Incident Response Hall of Fame 2025 Recipient: Richard (Rich) D. Pethia, CERT/CC

"Do not go where the path may lead, go instead where there is no path and leave a trail." This quotation from Ralph Waldo Emerson embodies the qualities of Richard D. Pethia, avid fisherman and founding director of the CERT® Coordination Center (CERT/CC), now part of the CERT Division of the Carnegie Mellon University Software Engineering Institute (CMU SEI).

For three decades, Rich led CERT from its origins as the first Computer Security Incident Response Team (CSIRT) to a world-class organization dedicated to cyber research and response. Current CERT Director, former U.S. Government Chief Information Security Officer, and U.S. Air Force Brigadier General (Ret.) Greg Touhill stated it succinctly: “Countless people and organizations around the world, including myself, have benefited from Rich Pethia’s leadership, technical acumen, and strategic vision. He did not just create the world’s first CERT, he arguably launched the entire cyber incident response discipline. Few people have had such a profound positive effect on making the world a safer place.”

With an entrepreneurial spirit, Rich’s vision and passion enabled him to have the foresight to know that an international network of CSIRTs, each with their own unique environments, infrastructures, and constituencies, would be essential. CERT/CC became a founding member of the Forum of Incident Response and Security Teams (FIRST) in 1990 and hosted the first annual meetings. Rich invested resources for CERT to develop and deliver the first training courses and handbooks for CSIRTs, including the widely popular “Handbook for CSIRTs.” CERT assisted in the establishment or improvement of numerous CSIRTs including US-CERT (now part of the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA)), the original AusCERT, Q-CERT, NavCIRT, A-CERT, and AFCERT, among others.

Rich used his influence to expand CERT’s work in related technical areas such as cyber workforce development, cybersecurity center development, cybersecurity engineering, enterprise risk and resilience management, insider threat, reverse engineering for malware analysis, secure development, security vulnerabilities, and situational awareness. Many of these services and practices were shared with other CSIRTs as they were established and were institutionalized in the FIRST CSIRT Services Framework.

The innovations created under Rich’s vision throughout his tenure are many. Since the CERT/CC was chartered in 1988, CERT has built and supported national CSIRTs with tools and training to help managers, project leaders, CSIRT staff, and computer forensics professionals. CERT remains the sponsor of what is now the 20th annual technical meeting for CSIRTs with national responsibility. The meeting, restricted to technical and managerial staff members, provides a forum for National CSIRTs to share information, tools, techniques, and strategies that address problems unique to CSIRTs that are responsible for a nation or economy.

It is nearly impossible to fully document the reach that Rich Pethia has had in the incident response community. The number of downloads and views from SEI blogs, podcast series, software and tools, technical papers, the vulnerability notes database, and webcast series is now in the millions. CERT continues to hold its membership in FIRST in highest esteem, most recently supporting Tracy Bills, a senior cybersecurity operations researcher, as she served as the Chair of the FIRST Board of Directors. CERT has sponsored the annual NatCSIRT meeting for two decades. Through these contributions, Rich Pethia has advanced the field of cybersecurity incident response, establishing foundational principles that CSIRTs around the globe have used for decades.

Published on FIRST POST: Apr-Jun 2025