FIRST Impressions Podcast has been selected as one of the Top 10 Incident Response Podcasts on the web.
The FIRST Impressions podcast brings you regularly scheduled content focused on discussions from across the incident response and security spectrum. Hosted by Chris John Riley and Martin McKeay, new episodes released first Friday of the month!
Message from the Chair; Conference Roundup; Special Interest Groups; Weekend Training; Training on DNS Prevention, Detection, Disruption and Defense; Diversity and Inclusion; New Board Member Introduction; M3AAWG 58 Meeting; 36th Annual FIRST Conference to take place June 9-14, 2024 in Fukuoka, Japan; New Members; Standards; Communications; Upcoming Events.
The latest tool will be critical to properly assess and prioritize dealing with vulnerabilities and prepare defences against cyber-attacks.
Critical CVSS 4.0 will also allow consumers to assess real-time threats.
FIRST’s AGM took place during the 35th Annual Conference in Montréal, Canada at the start of June 2023. Senior cybersecurity expert Tracy Bills, CERT/CC was elected to lead FIRST’s Board of Directors with the organization’s leadership team further strengthened with the appointment of Carlos Alvarez from ICANN to the Board.
At FIRST, we believe that diversity is essential to achieving our missions of global cooperation and shared language. We embrace diversity in all its forms, reflecting the global and diverse membership of FIRST.
SIG updates: Human Factors in Security (HFS-SIG), EPSS SIG, SecLounge SIG; Remembering Andrew Cormack - by Serge Droz; Profile Deactivation on FIRST Portal; Board in Tokyo; Team Profiling - RWANDA NATIONAL CSIRT; Suguru Yamaguchi Fellowship Program; and New Teams.
People have become the main driver for breaches but the human factors remain insufficiently addressed in the IT security sector. We are working on changing that.
The DNS Abuse SIG is very pleased to announce the publication of the DNS Abuse Techniques Matrix, the work of many months and a great number of people from various parts of the security and DNS worlds.
The Forum of Incident Response and Security Teams (FIRST) plans to hold its 35th Annual Conference with the theme ‘Empowering Communities,’ in Montreal, Quebec, Canada, from June 4 to 9, 2023. This six-day event brings the incident prevention community together with cyber security experts to foster information sharing, cooperation, and coordination. Typically, over 1,000 people from around the world attend.
"Long time no see!” was the most popular phrase at the TF-CSIRT – FIRST Regional Symposium in Bilbao, Spain. And it has been a long time indeed – last time we met all together was in Malaga in 2020. We had some virtual events in the meantime, but it was certainly nice to see old faces and meet new colleagues in real life. The first joint post-pandemic event took place from 30th of January to 2nd of February, kindly hosted by the Basque Cybersecurity Centre.
Upcoming Events - Bilbao, Kigali, Amsterdam; TF-CSIRT Meeting & 2023 FIRST Regional Symposium Europe; 2023 FIRST & AfricaCERT Symposium: Africa and Arab Regions; Date for your Diaries - Amsterdam 2023 FIRST Technical Colloquium, April 17-19; Chair Sherif Hashem and Board Member Michael Hausding participate in the FIRST & ITU-ARCC Regional Symposium for Africa and Arab Regions; First 100 days on the FIRST board; Are you interested in becoming a future board member?; Be a FIRST trainer! David Rüfenacht, Senior Threat Intelligence Analyst, provides a first-hand account; Special Interest Groups Update; Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG) and Forum of Incident Response and Security Teams (FIRST) Join Forces to Address Global Internet and Security Issues; Twenty More Members Join FIRST;
The Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG) and Forum of Incident Response and Security Teams (FIRST) announced today they will work together to combat growing Internet abuse and cybersecurity issues.
In September, ICANN invited me to talk about DNS Abuse at the ICANN75 AGM in Kuala Lumpur, Malaysia. It was a great success! My presentation ‘The Challenge of Defining DNS Abuse’ was well received, and many attending industry specialists asked good questions, especially about FIRST's work. I made many valuable connections, including people from ICANN, the DNS Abuse Institute, registries, registrars, CERTs, commercial companies, government organizations, and many more.
Traffic Light Protocol Version 2.0 is Now Available; FIRST delivers training in Uganda, and the Western Balkans; Peter Lowe speaks about DNS Abuse at ICANN75 AGM in Kuala Lumpur; FIRST Chair Sherif Hashem participates in the Cyber Diplomacy and Norms panel at The Second Community of African Cyber Experts; The World Opens - FIRST Events Round Up; Special Interest Groups Update and New NETSEC SIG Formed; The Board meets in Davos; Board of Directors Organization and Roles for 2022/23; Twenty new members join FIRST
The European Union Agency for Cybersecurity is dedicated to achieving a high common level of cybersecurity across Europe.
For more than 15 years, ENISA has played a key role in enabling digital trust and security across Europe, together with its stakeholders including the Member States and EU bodies and agencies.
The Forum of Incident Response and Security Team (FIRST) has updated the globally renowned Traffic Light Protocol (TLP) for the cybersecurity industry - a vital system used by organizations all around the world to share sensitive information. The new version of the TLP results from a thorough consultation with over 50 security industry experts over three years with the goals to standardize, unify and modernize the content and language and provide improved supporting materials.
With the recent release of the 2022 Unit 42 Ransomware Threat Report, we thought it would be a good time to take a quick look at ransomware activity that we’ve seen so far in 2022.
Annual FIRST Conference in Dublin, the Republic of Ireland, is a triumph; Dr. Sherif Hashem is the new Chair of FIRST, and four new members join
the FIRST Board of Directors; Four new additions to the FIRST Board of Directors; The FIRST 2021-22 Annual Report is now available; FIRST adds a New Director of Community and Capacity Building to the team; 34 new members join FIRST;
Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization.
Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation.
Read on to learn what lightweight security automation means, how it compares to SOAR and why SOARs alone won’t help you stay ahead of today’s security threats.
Last week FIRST learned that it is among a large group of organizations that were rejected from participating in the Open ended Working Group (OEWG) process, despite the groups expressed commitment to work with non-governmental organizations.
A new Chair and four new cyber security experts joined the Forum of Incident Response and Security Team (FIRST) Board of Directors during the recent AGM to serve the 2022-24 term. Current board member Dr. Sherif Hashem was voted in as the new chair and brings extensive knowledge, experience, and international relations to the role.
I want the needle, and the haystack to go along with it. Attackers take advantage of siloed data and security tools to exploit systems using misconfigurations and move laterally. This lateral movement across different attack surfaces has attackers flowing between the control plane and data plane of your environment to escalate privileges and seek out targeted access.
Over the past five days, 1,000 specialists representing six continents united in the cyber-crime fight at the Forum of Incident Response and Security Teams (FIRST) conference in Dublin, Ireland
From how Ukraine is dealing with cyber attacks against its critical infrastructure, to the rapidly growing access to online child sexual abuse material and the sophisticated approaches to ransomware, phishing, and online fraud as well discussing cooperation with the United Nations and with INTERPOL and law enforcement– no stone was left unturned for delegates working together to protect societies world-wide
Over 1,000 specialists representing six continents to participate in the Forum of Incident Response and Security Teams (FIRST) five-day program in Ireland
Google’s Maddie Stone addresses the 0-day cyber-attack in-the-wild and how combating the unknown can help future online defense
DNS Abuse is a pretty widely used term. On the surface, it might seem like a simple term that's easily understood. But when you look more closely, the definition depends on your perception of the issue—and can be defined both broadly, or more narrowly.
I had the absolute pleasure of participating in and attending the recent FIRST Technical Colloquium at the W Hotel in Amsterdam, Netherlands, April 12–14. It was great to see nearly 100 people attend and over 50 people participating in training at this long-awaited in-person event. The program featured 17 speakers and two on-site trainers who held several popular workshops.
New Director of IT & Security role to bolster FIRST’s Business Plan; Upcoming Technical Colloquia, Symposiums, and Annual Conference; Last chance to nominate individuals or teams for the Incident Response Hall of Fame; FIRST contributes to important global policy and governance discussions; Mentors sought for new FIRST Mentorship Program; Eleven more member teams join FIRST; FIRST Infrastructure Updates - New Application Process
The Board of Directors strongly believes that FIRST should be an inclusive organization with broad global participation and collaboration to make the internet safe for everyone.
Three new Special Interest Groups created by FIRST members; FIRST partcipates in several important UN actvites; 19 events organized in 2021 - registraton opens for FIRST Annual Conference in 2022; Twelve more member teams join FIRST
Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of security bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Security argues.
Every incident response team globally is facing a serious increase of workload. As attackers scan and penetrate networks via automation, so must defenders look
at automation.
Last month, I was honored to be one of the planners and participants of the FIRST Technical Colloquium (TC) in Norway. Organized by FIRST members, the event was held just outside of Oslo at the Telenor Expo, Telenor headquarters in Fornebu.
Norwegian members of FIRST to host a technical colloquium in Oslo in November; More FIRST events to add to your calendar; The FIRST Board of Directors meets across two continents to build our two-year business plan; Empowering Women in Cybersecurity: ITU, FIRST, and EQUALS Global Mentorship Pilot Program concludes; 16 more member teams join FIRST;
Did you miss our Virtual 33rd FIRST Annual Conference?; ICASI integrates into FIRST PSIRT SIG, bolstering the incident response and security team industry; FIRST Welcomes a new Chair and Five New Board of Directors; FIRST publishes its fifth Annual Reportt; A new fellowship team joins FIRST - Malawi CERT; Jeffrey Carpenter and Dan Kaminsky newly inducted into FIRST’s Incident Response Hall of Fame; FIRST membership continues to grow - we’re now at 575 members from 98 countries.
FIRST published its fifth Annual Report which covers the organization’s accomplishments towards its vision of bringing together incident response and security teams from every country across the world to ensure a safe internet for all. The report is available at FIRST Annual Report 2020-2021.
ICASI – the Industry Consortium for Advancement of Security on the Internet was officially integrated into the Forum of Incident Response and Security Teams (FIRST) on May 28, 2021. Established in 2008, ICASI’s purpose was to strengthen the global security landscape by driving excellence and innovation in security response practices; facilitating collaboration among members to analyze, mitigate, and resolve multi-stakeholder, global security challenges. This role will continue but as part of the existing FIRST PSIRT SIG, expand and improve the community’s ability to respond to vulnerabilities across multiple vendors. Founded in 1990, FIRST is the global leader in incident response.
33rd FIRST Annual Conference: Crossing Uncertain Times; Mark your calendars: FIRST reveals 2021 events calendar; FIRST welcomes its 97th country and member 562: Benin bjCSIRT; FIRST, ITU and Equals launches Women in Cyber Mentorship Program for Arab and Africa Regions; Get your nominations in for the third edition of The Incident Response Hall of Fame; New Podcast - FIRST Impressions - is launched!
This evolving and brutally effective threat can have a significant impact on an organization’s resources, finances, and reputation, but it can be stopped
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.
Over 2500 Cybersecurity Professionals Participate In 32nd FIRST Annual Conference - Where Defenders Share. 2021 33rd Annual Conference Theme And Call For Papers. 2020 FIRST Virtual Symposium For Africa And The Arab Region - Supporting The Effectiveness Of Incident Response Within Africa. Ian Cook And Don Stikvoort Receive Joint Honors In The Incident Response Hall Of Fame Awards. New Code Of Ethics Launched On Global Ethics Day. FIRST Partners With Itu And Equals Global Partnership To Empower Women In Cybersecurity. FIRST To Contribute To Itu National Cybersecurity Strategy Guide. Mou Signed Between First And Ocf To Advance Membership Of Incident Responders And Security Teams Across The Globe. Reminder - 2021 First Membership Renewal.
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.
Last weekend we issued a ransomware alert about a wave of attacks using a never-seen-before strain dubbed ‘Pay2Key.’ Our investigation suggested the ransomware operators were mostly targeting Israeli companies. The ransomware used in the attacks spread rapidly across victims’ networks, leaving significant parts of the network encrypted along with a ransom note, threatening to leak stolen corporate data unless the ransom is paid.
Los equipos de respuesta a incidentes de seguridad necieron tras el considerado primer gran ciberataque mundial, provocado por el 'virus Moris', en 1988.
October 21, 2020 – following a global consultation, the Forum of Incident Response and
Security Teams (FIRST) is launching new ethics guidelines for incident response and security
teams today on Global Ethics Day. ethicsfIRST provides guidance for cybersecurity
professionals on how to conduct themselves professionally and ethically during incidents.
Inspired by Earth Day, Global Ethics Day provides an opportunity for organizations to explore
the meaning of ethics in international affairs
2020-2022 Board Announced. Welcoming a new board member – Shawn Richardson. FIRST reveals its new Vision and Mission. FIRST 32nd Annual Conference – Virtual Edition. Tips on how to publish your ideas in peer-reviewed journals. Code of Conduct – A Reminder. Infrastructure update. Have you read our new Annual Report yet?
July 27th, 2020 - The Forum of Incident Response and Security Teams (FIRST) is proud to publish its fourth Annual Report today. The report details the organization’s achievements towards building a mature global incident response community. It covers the period between the 2019 conference in Edinburgh, Scotland and July 2020. FIRST Annual Report 2019-2020
2020 Agm & Election. 2020 Conference update and impact of Covid-19. First 2020 CTI Symposium in Switzerland moved online. First to Review the Traffic Light Protocol standard to increase global adoption. First updates coordination principles for Multi-Party Vulnerability Coordination and Disclosure. First and Mitre Engenuity partner to expand The Global Understanding of Adversary Behaviors. More new partnerships forged to make the internet safe for everyone. Virtual site visits currently available for new applicants. Critical VPN vulnerabilities show the need for proactive risk scanning. ISO and standards update. New breach workshop materials available. A new initiative to build trust. First infrastructure update Portal & SSO.
FIRST suspended the requirement for a physical site visit for applying members until further notice. Sponsoring teams may conduct a virtual site visit.
Málaga Hosts the first European Symposium and Tf-Csirt Meeting for Global Security Experts. FIRST participates in the un’s Development of Cyber Norms. FIRST Technical Colloquium - Ljubljana, Slovenia. FIRST releases updated computer security incident response team (CSIRT) Services Framework – Version 2.1. SPECIAL RECOGNITIONS – Member Awarded Order Of Three Stars In Latvia. Raising awareness of FIRST. First Infrastructure Update - Member Portal & Identity Project. Annual Conference and Annual General Meeting update
Internet Hall Of Fame inducts the late Suguru Yamaguchi. FIRST launches Women In Cybersecurity Initiative. FIRST Metrics SIG Webinar series re-launched. FIRST Infrastructure Update. “Insure” you participate in this call. A warm welcome to our 500th member - Versia. Improving Security Together.
October 9th, 2019 – As the year draws to a close, it is time for businesses across all industries
and sectors to reflect and prepare for the upcoming new year. With this in mind, premier
organization and recognized global leader in incident response - Forum of Incident
Response and Security Teams (FIRST) has produced 11 vital steps that organizations
should take to improve their incident response strategy.
Is content king? Fisher argues data alone can lead us astray, instead, it is the story we should focus on. With a presentation loaded with artwork and visuals, Fisher hopes to teach statistic savvy security responders to see the bigger picture. What patterns appear when we take a step back? What narrative does the evidence summon? Question your answers and dive into this discussion with Chris and Martin.
Not EVERYONE who tweets from the toilet at 6 in the morning is a Narcissist.” In this episode, Chris and Martin dive into a discussion with data savvy Monica Whitty about how to spot and stop an insider threat. Unfortunately, most insider attacks we never see coming, but as Whitty explains, hindsight can be a tool. Realizing that not every perpetrator is evil or malicious, companies can begin to see the data for what it really is: people. Navigate psychological factors and learn to spot warning signs in this perceptive podcast!
September 18th, 2019 – At FIRST we strongly believe that in order to build a global cybersecurity incident response community, from which every company or user participating in the Internet can benefit, we should all work to limit the impact of sanctions or export regulations on incident responders. This includes being a forum where technology corporations such as Huawei, have the ability to participate the same as others.
No computers, no worries! After favorable feedback from the 2018 Conference, Chiyuki and her team returned this year with even more tabletop fun. Chris and Martin get the inside scoop on how a little friendly competition creates an international platform for learning. Without technology, red and blue teams ultimately work together to solve a handful of security scenarios in this Choose Your Own Adventure style exercise.
July 21st 2019 - The Forum of Incident Security Response Teams, Inc. (FIRST) is pleased to release the CSIRT Services Framework Version 2.0 (PDF). This version is heavily based on the lessons learned from our work on the PSIRT Services Framework and feedback received from practitioners. The volunteers contributing to took time to restructuring the previous versions to address recognized weaknesses. Because of this, we ask for feedback from all interested parties which will then become incorporated in the planned Version 2.1.
Join Chris John Riley and Martin McKeay live from annual FIRST conference in Edinburgh, Scotland as they interview Ken Munro. Ken is a partner and founder at Pen Test Partners, LLP and was the opening keynote for the 31st Annual FIRST Conference.
July 12th, 2019 - The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a common scoring system designed to provide open and universally standard severity ratings of software vulnerabilities for the security community. Used by organizations worldwide, version 3.1 documentation is now available on the FIRST website for members and non-members to reference.
Missing out on #FIRSTCON19 this week! No worries! Join the interview in progress. Martin chats with Lisa Bradley (Senior Manager, NVIDIA PSIRT) and Jessica Butler (Senior Application Developer, NVIDIA) about their presentation at FIRST 2019 happening Monday, June 17 from 16:45-17:45.
FIRST launched its FIRST Post, a quarterly newsletter with updates from the FIRST community. Learn more about our Edinburgh conference, our new Executive Director, Chris Gibson, and several key initiatives such as the Product Security Incident Response Team (PSIRT) framework and policy outreach.
Join the interview in progress! Desiree is a SOC Security Architect at Finanz Informatik. Desiree and Chris John Riley discuss her upcoming presentation that focuses on how to better integrate improvements into your security monitoring. Desiree presents at the 31st Annual FIRST Conference on Monday, June 17 at 12:45 in Fintry.
The Forum of Incident Response and Security Teams releases its third annual report, covering the scope of its activities from the 2018 conference in Kuala Lumpur, through its 2019 annual event in Edinburgh.
Join the interview in progress! Chris John Riley chats with Ralf Hund, CTO at VMRay and a supporter of the annual FIRST conference since 2016. Ralf shares his thoughts on the ongoing game of cat and mouse the industry is faced with when dealing with malware detection and the new protection technologies VMRay is working on in order to provide incident responders with faster and greater visibility to threats.
Join the interview in progress! The guys speak with presenters, Mike Murray (Senior Manager) and Robert Lelewski (Proactive Services Team Lead) of Secureworks. The duo are presenting on Thursday, June 20th from 11:00-12:00 and will be sharing their experiences and takeaways from conducting over hundreds of tabletops across various organizations. Get a primer of their upcoming session in this interview.
FIRST is pleased to announce the creation of two new Special Interest Groups: PSIRT and Cyber Insurance! The PSIRT SIG is developing learning materials to support the evolution of PSIRTs at all maturity levels, and the Cyber Insurance SIG is coordinating data sharing and providing a feedback mechanism between CERTs and Cyber Insurance organizations.
We’re kicking off the first episode of this year’s podcast with the man of the moment, Andrew Cormack, program chair of the 31st Annual FIRST Conference! Chris John Riley and Martin McKeay return as our podcast hosts once again and pick up where they left off almost a year ago during their last chat with Andrew. The guys touch on the program selection process, highlights of this year’s program, and what new things attendees will experience this year. Andrew is the Chief Regulatory Adviser at Jisc and a long time member and supporter of FIRST and the IR community.
April 28th 2019 - The Forum of Incident Security Response Teams, Inc. (FIRST) publishes a minor update to the CSIRT Services Framework, available as CSIRT Services Framework Version 1.1.1 (PDF)
The Forum of Incident Response and Security Teams (FIRST), which brings together incident responders from around the world, invested in the creation of a new training course “DDoS Mitigation Fundamentals”. Authored by Krassimir T. Tzvetanov, a recognized expert in the field, the training teaches incident responders to handle attacks and securing their organisations.
Hopefully what we’ve outlined as suggested services and functions a PSIRT could offer at the various stages of their development will be helpful and inspires your team to raise their game.
Are you mature, are you immature - what are you? Maturity Level 2 is about adapting the ad-hoc PSIRT strategies into full blown policies and processes.
To start you on your path to PSIRT goodness, you’ll want to read and digest the PSIRT Maturity Document created by your friendly global FIRST PSIRT representatives. And what’s a better place to start than at the beginning?
Check out these posts on the PSIRT Services Framework and PSIRT Operational and Maturity the week of 21 January 2019! A new blog will be posted Monday -Thursday and can be found here: https://first.org/blog/
