Incident Response Hall of Fame Inductees

Note: This list reflects Hall of Fame members in each calendar year.

Andrew CormackAndrew Cormack

Andrew Cormack

Andrew Cormack

Andrew Cormack trained as a Mathematician well before the Internet went mainstream. After five years on a research vessel managing the science IT, he joined the University of Cardiff as Postmaster, where it was suggested he might like to investigate “this world wide web thing” and assess whether it had a future. A few years later he started the UK’s academic CERT as well as managed the EuroCERT project. Since then IT Security was Andrew’s passion. During his career at JISC he transitioned to the organizations Chief Regulatory Advisor and pursued Law studies in which he graduated as a Master of Law.

Andrew’s contributions to the Incident Response community are many and broad: He was one of the initial TRANSITS trainers and thus shaped the careers of hundreds of incident responders. Andrew’s ability to listen beyond the mere words that people speak, combined with his vast knowledge, allowed him over and over again to build bridges to other fields. One particular area of focus was the governance and legal frameworks related to Incident Response, where he helped policy makers recognize the importance of CSIRTs. Andew was a member of ENISA’s Permanent Stakeholder Group and sat on the boards of ORCID and the Internet Watch Foundation. He was a regular attendee and presenter at security conferences, and the Program Chair of the 2019 FIRST annual conference in his native Edinburgh.

Andrew Cormack passed away on April 12 2023, only two weeks after having learned about his induction in the IR Hall of Fame.

Article: Remembering Andrew Cormack - by Serge Droz


Jeffrey J. CarpenterJeffrey J. Carpenter

Jeffrey J. Carpenter

Jeffrey Carpenter has dedicated more than 30 years to improving the state of information security. In 1995, Jeffrey joined the CERT® Coordination Center at Carnegie Mellon University's Software Engineering Institute, initially as an incident response analyst, then five years later managing more than 50 technical individuals. He was instrumental in helping the U.S. Department of Defence and the U.S. Department of Homeland Security create teams to exchange incident information and indicators between government and critical infrastructure organizations. He also worked closely with the U.S. Department of Homeland Security on the formation of US-CERT, the national computer security incident response team (CSIRT) for the United States.

Jeffrey helped many other governments and regional organizations around the world establish national incident response capabilities. He founded a successful annual conference for technical staff working for CSIRTs with national responsibility to promote collaboration among these organizations. Jeffrey's active involvement in the incident response community over the years has included presenting in various forums and serving on Forum of Incident Response and Security Teams (FIRST) committees and working groups.

Dan KaminskyDan Kaminsky

Dan Kaminsky

Dan Kaminsky (1979 – 2021) was a noted American security researcher - best known for his work finding a critical flaw in the Internet's Domain Name System (DNS) and leading what became the largest synchronized fix to the Internet infrastructure of all time in 2008. He was also known for being a great human - helping colleagues, friends, and community members attend events, working on many health apps, assisting color-blind people, hearing aid technology and telemedicine, and fighting as a privacy rights advocate. His ethos was to do things because they were the right thing to do, not because they would elicit financial gain.

Dan was co-founder and chief scientist of WhiteOps (recently renamed Human) and spent his career advising several Fortune 500 companies such as Cisco, Avaya, and Microsoft on their cybersecurity. In addition, Dan spent three years working with Microsoft on their Vista, Server 2008, and Windows 7 releases. 

Many FIRST members are aware of Dan - some had the privilege of meeting and working with him. All of us will miss him and the energy, creativity, curiosity, and, above all, the fun he brought to our world.

The New York Times labeled him an "Internet security savior" - an honorific too often given but, in this case, very well deserved.

Photo: Dave Bullock / eecue

Don StikvoortDon Stikvoort

Don Stikvoort

Don Stikvoort is founder of the companies “S-CURE” and “Cross Your Limits”. S-CURE offers senior consultancy in the area of cyber security – specialising in CSIRT matters. Cross Your Limits coaches and trains in the human area. Based in Europe, Don’s client base is global.

After his MSc degree in Physics, he became Infantry platoon commander in the Dutch Army. In 1988 he joined the Dutch national research network SURFnet. In that capacity he was among the pioneers who together created the European Internet since November 1989. He recognised “security” as a future concern in 1991, and was chair of the 2nd CSIRT in Europe (now SURFcert) from 1992-8, and FIRST member since 1992. Today Don is a FIRST Liaison Member.

Together with Klaus-Peter Kossakowski he initiated and built the closer cooperation of European CSIRTs starting in 1993 – this led to the emergence of TF-CSIRT in 2000. In 1998 he finished the "Handbook for Computer Security Incident Response Teams (CSIRTs)" together with Kossakowski and Moira J. West-Brown of CERT/CC. He was active in the IETF and RIPE (co-creator of the IRT-object). Don chaired the Program Committee for the 1999 FIRST conference in Brisbane, Australia, and kick-started the international FIRST Secretariat in the same year. From 2001-2011 his company ran TF-CSIRT’s Trusted Introducer service. He wrote and taught several training modules for the CSIRT community.

In 1998 Don started his first company. A first assignment was to build the network connecting over 10,000 schools in The Netherlands. Many CSIRTs were created with his help and guidance, among which the Dutch national team (NCSC-NL). Second opinions, audits and maturity assessments in this field have become a specialty – and in that capacity Don developed SIM3 in 2008, the maturity model for CSIRTs which is used worldwide today for maturity assessments and certifications. SIM3 has is now under the wings of the “Open CSIRT Foundation” (OCF). Don was one of the founders in 2016 and now chairs its board.

Starting in 1999, Don was certified in NLP, Time Line Therapy®, Coaching and Hypnotherapy, and brought that under the wing of “Cross Your Limits”, which portfolio is life & executive coaching, and training courses in what Don likes to call “human arts”. He also trains communicators, presenters and trainers, including many in the CSIRT field.

Don thrives as motivational and keynote speaker. He enjoys to share his views on how the various worlds of politics, economics, psychology and daily life, but also cyber security, all intertwine and relate – and how deeper understanding and a better ability to express ourselves, increase our ability to bring good change to self as well as the world around us. He has discussed such topics all over the world, from Rome to the Australian Outback. His goal is to challenge his audience to think out-of-the-box, and motivate them to be the difference that makes the difference, along the lines of the old African proverb:

“If you think you’re too small to make a difference, try sleeping in a closed room with a mosquito”.


Ian CookIan Cook

Ian Cook

Corbels Security Services Ltd.

Ian Cook has held senior technical and management positions at the UK NHS, Tricentrol Oil Corporation, Saudi American Bank, Citigroup, Merrill Lynch, Pentest Ltd, Barclays Bank and Team Cymru. On leaving Team Cymru in 2014, he was awarded the title ‘Team Cymru Emeritus’ which is conferred upon Cymraeg who retire after a particularly noteworthy career and is a mark of distinguished service.

Ian is a true cybersecurity veteran. When he first started in the industry, over 43 years ago, Microsoft, Google, Facebook, CISCO and Amazon didn’t exist, PCs had not yet been invented and storing the world's business and personal data on something called “The Cloud” would have sounded like classic science fiction, as would the notion of criminals hiding out in something known as the “Dark Web”. “Cybercrime” itself is another term that would have sounded as if it might have sprung straight from the pages of Arthur C. Clarke.

He is very happy to share his vast experience with industry newcomers and currently provides Virtual CISO and mentoring Services to SME’s and start-ups as well as acting as a Talent Scout for VC's and Angels. He is also a mentor at the Cylon and HutZero startup accelerators and is on Advisory Boards at IOActive, CTM360 and Assuria. Ian plans to retire in October 2020, which will give him additional time to help security professionals cope with the growing mental health issues caused by being in a job where you are never off duty and never have adequate resources. His mantra is: “It’s OK not to be OK.”

Ian first joined FIRST as the Citibank FIRST Representative in 1997 and attended the Annual Conference in Bristol which was hosted by JANET-CERT. From this time Ian has been an active member and has sponsored many companies into FIRST and shepherded them thru the membership process. Ian was elected to the FIRST Steering Committee in 2000 and served for 6 years. During this time the SC began to transition FIRST from being a club of Incident Responders to being a professional Organization with Global Influence and he is proud to have been at the start of this process. In 2001, Ian worked with Gavid Reid to setup the Best Practice Guide Library which contains security guides and templates submitted by FIRST members and for many years Ian ran a Security News mailing list that was daily sent to all FIRST members.

In 2007 Ian was co-Chair with Arjen De Landgraaf at the 19th Annual FIRST Conference in Seville, Spain. That year the conference included many new features such as Beer 'n Gear – where vendors demonstrated their equipment whilst handing out free beer, a Security Conference Blog, a Security News Podcast and a Geek Zone which included a hands-on Security Challenge. To advertise the event he even got the First Conference Logo prominently displayed on a Stealth B6 racing car at Silverstone’s GT90’s Revival race.

More recently Ian has been instrumental in forming the FIRST Cyber Threat Intelligence SIG and helping to facilitate the 2019 FIRST CTI Symposium held in London which was hosted by Digital Shadows and BT.


Klaus-Peter KossakowskiKlaus-Peter Kossakowski

Klaus-Peter Kossakowski


Prof. Dr. Klaus-Peter Kossakowski has worked in the security field for more than 30 years. In 1988 he was one of the first members of the Virus Test Center in Hamburg where he focused on malicious network programs. In January 1993 when DFN-CERT became the first German CERT for an open network he started to work there and became managing director of it in 2003. He also founded PRESECURE Consulting GmbH, a privately-owned company specialized in cyber security, critical information infrastructure protection, situational awareness, early warning and developing specialized services like CERTs or SOCs. He successfully led the team from a research effort to a functional and well-respected operational entity. He was a visiting professor at the University of Hamburg from 2008 to 2011 and became a full professor at the University of Applied Science in Hamburg in 2014.

Since 1998 he is continuously providing feedback on research topics, operational experiences and lessons learned to the community. This started with the “CSIRT Handbook” in 1998, republished in 2003, that he co-authored with Moira West-Brown and Don Stikvoort. His research work was mostly supported by the CERT Coordination Center at the CMU/SEI for which he worked as visiting scientist from 1998 to 2011.

He was elected as a member of the FIRST Steering Committee in 1997 and had been on the committee until 2005, being re-elected three times and served the two last years as Chair of the FIRST Steering Committee. Frequently he has been involved with FIRST Conferences as volunteer, organizer and presenter or served on the program committee. In 2015 he was representing the local host of the FIRST Conference in Berlin, in 2017 he was the Program Chair for the FIRST Conference on Puerto Rico.

Together with Don Stikvoort he developed the accreditation and certification frameworks for CERTs and security teams including the now commonly accepted SIM3 maturity model adopted by ENISA and now maintained by the openCSIRT Foundation. Since 2011 he coordinates the Trusted Introducer framework providing infrastructure services, accreditation and certifications to nearly 400 security, product security and incident response teams internationally. Through the Trusted Introducer service and the support of his university he promotes and supports approaches like SIM3 or emerging frameworks or taxonomies for CERTs, most namely the “FIRST CSIRT Services Framework” and the “eCSIRT Incident Taxonomy”, which goes back to the project of 2003 successfully lead by him.

Prof. Dr. Kossakowski helped considerably to raise the awareness for CERTs concentrating on international issues, information sharing and coordinated cooperation, and establishing an international infrastructure for Cyber Defense.