FIRST Impressions Podcast 2023

In this episode, the FIRST Podcasters interview FIRSTCON24 Program chair, Taki Uchiyama about the upcoming 36th Annual FIRST Conference to be held in Fukuoka, Japan, June 9-14, 2024. Under the theme of “Bridging Security Response Gaps”, Taki shares the importance of communication and collaboration within the security community and his hopes for the 2024 conference. This episode shares an inside look at the challenges of scheduling keynote speakers and the anticipation of a rich selection of presentations. Taki also shares tidbits about the rich cultural and historical attractions of Fukuoka city.

In this short episode, the FIRST Podcasters interview FIRSTCON24 Program chair, Taki Uchiyama. The 36th Annual FIRST Conference will be held in Fukuoka, Japan, June 9-14, 2024, under the theme: “Bridging Security Response Gaps”. Taki shares some of the topics he hopes to highlight next year including improving industry diversity and showcasing emerging security teams. Tune in for details on how to get involved in FIRSTCON24!

In this episode, the FIRST Podcasters interview FIRSTCON23 Keynote speaker, Lesley Carhart and discuss her session: “How Did We Get Here? The History and Future of Cyberattacks against Industrial Control Networks”. Lesley explains and explores the complicated history of Industrial incident response and just how cybersecurity affects physical systems.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Umair Bukhari and discuss his conference session: “Extra-Ordinary Vulnerability Coordination – A Method to the Madness”. Umair highlights Ericsson’s newly established PSIRT framework for Extra-Ordinary Vulnerability Coordination (EVC) and the necessary actions, work streams, and communication that must be put in place to efficiently handle such events. Umair shares thoughtful steps for others to adopt the model.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Dr. Eugene Spafford and his partner, Dr. Pattie Spafford. Together they discuss their recently published book, “Cybersecurity Myths and Misconceptions” co-authored by Leigh Metcalf, and Josiah Dykstra. They touch on the importance of communication and clear terminology that surpasses cultural barriers. Cybersecurity is people-centric and yet so much has been done by tech specialists without the end user in mind, the book proposes steps to clear language with metaphoric illustrations by Pattie.

In this episode, the FIRST Podcasters interview FIRSTCON23 Diamond Sponsor Rep, Vinay Bansal, the CTO of Cisco’s CSIRT. Vinay discusses Cisco’s long history with FIRST and its Special Interest Groups (SIGs) and shares details on Cisco’s new initiative for Attack Surface Management. This episode highlights the importance of information sharing and mentoring and how FIRST conferences have been a platform to create invaluable global relationships.

In this episode, the FIRST Podcasters interview FIRSTCON23 speakers, Kevin Hagopian and Emer O’Neill, and discuss their conference session: “Small But Mighty - The Crucial Role a PSIRT Plays in Customer Trust, Adoption and Renewal”. Kevin and Emer highlight the evolution of a PSIRT within a software company, and how to best adapt processes and policies to protect a company’s brand.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Koen van Hove, and preview his upcoming conference session: “SPooFd: How to Spoof Mails, Even with Full SPF and DMARC Protection”. Providing a brief history of the internet and email, Koen explains how email spoofing started and transformed. Koen spotlights big vendors and how they approach email security. In his talk, Koen will demonstrate how SPF and DMARC protections are bypassed and outline a path to better security.

In this episode, the FIRST Podcasters interview Jay Jacobs, who is a co-chair of the Exploit Prediction Scoring System Special Interest Group (EPSS SIG) and one of the founders of the Cyentia Institute. Evolving over the last year and a half, EPSS works to gather as much data as possible on vulnerabilities and look for indicators that something will be exploited in the future. Scores are updated daily with new evidences gained on potential exploitations. It is nearly impossible for companies to keep up with all their vulnerabilities, so prioritization is a must. Exploitation activity helps narrow down what’s important. The EPSS SIG is constantly updating and improving models to close gaps.

In this episode, the FIRST Podcasters interview Peter Lowe, co-chair of the DNS Abuse Special Interest Group (DNS SIG). SIG member turned chair, Peter was also appointed as FIRST’s DNS Abuse “Ambassador” and has been tasked with representing the Forum within the DNS space. Peter chats about how DNS has become a hot topic in the public consciousness. He also explains why the SIG is trying to better define DNS Abuse from the point of view of incident responders and security teams. The SIG is creating a model for DNS stakeholders which will classify the different kinds of DNS Abuse and lists who can help with mitigation, prevention, and detection. Peter also touches on the future goals of the SIG and how to become a member.

In this episode, the FIRST Podcasters interview James Chappell and Krassimir Tzvetanov, co-chairs of FIRST’s Cyber Threat Intelligence Special Interest Group (CTI SIG). Along with a third co-chair, Adrian Hendrik, this group focuses on creating best practices and CTI training materials. With the goal of education, the SIG focuses on creating a common body of Cyber Threat knowledge and terms. Filling the gaps with thoughtful curriculum and organizing presentations, the SIG hopes to be a guiding light in the often difficult to navigate Cyber Threat Intelligence landscape. Interested parties are encouraged to join these efforts by applying for SIG membership at: The SIG also manages a CTI news mailing list, to join simply send an email to cti-sig-news-subscribe [at]

In this episode, the FIRST Podcasters interview Désirée Sacher-Boldewin who joined the FIRST Board of Directors in June 2022. Désirée has also taken on the role of co-coordinator for FIRST’s Special Interest Groups (SIGs). The SIGs cover a variety of topics with efforts to create new standards, map existing protocols, and make best security practices accessible to all. In 2023, the FIRST Impressions Podcast will highlight several SIGs to spotlight their achievements and aspirations. In this episode, Désirée touches on FIRST’s infrastructure improvements and shares her excitement to have her new position to spearhead future endeavors.