What's New

The FIRST Conference’s Keynote sessions concluded today with a presentation by Brian LaMacchia, Director of the Security & Cryptography group within Microsoft Research (MSR). In this department, his team conducts basic and applied research and advanced development.

Day four of the FIRST Conference began with a keynote presentation by Martijn de Hamer, the head of the National Cyber Security Operations Center (NCSOC) at the National Cyber Security Center (NCSC-NL) in the Netherlands. After having had various roles in the field of information security, de Hamer first started working for NCSC-NL (previously GOVCERT.NL) in 2005. Additionally, he is active in the field of CSIRT maturity and other aspects of CSIRT capacity building.

Day 3 of the FIRST Conference got started with keynote speaker Florian Egloff. Florian Egloff is a Clarendon Scholar, a D. Phil (PhD) Candidate in Cyber Security at the Centre for Doctoral Training in Cyber Security at the University of Oxford, and a Research Affiliate at the Cyber Studies Programme at Oxford University's Department of Politics and International Relations. He is currently working on his thesis entitled "Cybersecurity and non-state actors: a historical analogy with mercantile companies, privateers, and pirates."

The leading association of incident response and security teams released a draft of the Product Security Incident Response Teams (PSIRT) Services Framework for public input. This is a formal list of services a PSIRT may consider implementing to address the needs of their constituency. Public input is welcomed until August 31, 2017 via psirt-comments@first.org.

Day 2 of the FIRST Conference got started with keynote speaker Darren Bilby, a manager in Google’s Enterprise Infrastructure protection team, who is also a staff security engineer and self-described digital janitor. A 10-year veteran at Google, Bilby was the tech lead for Google’s Global Incident Response Team for six years, managed Google's European detection team in Zürich for two years and has also worked as a software engineer building out Google’s security tools. He was also the founder and a core developer of the open source GRR Incident Response project.

The event offers conferences, keynote presentations and activities designed to maximize network opportunities and information exchanges on information security and incident response.

Join the interview in progress! Martin chats with Alex Pinto, Chief Data Scientist at Niddel and lead of the MLSec Project on his upcoming presentation, “Beyond Matching: Applying Data Science Techniques to IOC-Based Detection.” Alex talks about the glamorous life of a data scientist and shares some of the key takeaways from his presentation. Alex presents on Monday, June 12 at 11:15-12:00.

Join the interview in progress featuring Ben Stock, post-doc researcher at CISPA, Saarland University as he discusses the highlights of his research regarding vulnerability notification. Ben and his colleague Christian Rossow, Professor of IT Security at CISPA, Saarland University will be presenting, “Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification,” on Tuesday, June 13th at 11:45-12:15.

Join this week’s interview in progress as the guys talk TRUST. Lewis Philbey, Cyber-security Lead at Surevine shares his insight on issues that companies of all sizes face when sharing information. The guys also hit on some of the hurdles individuals new to the information security world face within group sharing and why organizations like FIRST exist to vet and foster trusted forums. Surevine is the official sponsor of the Sunday Ice Breaker Reception on June 11th. We’ll see you there!

The leading association of incident response and security teams released a new version of its CSIRT Services Framework. This is a formal list of services a Computer Security Incident Response Team (CSIRT) may consider implementing to address the needs of their constituency.

Join the interview in progress featuring seasoned forensic investigator, Chad Tilbury. Chad is currently the Technical Director at CrowdStrike and a Senior Instructor at the SANS Institute. Windows credentials are arguably the largest vulnerability affecting the modern enterprise. Martin, Chris, and Chad talk common attacks, mitigation techniques, best practices, and what to attendees can expect to take away from Chad's workshop. Chad presents Monday, June 12 from 11:15-12:45 at the 29th Annual FIRST Conference at the Caribe Hilton, San Juan, Puerto Rico.

Join the interview in progress! FIRST's official podcast team, Martin McKeay and Chris John Riley, are back! Martin and Chris kick off this year's series with FIRST Board of Director and 2017 Conference Liaison, Derrick Scholl. Amazing programming and new opportunities are abundant this year. Find out more about how you can make the most of your time at the 29th Annual FIRST Conference and what NOT to miss out.

In addition to the main conference programming, additional pre and post conference programming is now available for review. Please be sure to review as additional registration may be required for certain events/meetings.

The working draft of the 29th Annual FIRST Conference agenda has been posted. Please note that the agenda will be undergoing modifications over the next few weeks as we confirm our speakers. For any specific scheduling questions, please contact the planning team at first-2017@first.org.

The FIRST Board of Directors recognizes and shares the concerns of members and event attendees about recent changes in US immigration policy. We believe global participation is a prerequisite to developing strong and successful responses to internet security issues.

The comment period for the "Guidelines and Practices for Multi-Party Vulnerability Coordination", published by the Vulnerability Coordination SIG, was extended to February 28th, 2017. FIRST invites anyone with an interest in this area to review the current draft, available from https://www.first.org/global/sigs/vulnerability-coordination/multiparty, and provide comments for consideration.

For the first time the call was not extended, as a satisfying number of submissions from around the world have been received in time. Actually we have a representation of over 40 countries. While the number of submissions is much higher and much diverse from the previous years there is also a considerable lower number of presentations from the US, showing that the incident response and security teams have really become international. This year's conference chair, Prof. Dr. Klaus-Peter Kossakowski, a long term veteran in the cyber security community and past chair of FIRST, is looking forward for a fruitful discussion within the Program Committee consisting of over 60 volunteers. The reviews will be carried within the next six weeks. He is confident that a very interesting program will be presented in early February 2017 to the public.

The Forum of Incident Response and Security Teams (FIRST), a recognized global leader in incident response has released the Call for Speakers for the 29th Annual FIRST Conference to be held in Puerto Rico, June 11-17, 2017. The Program Committee is looking for presentations on leading-edge research, challenging discoveries, working solutions and established best practices already adopted by more than a single team. They also invite fresh ideas and challenges presented to the global community for discussion and consideration.

A FIRST Computer Security Incident Response Team (CSIRT) operations workshop was taught on September 5th at the International ISC Conference on Information Security & Cryptology (ISCISC2016) at Shahid Beheshti University in Tehran, Islamic Republic of Iran.

The Forum of Incident Response and Security Teams (FIRST) is announcing it is renaming its Fellowship Program to the “Suguru Yamaguchi Fellowship Program” in honor and in memory of the late Dr. Suguru Yamaguchi, a former member of the Board of Directors for FIRST, from 2011 through 2013.

Join the interview in progress! The discussion dives into the very relevant issues that the AnubisNetworks team has been researching and fighting that have been arising out of the Asia-Pacific region. Chris chats with Joao Gouveia, CTO at AnubisNetworks and Nuno Vieira da Silva, Head of Sales at AnubisNetworks. AnubisNetworks has been a supporter and sponsor of the Annual FIRST Conference since 2015.

Join the interview in progress! Martin chats with Alex Sierra, CTO of Niddel and Alex Pinto, Chief Data Scientist at Niddel about their presentation, "Sharing is Caring: Understanding and Measuring Sharing Effectiveness." This presentation was delivered at the 28th Annual FIRST Conference in Seoul, South Korea, June 13, 2016.

The figures are still abysmal. So Kate O'Flaherty asks what can the information security industry do to encourage more women to join the sector?

The Forum of Incident Response and Security Teams (FIRST), a recognized global leader in incident response has successfully finished its 28th Annual Conference, which takes place this June (12th – 18th) in Seoul, South Korea. Co-hosted by the MSIP (Ministry of Science, ICT and Future Planning), KISA (Korea Internet Security Agency) and KrCERT/CC, the conference was held at Conrad Seoul.

Due to the record high number of submissions this year, the review process is running slightly behind schedule. We appreciate your patience and hope to issue notifications February 25, 2016. For questions regarding your submission, please contact the Program Chair at first-2016chair@first.org.

FIRST has formed the Red Teaming SIG. Interested participants who are part of an existing Red Team or in the process of forming one should send a request to be added to the mail list to first-sec@first.org

Com a proliferação de objetos conectados à nuvem, de lâmpadas a automóveis, esperada para os próximos anos, especialistas de cibersegurança alertam para o aumento significativo de riscos à privacidade e segurança dos consumidores

The 2015 Fellowship Program participants at the Annual FIRST Conference in Berlin, Germany, meeting with Fellowship program coordinator Adli Wahid, outgoing Chairman Maarten Van Horenbeeck and incoming Chair Margrete Raaum, as well as Directors Mike Murray and Gaus Rajnovic.

FIRST, the Forum of Incident Response and Security Teams, has paired up with 4SICS, the premium summit in Northern Europe for security in SCADA, SMARTGRID, and INDUSTRIAL CONTROL SYSTEMS. The second annual international summit takes place in October 2015 (20-22) in Stockholm, Sweden, with a series of high-level presentations and tutorials delivered by international experts in the field of cyber security in SCADA and Industrial Control Systems.

The Vulnerability Coordination SIG has been established to improve the way in which the increasingly multi-faceted and multi-stakeholder challenge of vulnerability information coordination is met, and to develop a common and consistent methodology for how coordination becomes more effective.

CircleID — This article in CircleID covered how the Internet Society and the Internet Architecture Board developed and hosted a one-day “Coordinating Attack Response at Internet Scale (CARIS) Workshop” at the FIRST Conference in Berlin, June 19th of 2015.

FIRST is thrilled to announce the return of General Dynamics Fidelis Cybersecurity Solutions as a Gold Sponsor for 2015. The organization has been proudly supporting the annual FIRST conference and community since 2011. We look forward to having their team with us in Berlin.

Another successful AfricaCERT meeting draws to an end, training provided by both JPCERT/CC and FIRST (TRANSITS). We would like to congratulate everyone including the trainers, local host and the AfricaCERT on another successful event and a job well done!

FIRST would like to welcome two new sponsors to the 2014 Sponsorship Team: Lookingglass (www.lgscout.com) and CyberSponse (www.cybersponse.com). Both organizations are joining us at the Gold level and will be exhibiting during conference week.

FIRST would like to welcome back Adobe to the FIRST 2014 Sponsorship Team. Adobe has been a sponsor of FIRST since 2010 Miami. New to the team for 2014 is Co3 Systems with a Banquet sponsorship. This is their first time sponsoring at the annual conference.

There will be a Train-the-Trainers program in Boston, on Sunday 22 June from 10-4:30pm for any member interested in being trained as a TRANSITS instructor and improving their presentation skills. The course will be taught by Don Stikvoort and interested participants should contact the FIRST Secretariat at first-sec@first.org

FIRST welcomes back two organization to the 2014 Sponsorship Team. CIRCL (Computer Incident Response Center Luxembourg) has been sponsoring the FIRST conference since 2012 and returns to the 2014 team as a supporting sponsor. General Dynamics Fidelis will also be joining us in Boston at the Gold Sponsor level. General Dynamics Fidelis has been a sponsor of the annual conference since 2011. We give great thanks to both organizations for their continued support of the annual conference and of FIRST’s mission.

FIRST would like to welcome back and thank SAP for their continued support of the annual conference. SAP has been sponsoring the annual FIRST conference since 2011 and returns to the 2014 Sponsorship Team as a supporting sponsor. FIRST would also like to give thanks to first time exhibitor, BrandProtect for their support of the upcoming 2014 conference.

Together with Jean Robert Hountomey of the AfricaCERT, FIRST organized a 2-day TRANSITS training in Cote d'Ivoire November 24th and 25th, colocated with the AfriNIC meeting and the JPCERT training.

  • Grupo de Respuesta a Emergencias Cibernéticas de Colombia (colCERT), Colombia
  • Security Operations Center - Cyber Operations Command Joint (SOC-CCOC), Colombia
  • Box Incident Response Team (Box IRT), US
  • Mandiant, US
  • CARICERT, Curaçao
  • Swedish Armed Forces CERT (FM CERT), Sweden

Chris Gibson, the former Chair of the Forum of Incident Response and Security Teams (FIRST) – the recognized global leader in computer incident response – has been appointed Director of the UK’s newly established Computer Emergency Response Team (CERT-UK).

The 2014 Call for Speakers is open for the 26th Annual FIRST Conference: Back to the ‘root’ of Incident Response. More information regarding presentation qualifications can be found at the above link. Submissions are due by December 23, 2014.

FIRST welcomes back Microsoft to the 2014 conference sponsorship team! Microsoft has been a strong supporter of FIRST and a sponsor since 2005.

FIRST would like to welcome NBC Universal as the 26th Annual FIRST Conference Local Host. Led by Mike Higgins, CISO at NBC Universal, this marks NBC’s first time sponsoring the annual FIRST conference. We look forward to working with another excellent local host!

FIRST announces the launch of the FIRST Fellowship Program, which will enable information security incident response teams from the world’s least developed countries (LDCs) to become part of the global incident response community.

CIO Asia — Derek Manky, in a guest post on CIO Asia, describes how FIRST is one of the best examples of an international body that encourages information sharing between public and private sector.

The Metrics SIG will be hosting a webinar "Developing Indicators with Computer Security Incident Response Teams (CSIRTs)" on:
Tuesday, 26 February from 15:00-16:00 UTC / 10:00-11:00 Eastern

This webinar will be presented by Christian Reimsbach-Kounatze, Internet Economist / Policy Analyst - Directorate for Science, Technology and Industry; Information and Communications Policy

This webinar is for FIRST Members only and invited guests – and you must register in advance at https://registration.first.org/registration/2013/mswebinarfeb

Registration is now open for the Amsterdam TC on 2-3 April. Please visit program page for more details on how to submit a paper for presentation or to register. This event is sponsored by Cisco.

Register today for the Lisbon TC co-hosted with TF-CSIRT! 28-31st January at LNEC in Lisbon, Portugal. See program page for details.

Registration is now open and early bird rates in effect until 1 April. Join FIRST for our 25th Annual Conference. Sponsorship opportunities are still available.

The Malta Information Technology Agency (MITA) has been selected to host one of the largest information security conferences for 2012. This year, the Forum of Incident Response and Security Teams (FIRST) has chosen Malta for its 24th Annual Conference, which will be held between the 17th and 22nd of June 2012.

The Forum of Incident Response and Security Teams (FIRST) is holding its 24th Annual Conference this June (17th – 22nd) on one of the most fortified islands in the Mediterranean, Malta. Reflecting FIRST’s mission for global cooperation, the five-day conference will bring together leading experts and security professionals from around the world to share best practice and the latest thinking on this year’s theme; Security is not an island.