Message from the Chair

By Olivier Caleff

'FIRST 38th Annual Conference': YASC / Yet Another Successful Conference

The FIRST 38th Annual Conference reaffirmed its status as a flagship five-day event for the cybersecurity community, featuring up to 130 high-quality presentations.

Under the leadership of PC Chair Ms. Merike Kaeo, the FIRSTCON26 Program Committee delivered outstanding results, setting a high target for Mr. Martijn van der Heide, who will now chair the Program Committee to prepare for next year’s conference in Bangkok.

Click here to read more

AGM Update

The Annual General Meeting was held on June 15th 2026 during the annual conference in Denver, Colorado.

The results of the election were announced:

Serge Droz (Liaison, CH), Carlos Leonardo (CSIRT-RD, DO) and I (Olivier Caleff (Liaison, FR) were re-elected, Mona Elisabeth Østvang (mnemonic, NO) was re-elected after a year's absence and Logan Wilkins (Cisco) was newly elected to the Board of Directors for the term 2026-2028.

Michael Hausding (SWITCH-CERT, CH), Carlos Alvarez (ZeroFox, US), Tracy Bills (CERT/CC,US), Yukako Uchida (JPCERT/CC, JP) and Graciela Martinez Giordano, (LACNIC, UY) will continue their 2025-2027 terms.

Click here to read more

Member Spotlight

By Olivier Caleff

Art Manion and Jay Jacobs have been driving forces within the FIRST cybersecurity organization, particularly through their leadership in Special Interest Groups (SIGs) focused on vulnerability management.

Jay Jacobs serves as co-Chair of the EPSS SIG and Art Manion serves as Chair of both the Vulnerability Reporting and Data eXchange SIG (VRDX-SIG) and the Vulnerability Coordination SIG.

In recent years, their pivotal contributions to the Common Vulnerability Scoring System (CVSS) and Exploit Prediction Scoring System (EPSS) SIGs have provided the global community with essential frameworks for vulnerability assessment and prioritization. Beyond standards development, both have been instrumental in organizing and participating in the VULNCON conference, the premier event for vulnerability management professionals.

Click here to read more

Where FIRST Meets the Standards World

By Trey Darley

The Standards SIG is a monthly gathering where FIRSTies whose day jobs somehow touch standards development come to compare notes. It's a place to swap ideas, share war stories, and commiserate over the peculiar joys of consensus-building. We have regular participation from folks active at ISO, IETF, ETSI, NIST, ITU-T, OASIS, and beyond. Chaired by Brian DeWyngaert and Trey Darley, we meet the last Wednesday of each month, 16:00–17:00 Brussels time. We'll take a hiatus over the summer to freshen things up and reconvene with a kick-off call on 30 September. If any part of your work brushes against standards, you'd be very welcome. Come find your people.

Training, CCB, and CORE

By Klée Aiken, Hadyn Green & Velimir Radičević

FIRST is happy to announce the launch of a new capacity and trust building initiative in the Framework of the G7-ECOWAS Platform for Advancing Cybersecurity. Together with the German Federal Foreign the Economic Community of West African States (ECOWAS) and with Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH as implementing partner, FIRST will support regional cyber Confidence-Building Measure (CBMs). Initially a tool for cyber diplomats, CBMs have evolved to cover any efforts of countries, security agencies and incident responders to reduce the risks stemming from the (mis)use of ICT tools.

Click here to read more

When FIRSTCON26 Rode into Denver

By Grace Staley

Well, partner... what a week.

This June, 700 cybersecurity professionals saddled up in Denver, Colorado for the 38th Annual FIRST Conference (FIRSTCON26), proving once again that when the global incident response community gets together, great things happen.

The Mile High City became home to practitioners from around the world who gathered to share knowledge, strengthen trusted relationships, tackle today's toughest security challenges, and remind us all that collaboration is still the most powerful tool in cybersecurity.

Click here to read more

Peak Incident Response 2026

By Serge Droz

This year we held our first Swiss Technical Colloquium - Peak Incident Response - as part of the Geneva Cyber Week (GCW). So, why another TC? The GCW is an annual global platform to advance international cooperation and resilience in cyberspace. This sounds a bit like it could describe just about any FIRST event. But the GCW mostly caters to policy folks, diplomats, and members of civil society, including some of our trusted partners such as DCAF and the HD Centre.

Click here to read more

FIRSTCTI26 Recap: Threat Intel & Pretzels Sold Out!

By Grace Staley

Ten years ago, a group of cybersecurity professionals gathered in Munich with a simple but ambitious idea: create a trusted space where threat intelligence experts from different sectors could actually talk to each other, collaborate openly, and tackle emerging challenges together.

Click here to read more

VulnCon 2026 Recap: Sun, Strategy, and Security!

By Grace Staley

What happens when you gather hundreds of vulnerability management professionals in the Arizona sunshine for a week of collaboration, workshops, debates, and margaritas? VulnCon 2026: and this year's event was bigger, bolder, and more collaborative than ever.

Click here to read more

FIRST PR Highlights

By Jordan Mitchell & Summer Mitchell

Conference Coverage, Season 2 of "Improving Security Across Nations With FIRST,” Production Wrap, and Mid-Year Vulnerability Forecast
FIRST secured 107+ pieces of earned media coverage in Q2FY26 across notable publications including CSO, Dark Reading, Help Net Security, Infosecurity Magazine, and Security Boulevard. You can view the full CoverageBook of articles here.

Click here to read more

Sneak Peek: Women of FIRST Mentorship Program

Something exciting is on the horizon for the Women of FIRST community!

We're thrilled to announce that the Women of FIRST (WoF) Mentorship Program is currently in development. This unique initiative is designed to connect women working in cybersecurity with experienced professionals across the FIRST community through structured, meaningful mentorship.

Built for women, by women, and supported by women allies, the program aims to foster career growth, leadership development, and lasting professional connections in a supportive environment.

The program is planned as a 6–9-month mentorship experience for working professionals, with a pilot cohort launching in Q3 2026. As we shape this first-of-its-kind WoF initiative, we'd love to hear from you. If you're interested in participating as a mentor or mentee, please complete our interest survey by July 20.

Together, we're building more than a mentorship program; we're building a community that empowers, uplifts, and inspires women to thrive in cybersecurity

The initiative is being supported through FIRST CORE and its generous sponsors.

Time Security SIG: coordinating before the clock runs out

Most security properties quietly assume that systems share a correct, coherent sense of time. That assumption is now under pressure from two directions at once. Time sources can be manipulated or spoofed today, whether via NTP in transit or GNSS from the sky. A vast installed base of critical infrastructure still represents time as a fixed-width value that reaches the end of its range in 2038.

Click here to read more

The Metrics SIG

This quarter, the Metrics SIG released Metrics for the FIRST CSIRT Services Framework – Version 1.1, completing metrics for all five service areas of the Framework. The release also includes refinements to improve consistency, readability, and implementation guidance, providing organizations with practical resources to establish and mature their measurement programs.

Click here to read more

Malware Analysis SIG

The Malware Analysis SIG is continuously updating the Malware Analysis Framework. The last updates contain real life examples of malware analysis lab setups, the updated tools list and additions to the new version. The Framework has as well been updated with an appendix detailing how it can be applied in practice to dissect malware typically found in corporate environments.

Read more on our website.

Policy SIG

The Policy SIG has been focusing on the fast-moving intersection of artificial intelligence and cybersecurity.

Our recent policy brief highlights that AI should not be treated only as a frontier-model issue, but as a preview of capabilities that will quickly become broadly available. The brief also stresses that AI will disproportionately affect organizations below the security poverty line, including SMEs and underfunded critical services, while placing additional pressure on open source and other critical but under-resourced software ecosystems.

Going forward, the SIG encourages policy approaches that protect vulnerable organizations, consider the full range of actors in the cybersecurity ecosystem, and support meaningful long-term capacity building.

AI is not only a risk; it is also an opportunity to empower those with fewer resources, provided access to knowledge, tools, and expertise is broadly available.

Read more.

Threat Intel Coalition SIG

The Threat Intel Coalition SIG is back in action after an involuntary period of hibernation.

We have new leadership, with Cristiana Brafman-Kittner (Proofpoint) having been voted in as a new co-chair alongside Lennart Maschmeyer.

Going ahead, we plan to scale up our assistance for civil society and make it more sustainable by hiring dedicated staff. Currently the SIG is entirely volunteer-driven, which means activity comes in busts and booms depending on everyone’s ability to donate time.

To flatten the curve, we have applied for a grant from the Open Technology Foundation’s Internet Freedom Fund. If awarded, we will hire a case manager to handle day-to-day requests and assistance and an outreach manager to spread the word to civil society organizations in need.

We know civil society is under threat, especially in the global south. We also know that those organizations most in need of support usually have the least knowledge about cybersecurity and support out there.

Our outreach strategy aims to change that. Stay tuned for more information, and hopefully good news, soon!

FIRST ‌Security ‌Operations ‌Center (SOC) SIG Update

The goal of the FIRST Security Operations Center (SOC) Special Interest Group (SIG) is to strengthen Security Operations through collaboration, shared experiences, and practical guidance for the FIRST community.

FIRST has a long history of publishing useful standards, frameworks, and best practices for the global security community. Still, day-to-day SOC operations brings its own set of operational challenges, that’s why the SOC SIG was formed, to focus on the problems modern SOCs experience in practice. The SOC SIG focuses on resources that help organizations build, run, and grow an effective SOC, regardless of the organization’s size, sector, or mission.

Click here to read more

Insider Threat SIG: Building a stronger community to address an evolving threat landscape

Insider threats remain one of the most challenging areas of cybersecurity. Whether driven by malicious intent, negligence, compromised identities, or trusted third parties, insider-related incidents continue to grow in complexity as organizations become increasingly interconnected. Technical controls alone are no longer sufficient.

Effective insider threat programs require collaboration across security, human resources, legal, privacy, leadership, and operational teams, making this a uniquely multidisciplinary challenge.

Click here to read more

New Version of EPSS went live June 15th!

If you are relying on EPSS Scores, nothing (except some scores) will change. We will be swapping to an updated algorithm on the backend and new scores will be published in place of the previous algorithm's output. No change is required for any downstream consumers to get the updated scores!

Click here to read more

DNS Abuse SIG

The @firstdotorg DNS Abuse SIG has now released v1.3 of the DNS Abuse Techniques Matrix, after the last version published back in 2023. We've been working hard on consistency, clarity, and overall polish to create a foundation for further work, and I am SO proud to be part of this publication. It's awesome to see it being used more and more. It was weird (but so cool!) the first time I was chatting with an AI and it answered with a reference to our own work!

Download the latest version.

Click here to read more

Upcoming Events

2026 Mexico City Technical Colloquium

August 17-19, 2026
Mexico City, Mexico
#FIRSTMX26

Click here to read more

FIRST-APNIC Technical Colloquium

September 8-10, 2026
Mumbai, India
Hosted by APNIC

Click here to read more

2026 VulnOptiCON

September 23-25, 2026
Gare, Luxembourg

Click here to read more

Oslo 2026 FIRST TC: Cold Incident Response

October 13–15, 2026
Oslo, Norway
Hosted by Norwegian FIRST Members

Click here to read more

2026 FIRST Regional Symposium Latin America & Caribbean

October 21-22, 2026
Mendoza, Argentina

2026 FIRST Regional Symposium for Africa & Joint AfricaCERT Meeting

October 27-30, 2026
Nairobi, Kenya
#FIRSTAA26

2026 FIRST Regional Symposium for Asia Pacific & Joint APCERT AGM

November 5-6, 2026
Busan, Republic of Korea
Hosted by KrCERT/CC

Click here to read more

Amsterdam 2025 FIRST Technical Colloquium

March 2-4, 2027
Amsterdam, Netherlands
#FIRSTAMS2027

CVE | FIRST VulnCon 2027 & Annual CNA Summit

March 30 - April 2, 2027
Scottsdale, USA
#VULNCON27

39th Annual FIRST Conference

June 13 - 18, 2027
Bangkok, Thailand
#FIRSTCON27

Click here to read more