Europe (now SURFcert) from 1992-8, FIRST member since 1992 – later Don became a FIRST Liaison Member, until today.

Together with Klaus-Peter Kossakowski he initiated and fostered the closer cooperation of European CSIRTs ever since 1993 – this led to the emergence of TF-CSIRT in 2000. In 1998 he finished the "Handbook for Computer Security Incident Response Teams (CSIRTs)" together with Kossakowski and Moira J. West-Brown of CERT/CC. He was active in the IETF and RIPE (co-creator of the IRT-object). Don chaired the Program Committee for the 1999 FIRST conference in Brisbane, Australia, and kick-started the international FIRST Secretariat in the same year. From 2001-2011 his company ran TF-CSIRT’s Trusted Introducer service. He authored and taught several training modules for the CSIRT community, some of which are being used worldwide today, e.g. as part of TRANSITS.

In 1998 Don started his first company. A first assignment was to build the network connecting over 10,000 schools in The Netherlands. Many CSIRTs were created with his help and guidance, among which the Dutch national teeam (NCSC-NL), and teams for universities, major hospitals and big corporations like Philips. Second opinions, audits and maturity assessments in this field have become a specialty – and in that capacity Don developed SIM3 in 2008, the maturity model for CSIRTs which is used worldwide today for maturity assessments and certifications. SIM3 has now been taken under the wings of the not-for-profit “Open CSIRT Foundation” (OCF). Don was one of the founders in 2016 and now chairs its board.

Starting in 1999, Don was certified in NLP, Time Line Therapy®, Coaching, Hypnotherapy and other psychotherapy forms, and started what is now Cross Your Limits as a result. Cross Your Limits’ portfolio is life & executive coaching, and workshops and intensive training courses in what Don likes to call “human arts”, leading to internationally recognized certifications. He also trains communicators, presenters and trainers, including many in the CSIRT field.

Don thrives as motivational and keynote speaker. He enjoys to share his views on how the various worlds of politics, economics, psychology and daily life, but also cyber security, all intertwine and relate – and how increased understanding of this “texture” and a better ability to express ourselves, increase our ability to bring good change to self – and the world around us. He has discussed such topics in keynote talks from The Hague to Bali, from Hamburg to Mauritius and from Rome to the Australian Outback. His goal is to challenge his audience to gain deeper insight and understanding, and motivate them to be the difference that makes the difference, reminding them of the old African proverb:

“If you think you’re too small to make a difference, try sleeping in a closed room with a mosquito”.


Ian CookIan Cook

Ian Cook

Corbels Security Services Ltd.

Ian Cook has held senior technical and management positions at the UK NHS, Tricentrol Oil Corporation, Saudi American Bank, Citigroup, Merrill Lynch, Pentest Ltd, Barclays Bank and Team Cymru. On leaving Team Cymru in 2014, he was awarded the title ‘Team Cymru Emeritus’ which is conferred upon Cymraeg who retire after a particularly noteworthy career and is a mark of distinguished service.

Ian is a true cybersecurity veteran. When he first started in the industry, over 43 years ago, Microsoft, Google, Facebook, CISCO and Amazon didn’t exist, PCs had not yet been invented and storing the world's business and personal data on something called “The Cloud” would have sounded like classic science fiction, as would the notion of criminals hiding out in something known as the “Dark Web”. “Cybercrime” itself is another term that would have sounded as if it might have sprung straight from the pages of Arthur C. Clarke.

He is very happy to share his vast experience with industry newcomers and currently provides Virtual CISO and mentoring Services to SME’s and start-ups as well as acting as a Talent Scout for VC's and Angels. He is also a mentor at the Cylon and HutZero startup accelerators and is on Advisory Boards at IOActive, CTM360 and Assuria. Ian plans to retire in October 2020, which will give him additional time to help security professionals cope with the growing mental health issues caused by being in a job where you are never off duty and never have adequate resources. His mantra is: “It’s OK not to be OK.”

Ian first joined FIRST as the Citibank FIRST Representative in 1997 and attended the Annual Conference in Bristol which was hosted by JANET-CERT. From this time Ian has been an active member and has sponsored many companies into FIRST and shepherded them thru the membership process. Ian was elected to the FIRST Steering Committee in 2000 and served for 6 years. During this time the SC began to transition FIRST from being a club of Incident Responders to being a professional Organization with Global Influence and he is proud to have been at the start of this process. In 2001, Ian worked with Gavid Reid to setup the Best Practice Guide Library which contains security guides and templates submitted by FIRST members and for many years Ian ran a Security News mailing list that was daily sent to all FIRST members.

In 2007 Ian was co-Chair with Arjen De Landgraaf at the 19th Annual FIRST Conference in Seville, Spain. That year the conference included many new features such as Beer 'n Gear – where vendors demonstrated their equipment whilst handing out free beer, a Security Conference Blog, a Security News Podcast and a Geek Zone which included a hands-on Security Challenge. To advertise the event he even got the First Conference Logo prominently displayed on a Stealth B6 racing car at Silverstone’s GT90’s Revival race.

More recently Ian has been instrumental in forming the FIRST Cyber Threat Intelligence SIG and helping to facilitate the 2019 FIRST CTI Symposium held in London which was hosted by Digital Shadows and BT.


Klaus-Peter KossakowskiKlaus-Peter Kossakowski

Klaus-Peter Kossakowski


Prof. Dr. Klaus-Peter Kossakowski has worked in the security field for more than 30 years. In 1988 he was one of the first members of the Virus Test Center in Hamburg where he focused on malicious network programs. In January 1993 when DFN-CERT became the first German CERT for an open network he started to work there and became managing director of it in 2003. He also founded PRESECURE Consulting GmbH, a privately-owned company specialized in cyber security, critical information infrastructure protection, situational awareness, early warning and developing specialized services like CERTs or SOCs. He successfully led the team from a research effort to a functional and well-respected operational entity. He was a visiting professor at the University of Hamburg from 2008 to 2011 and became a full professor at the University of Applied Science in Hamburg in 2014.

Since 1998 he is continuously providing feedback on research topics, operational experiences and lessons learned to the community. This started with the “CSIRT Handbook” in 1998, republished in 2003, that he co-authored with Moira West-Brown and Don Stikvoort. His research work was mostly supported by the CERT Coordination Center at the CMU/SEI for which he worked as visiting scientist from 1998 to 2011.

He was elected as a member of the FIRST Steering Committee in 1997 and had been on the committee until 2005, being re-elected three times and served the two last years as Chair of the FIRST Steering Committee. Frequently he has been involved with FIRST Conferences as volunteer, organizer and presenter or served on the program committee. In 2015 he was representing the local host of the FIRST Conference in Berlin, in 2017 he was the Program Chair for the FIRST Conference on Puerto Rico.

Together with Don Stikvoort he developed the accreditation and certification frameworks for CERTs and security teams including the now commonly accepted SIM3 maturity model adopted by ENISA and now maintained by the openCSIRT Foundation. Since 2011 he coordinates the Trusted Introducer framework providing infrastructure services, accreditation and certifications to nearly 400 security, product security and incident response teams internationally. Through the Trusted Introducer service and the support of his university he promotes and supports approaches like SIM3 or emerging frameworks or taxonomies for CERTs, most namely the “FIRST CSIRT Services Framework” and the “eCSIRT Incident Taxonomy”, which goes back to the project of 2003 successfully lead by him.

Prof. Dr. Kossakowski helped considerably to raise the awareness for CERTs concentrating on international issues, information sharing and coordinated cooperation, and establishing an international infrastructure for Cyber Defense.