FIRST Impressions Podcast

In this FIRST Impressions podcast episode, we dive into the fascinating world of mobile network security with Umair Bukhari, Director and Head of Ericsson P-Cert. Umair shares insights on the evolution of telecom threat environments, from the early days of 1G to the cutting-edge advancements in 5G and beyond. In the interview, he highlights how these changes impact both users and network security, emphasizing the importance of secure, cloud-native technologies and zero-trust architecture. This episode is a must-listen for anyone interested in the future of telecom security and the ongoing battle between attackers and defenders in this critical field! Tune in to learn more.

Join us on the First Impressions podcast for an exclusive interview with Todd Beardsley from CISA, recorded live at the 36th annual FIRST Conference in Fukuoka, Japan. Todd delves into the Known Exploited Vulnerability (KEV) list, explaining its critical role in cybersecurity and how even years-old vulnerabilities continue to be exploited. Learn about the detective work involved in validating exploitations and the importance of public-private partnerships. Don't miss this insightful episode—tune in now to stay ahead of cyber threats!

In this special episode of the First Impressions podcast, recorded at the 36th annual FIRST Conference in Fukuoka, Japan, hosts interview Carson Zimmerman, a seasoned SOC expert. Zimmerman discusses his presentation, "14 Questions Are All You Need," which helps SOCs evaluate performance and address areas for improvement, emphasizing the importance of deep, insightful questions and the human element in security operations. He also highlights the challenges of aligning SOCs with compliance regimes and addresses the issue of burnout in the industry. Tune in to learn tips and tricks to SOC success!

In this episode of the First Impressions podcast, hosts Chris John Riley and Martin McKay interview Nitesh Surana and Jaromir Horejsi of Trend Micro to discuss their upcoming talk at the FIRST conference. Their session will explain how they discovered threat actors abusing GitHub's cloud-based development environment, Codespaces, to build and test infostealers. While Codespaces itself is secure, its features can be abused. In this episode, they recommend developers that use such services be aware of potential abuse tactics and share the goal of their FIRSTCON talk is to raise awareness and provide clarity on how cloud providers can improve incident response and quickly shut down reported abuse.

In this episode of the First Impressions podcast, hosts Chris John Riley and Martin McKay interview Satoshi Okada and Takuho Mitsunaga , researchers from Toyo University who will be speaking at FIRSTCON24. In the episode, they discuss artificial intelligence, specifically large language models (LLMs) like ChatGPT, and the importance of multi-stakeholder governance for safer AI development. Okada and Mitsunaga explain the pros and cons of LLMs and emphasize the need for governance. Tune in to learn more and be sure to attend their talk this June in Fukuoka!

Join the First Impressions Podcast hosts for a chat with FIRSTCON24 Diamond Sponsor representatives, Ko and Rick from LACERT! Explore LACERT's pioneering role in Japan's cybersecurity since 1995, including innovative tools like Falcon Nest, and their overall contributions to global cybersecurity standards. Don't miss the insights of this episode and learn more about the importance of international collaboration in incident response!

Join hosts Martin McKeay and Chris John Riley for the newest FIRST Impressions Podcast episode featuring FIRSTCON24 speakers, James Potter and Raja Jasper from Huntington National Bank. The pair discuss their upcoming conference talk and explore the challenges of remote work in cybersecurity. Tune in for expert insights on digital communication etiquette, global team collaboration, and the evolving landscape of cybersecurity in the age of remote work.

This First Impressions podcast features representatives from CyCraft, one of FIRSTCON24’s Diamond sponsors. Based in Taiwan, CyCraft utilizes cutting-edge AI and machine learning to tackle a myriad of security challenges, from threat hunting to identity analysis. Tune in to discover why CyCraft is passionate about community engagement and learn about the practical applications of machine learning in cybersecurity, including event triage and attack pattern recognition.

Join hosts Martin McKeay and Chris John Riley in this episode of the First Impressions podcast as they chat with Georgy Kucherin from Kaspersky's Global Research and Analysis team. Together they discuss combating sophisticated spyware targeting mobile devices like Pegasus and Operation Triangulation, highlighting the challenges in protecting our digital lives. Kucherin shares strategies for analyzing mobile threats and adapting to evolving tactics, preparing listeners for his talk at the upcoming FIRST Conference in Fukuoka, Japan. Tune in for insights into the frontline of cybersecurity!

Tune in to the latest episode of the First Impressions podcast, where hosts Martin McKeay and Chris John Riley sit down with Megan Sanford, VP Chief Product Security Officer at Schneider Electric Energy Management Division. As a keynote speaker at the 36th annual FIRST Conference in Fukuoka, Japan, Sanford shares insights into the world of product security. Discover why a secure development lifecycle and integrating security features into products are crucial for resilience. Sanford introduces ICS for ICS, a concept bridging emergency management with cyber incident response, urging listeners to adopt this framework for enhanced efficiency in handling cyber threats. Don't miss out on this insightful discussion that could shape the future of incident response.

In this episode, the FIRST Podcasters interview FIRSTCON24 Program chair, Taki Uchiyama about the upcoming 36th Annual FIRST Conference to be held in Fukuoka, Japan, June 9-14, 2024. Under the theme of “Bridging Security Response Gaps”, Taki shares the importance of communication and collaboration within the security community and his hopes for the 2024 conference. This episode shares an inside look at the challenges of scheduling keynote speakers and the anticipation of a rich selection of presentations. Taki also shares tidbits about the rich cultural and historical attractions of Fukuoka city.

In this short episode, the FIRST Podcasters interview FIRSTCON24 Program chair, Taki Uchiyama. The 36th Annual FIRST Conference will be held in Fukuoka, Japan, June 9-14, 2024, under the theme: “Bridging Security Response Gaps”. Taki shares some of the topics he hopes to highlight next year including improving industry diversity and showcasing emerging security teams. Tune in for details on how to get involved in FIRSTCON24!

In this episode, the FIRST Podcasters interview FIRSTCON23 Keynote speaker, Lesley Carhart and discuss her session: “How Did We Get Here? The History and Future of Cyberattacks against Industrial Control Networks”. Lesley explains and explores the complicated history of Industrial incident response and just how cybersecurity affects physical systems.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Umair Bukhari and discuss his conference session: “Extra-Ordinary Vulnerability Coordination – A Method to the Madness”. Umair highlights Ericsson’s newly established PSIRT framework for Extra-Ordinary Vulnerability Coordination (EVC) and the necessary actions, work streams, and communication that must be put in place to efficiently handle such events. Umair shares thoughtful steps for others to adopt the model.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Dr. Eugene Spafford and his partner, Dr. Pattie Spafford. Together they discuss their recently published book, “Cybersecurity Myths and Misconceptions” co-authored by Leigh Metcalf, and Josiah Dykstra. They touch on the importance of communication and clear terminology that surpasses cultural barriers. Cybersecurity is people-centric and yet so much has been done by tech specialists without the end user in mind, the book proposes steps to clear language with metaphoric illustrations by Pattie.

In this episode, the FIRST Podcasters interview FIRSTCON23 Diamond Sponsor Rep, Vinay Bansal, the CTO of Cisco’s CSIRT. Vinay discusses Cisco’s long history with FIRST and its Special Interest Groups (SIGs) and shares details on Cisco’s new initiative for Attack Surface Management. This episode highlights the importance of information sharing and mentoring and how FIRST conferences have been a platform to create invaluable global relationships.

In this episode, the FIRST Podcasters interview FIRSTCON23 speakers, Kevin Hagopian and Emer O’Neill, and discuss their conference session: “Small But Mighty - The Crucial Role a PSIRT Plays in Customer Trust, Adoption and Renewal”. Kevin and Emer highlight the evolution of a PSIRT within a software company, and how to best adapt processes and policies to protect a company’s brand.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Koen van Hove, and preview his upcoming conference session: “SPooFd: How to Spoof Mails, Even with Full SPF and DMARC Protection”. Providing a brief history of the internet and email, Koen explains how email spoofing started and transformed. Koen spotlights big vendors and how they approach email security. In his talk, Koen will demonstrate how SPF and DMARC protections are bypassed and outline a path to better security.

In this episode, the FIRST Podcasters interview Jay Jacobs, who is a co-chair of the Exploit Prediction Scoring System Special Interest Group (EPSS SIG) and one of the founders of the Cyentia Institute. Evolving over the last year and a half, EPSS works to gather as much data as possible on vulnerabilities and look for indicators that something will be exploited in the future. Scores are updated daily with new evidences gained on potential exploitations. It is nearly impossible for companies to keep up with all their vulnerabilities, so prioritization is a must. Exploitation activity helps narrow down what’s important. The EPSS SIG is constantly updating and improving models to close gaps.

In this episode, the FIRST Podcasters interview Peter Lowe, co-chair of the DNS Abuse Special Interest Group (DNS SIG). SIG member turned chair, Peter was also appointed as FIRST’s DNS Abuse “Ambassador” and has been tasked with representing the Forum within the DNS space. Peter chats about how DNS has become a hot topic in the public consciousness. He also explains why the SIG is trying to better define DNS Abuse from the point of view of incident responders and security teams. The SIG is creating a model for DNS stakeholders which will classify the different kinds of DNS Abuse and lists who can help with mitigation, prevention, and detection. Peter also touches on the future goals of the SIG and how to become a member.

In this episode, the FIRST Podcasters interview James Chappell and Krassimir Tzvetanov, co-chairs of FIRST’s Cyber Threat Intelligence Special Interest Group (CTI SIG). Along with a third co-chair, Adrian Hendrik, this group focuses on creating best practices and CTI training materials. With the goal of education, the SIG focuses on creating a common body of Cyber Threat knowledge and terms. Filling the gaps with thoughtful curriculum and organizing presentations, the SIG hopes to be a guiding light in the often difficult to navigate Cyber Threat Intelligence landscape. Interested parties are encouraged to join these efforts by applying for SIG membership at: https://www.first.org/global/sigs/cti/. The SIG also manages a CTI news mailing list, to join simply send an email to cti-sig-news-subscribe [at] first.org.

In this episode, the FIRST Podcasters interview Désirée Sacher-Boldewin who joined the FIRST Board of Directors in June 2022. Désirée has also taken on the role of co-coordinator for FIRST’s Special Interest Groups (SIGs). The SIGs cover a variety of topics with efforts to create new standards, map existing protocols, and make best security practices accessible to all. In 2023, the FIRST Impressions Podcast will highlight several SIGs to spotlight their achievements and aspirations. In this episode, Désirée touches on FIRST’s infrastructure improvements and shares her excitement to have her new position to spearhead future endeavors.

The FIRST Podcasters interview various team members of SentinelOne, a Diamond Sponsor of FIRSTCON22, which is a fully autonomous EDR solution for businesses and enables basic end point detection and response. The team shares insight into current investigations around the world as well as observable attacker patterns to stress the importance of taking a layered approach to security.

The FIRST Podcasters interview Maddie Stone of Google Project Zero on the current 2022 threat landscape and past Zero Day patterns. Maddie shares insight into how security professionals should work to make exploitations more difficult for attackers. With an evolving approach to Zero Days, we can create continuous solutions that treat patches as an opportunity to dive deeper.

In this episode, the FIRST Podcasters interview Rebecca Taylor of Secureworks on the importance and structuring of knowledge management. Rebecca provides valuable insight into the processes, frameworks, and templates that must be incorporated to create a roadmap of understanding and interconnected relationships. She stresses the value of feedback loops, work streams, and ongoing evolution.

In this episode, the FIRST Podcasters interview Crowdstike’s Senior Consultant, Emma Jones, on the importance of diversity. The umbrella term describes all sorts of efforts, from belonging to inclusion to equality and representation. Emma discusses how every day actions build in processes of trust and how thinking differently isn’t wrong; it’s imperative. How do we create a stage where everyone is qualified to speak? How do we make and share information in a way that is consumable to everyone? Tune in to find out.

In this episode, FIRST Podcasters interview FIRSTCON22 Speakers Raphaël Vinot and Quinn Norton on their tool Lookyloo. This open-source project was made to capture and record all the happenings on a website in real time. After a news website fell victim of malvertising, Raphaël and Quinn were called in to investigate. After a failed search for a tool to monitor the page, they created their own. Users of Lookyloo will have access to all the contents of a webpage mapped onto file tree as well as a created database of content and relationships to better help monitor and protect their sites.

In this heavy-hitting episode, FIRST Podcasters interview team Ukraine. The CERT-UA group share insights and revelations as they compare 2021 cyber incidents to 2022 and discuss attacker tactics. A large time frame of exploits came in early January, just as Ukrainians were receiving warnings of potential war. Sowing disorder, the disinformation campaign had a cyber component, as assailants attempted to convince the public that their government could not protect them or their data.

In this episode, FIRST Podcasters interview FIRSTCON22 Speaker, Vishal Thakur, who is the Director of DFIR at Ankura Consulting. Together the group discusses how to live in the on-going “ransomware pandemic” and the importance of practicing good security hygiene. Tune in for tips on how to successfully communicate and streamline communication when attacked and how tabletop exercises can better prepare your team for the next one.

In this episode, FIRST Podcasters interview FIRSTCON22 Diamond Speaker and Sponsor, Ganesh Pai who is the Founder and CEO of Uptycs, a cloud-native security analytics platform. Ganesh reflects on the magic of past FIRSTCONs as he looks forward to Dublin. With the focus on people over tools, Ganesh marvels at the opportunity to watch new industry professionals grow and shares a deeper dive into Uptyc’s osquery.

The FIRST Podcasters interview FIRSTCON22 Speakers, Thomas Schmidt and Jens Wiesner, on the subject of their conference session: "Securing the Supply Chain Together - Through Automation of Advisories and Vulnerability Management". Working in separate departments of the German Federal Office for Information Security (BSI), Schmidt and Wiesner are experts at standardizing advisories. Get a taste of their conference presentation as Martin and Chris grill them on remediation measures, mitigations, and what Common Security Advisory Framework (CSAF) does as a solution.

The FIRST Podcasters interview FIRSTCON22 Speaker, Helen Patton, on the context of her conference session: "How to Talk to a Board so the Board will Talk Back". Helen explains how perspectives may differ between security practitioners in the weeds of vulnerabilities and an upper management’s big picture point of view. Get a taste of Helen's conference presentation as she discusses how to establish and maintain board relationships and explain the value of risk to non-experts.

In this episode, Naama Ben-Dov, a strategy merger and acquisition manager at Microsoft, discusses a developer’s journey and the importance of planning for the future. Together with the podcasters, she points out how what a customer may want is often in opposition to what they need and in turn, encourages difficult conversations. Tune in to hear how the human psyche drives innovation. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Iren Reznikov is a Cyber Investor based in Israel specializing in deep tech security startups. Together with the FIRST Impressions podcasters, she opens a dialogue into the lifecycle of acquisitions and how current political tensions may affect the cyber landscape.

Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Join the interview in progress! Chris, Martin, and Andy chat building teams, navigating within organizations, career change, and interpretive dance.

Andy Ellis is the Advisory CISO at Orca Security, where he helps companies embrace secure practices while leaping into the cloud era. He is a 2021 Inductee into the CSO Hall of Fame, an Operating Partner at YL Ventures, the CEO of leadership training company Duha, and was formerly a U.S. Air Force officer and the CSO at Akamai Technologies. You can find him on Twitter at @csoandy. Ellis has received The Spirit of Disneyland Award, The Wine Spectator's Award of Excellence, the Air Force Commendation Medal, and the CSO Compass Award.

Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Neil is Lead Architect in BBC Digital Distribution, focusing on website traffic management and supporting technologies. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Chances are, you know Ed. Ed Skoudis is founder of the SANS Institute’s Penetration Testing Curriculum and creator of SANS NetWars, CyberCity, and the Holiday Hack Challenge. Learn more about the upcoming SANS Holiday Hack Challenge at https://www.sans.org/mlp/holiday-hack-challenge/. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Chris catches up with Jen Ellis, VP of Community and Public Affairs at Rapid7 and talk ransomware. Recorded October 2021. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Amanda Berlin is the CEO of Mental Health Hackers - a not for profit organization dedicated to educate information security professionals about the unique mental health risks faced by those in the field. Recorded August 2021. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Kyle is a VP and Head of Security & IT at Copado. Kyle, Martin, and Chris talk security careers and share their own personal experiences. Recorded July 2021. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Chris Gibson chats all things FIRST and how the organization is and has approached change during the pandemic. Recorded February 2021. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Traci Wei, owner of CAPS, LLC and the meetings and conference director for FIRST, shares her experiences of transitioning events to virtual during the pandemic. Recorded November 2020. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Desiree Sacher is a Security Architect for a Security Operation Center in the financial industry. Eireann Leverett is a Senior Scientist at Airbus Operations, co-author of Solving Cyber Risk, and Founder of Concinnity Risks. He is co-chair of the Cyber Insurance SIG, and the EPSS SIG. Recorded in December 2020. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Serge is the chair of the board of directors of FIRST (Forum for Incident Response and Security Teams), the premier organisation of recognised global leaders in incident response. In this role he actively participates in discussion relating to cyber security at various policy bodies, in particular related to norm building. Episode recorded in December 2020. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.