Rapidly approaching, the EU Cyber Resilience Act (CRA) is set to reshape how manufacturers develop, secure, and support digital products. In this episode of the First Impressions Podcast, Mars Cheng of TXOne Networks breaks down what the CRA means for organizations that want to sell products in the European market and why the regulation is being called one of the most significant cybersecurity compliance initiatives in years. Previewing his FIRSTCON26 talk, the discussion covers practical steps companies can take today, including stakeholder alignment, tabletop exercises, internal reporting processes, and compliance planning.
In this episode of First Impressions, Julie Agnes Sparks and Greg Foss of Datadog discuss the growing wave of SaaS-focused attacks, from credential theft and supply chain compromises to large-scale data exfiltration campaigns targeting platforms like Salesforce, GitHub, and other cloud services. They explore the visibility gaps that make these incidents difficult to detect, the challenges of monitoring non-human identities and API-driven access, and why many organizations are overlooking some of their most valuable security telemetry.
In this episode of the First Impressions Podcast, FIRSTCON26 Speakers, Cheng-Lin Yang and Lily Chen of CyCraft, explore a growing threats to LLM-assisted security workflows: poisoned artifacts designed to manipulate AI-generated analysis. They discuss how a single malicious document can attract an AI's attention, influence its reasoning, and ultimately alter the information presented to security teams. The conversation covers the evolution of prompt injection attacks, the challenges of defending modern language models, and more! Tune in to preview their FIRSTCON26 session.
In this episode of the First Impressions Podcast, we sit down with Vijay Sarvepalli and Christopher Cullen to unpack the chaotic reality of modern vulnerability coordination. From AI-generated bug reports and patching nightmares to insecure pickle files, Log4j flashbacks, and the race to secure open source software before attackers strike, the conversation dives deep into how security teams can “push left” and automate the path from vulnerability discovery to secure release. Equal parts technical insight, cautionary tale, and therapy session for anyone who survived Log4Shell, this episode explores why fixing vulnerabilities is still harder than finding them, and what the future of coordinated vulnerability disclosure might look like in an AI-driven world.
In the first episode of the 2026 season of the First Impressions Podcast, Mor Weinberger and Lior Kaplan preview their upcoming FIRST Conference session, “From Discovery to Fix: What 10,000 Open Source Projects Reveal About CVE Remediation.” The discussion explores why vulnerability remediation remains slow despite the growing speed of CVE discovery, especially as AI accelerates vulnerability research and exploit development. Drawing from research across thousands of open source projects, they examine the challenges of patch adoption, dependency management, and supply chain complexity. The episode also highlights practical ways organizations can reduce risk and improve remediation efforts ahead of FIRSTCON26 in Denver.
The FIRST Impressions Podcast returns for FIRSTCON26! This kick off episode brings Program Chair, Merike Kaeo, to the table to discuss the vision behind the 38th Annual FIRST Conference program and the goals and challenges faced. Centered around the theme “Peak Defense: Building Adaptive Systems for Modern Threats,” Merike shares how this year’s program was carefully designed to balance technical depth, operational strategy, incident response, and AI security topics while ensuring diverse perspectives and skill levels. The episode highlights the importance of community collaboration, knowledge sharing, and making cybersecurity capabilities more accessible for smaller and underserved organizations through automation, practical incident response planning, and stronger global cooperation.
