Saturday, June 27
Train the Trainers (Open!)
Sunday, June 28th
Train the Trainers (Open!)
Registrations
Ice Breaker Reception
Monday, June 29th
Registration
Conference Opening
Breakout Sessions
LE SIG
Tuesday, June 30th
Registration
General Session
Breakout Sessions
NM SIG
Vendor SIG
Vendor Tables
Vendor Showcase
Pre-Annual General Meeting (AGM)
Registration — 3F Genji Waiting Room
Sunday, 14:00-18:00
Monday-Friday, 08:00-16:00
High Tech Experience Lounge — 3F Konjaku
Monday-Friday, 08:00-18:00
Breakfast — 3F Genji South
Monday-Friday, 07:30-08:45
Lunch — M, T, TH
3F Genji South and 5F Taketori
12:00-13:30
Lunch — W
3F Genji South
12:00-13:30
Lunch — F
3F Genji South & East
12:00-13:30
Wednesday, July 1st
Registration
General Session
Breakout Sessions
Vendor Tables
Conference Banquet
Thursday, July 2nd
Registration
General Session
Vendor Tables
Breakout Sessions
Friday, July 3rd
Registration
General Session
Vendor Tables
Breakout Sessions
Conference Closing
08:00-16:00 |
Registration — 3F Crystal Foyer |
08:45-10:30 |
Conference Opening — 3F Genji West & North
08:45-09:00 | Opening Remarks: Derrick Scholl, FIRST Chair, US
09:00-10:30 | Keynote: Suguru Yamaguchi , Information Security Management and Economic Crisis, JPCERT & Advisor on Information Security, National Information Security Center, Cabinet Office Japan
|
10:30-11:00 |
Networking Break — 3F Genji Waiting Room and 5F Taketori + Foyer |
11:00-12:00 |
Track I: Technical
3F Genji West & North |
Track II: Management
5F Kokin North |
Track III: Incident Response
5F Kokin Naka |
11:00-11:30 |
Attacker Illusions: Finding the Real "Who" and "Why"
Michael La Pilla 
iDefense-VeriSign, US
|
Architecting Systems of Systems for Response
Andrew McDermott 
Science Applications International Corporation (SAIC), US |
Anti-Phishing Working Group and the Internet Policy Committee
Jordi Aguilà 
e-la Caixa CSIRT, ES
Foy Shiver 
Anti-Phishing Working Group, US
|
11:30-12:00 |
Attacker Illusions: Finding the Real "Who" and "Why"
(continued)
|
Architecting Systems of Systems for Response (continued) |
Measuring the Root Cause of Incidents
Karen Scarfone 
National Institute of Standards and Technology (NIST), US
|
12:00-13:30 |
Lunch — 3F Genji South and 5F Taketori |
13:30-15:30 |
Track I — 3F Genji West & North |
Track II — 5F Kokin North |
Track III — 5F Kokin Naka |
13:30-14:00 |
Proprietary Data Leaks: Response and Recovery
Sherri Davidoff 
Davidoff Information Security
Consulting, LLC, US
Jonathan Ham 
Lake Missoula Group, US
|
Recapturing the Wheel—Media Perspectives on Crisis and Recovery
Frank Wintle 
PanMedia, UK |
Law Enforcement
Special Interest Group (LE SIG)
|
14:00-14:30 |
Proprietary Data Leaks: Response and Recovery
(continued) |
Recapturing the Wheel—Media Perspectives on Crisis and Recovery
(continued) |
LE SIG
|
14:30-15:00 |
The State of Phishing/Fraud and Efforts to Deliver Forensic Tools & Resources for ECrime Fighters
Foy Shiver 
Anti-Phishing Working Group, US |
Using Social Media in Incident Response
Martin McKeay 
The Network Security Blog, US |
LE SIG
|
15:00-15:30 |
The State of Phishing/Fraud and Efforts to Deliver Forensic Tools & Resources for ECrime Fighters
(continued) |
Public Relations & Incident Response Panel Discussion
Panelists:
Martin McKeay 
The Network Security Blog, US
Frank Wintle 
PanMedia, UK
|
LE SIG
|
15:30-16:00 |
Networking Break — 3F Genji Waiting Room and 5F Taketori + Foyer |
16:00-17:30 |
Track I — 3F Genji West & North |
Track II — 5F Kokin North |
Track III — 5F Kokin Naka |
16:00-16:30 |
Effective Software Vulnerability Discovery within a Time Constraint
|
Trouble Ahead: Cyber Security Policy Developments...or the lack thereof
Eli Jellenc 
iDefense-VeriSign,
US |
LE SIG
|
16:30-17:00 |
Effective Software Vulnerability Discovery within a Time Constraint
(continued) |
Emerging Threats and Attack Trends
Paul Oxman 
Cisco Systems, US |
LE SIG
|
17:00-17:30 |
What can FIRST do for you: a look at the available infrastructure options
Kenneth Van Wyk 
KRvW Associates, LLC |
Emerging Threats and Attack Trends
(continued) |
LE SIG
|
08:00-16:00 |
Registration — 3F Crystal Foyer |
08:45-10:30 |
General Session — 3F Genji West & North
08:45-09:00 | Opening Remarks: Derrick Scholl, FIRST Chair, US
09:00-10:30 | Keynote: Bruce Schneier , Reconceptualizing Security, Chief Security Technology Officer, BT, UK
|
10:30-11:00 |
Networking Break — 3F Genji Waiting Room and 5F Taketori + Foyer |
11:00-12:00 |
Track I: Technical
5F Kokin Naka |
Track II: Management
5F Kokin North |
Track III: Incident Response
3F Genji West & North |
11:00-11:30 |
Carol Overes 
GOVCERT.NL, NL
|
Missing Clues: How to Prevent Critical Gaps in Your Security Monitoring
Martin Nystrom
David Schwartzburg 
Cisco Systems, US |
Establishing Collaborative Response to Abuse of the Domain Name System
Greg Rattray 
ICANN, US
|
11:30-12:00 |
(continued) |
Missing Clues: How to Prevent Critical Gaps in Your Security Monitoring
(continued) |
Establishing Collaborative Response to Abuse of the Domain Name System
(continued) |
12:00-13:30 |
Lunch — 3F Genji South and 5F Taketori |
13:30-17:00 |
Vendor Special Interest Group (Vendor SIG) — 7F Houjou
Damir "Gaus" Rajnovic
Cisco Systems, UK |
13:30-15:30 |
Track I — 5F Kokin Naka |
Track II — 5F Kokin North |
Track III —3F Genji West & North |
13:30-14:00 |
(continued) |
The Next Generation of Incident Response
Gib Sorebo 
Science Applications International Corporation (SAIC), US
|
Comprehensive Response: A Bird's Eye View of Microsoft Critical Security Update MS08-067
|
14:00-1430 |
(continued) |
The Next Generation of Incident Response
(continued) |
Comprehensive Response: A Bird's Eye View of Microsoft Critical Security Update MS08-067
(continued) |
14:30-15:00 |
(continued) |
Deriving information from raw data: making business decisions with logs
Toby Weir-Jones 
BT, US |
Comprehensive Response: A Bird's Eye View of Microsoft Critical Security Update MS08-067
(continued) |
15:00-15:30 |
(continued) |
Deriving information from raw data: making business decisions with logs
(continued) |
Comprehensive Response: A Bird's Eye View of Microsoft Critical Security Update MS08-067
(continued) |
15:30-16:00 |
Networking Break - 3F Genji Waiting Room & Taketori + Foyer |
16:00-17:30 |
Track I — 5F Kokin Naka |
Track II — 5F Kokin North |
Track III — 3F Genji West & North |
16:00-16:30 |
(continued) |
|
INTERPOL Initiatives to Enhance Cyber Security
Vincent Danjean 
INTERPOL, FR |
16:30-17:00 |
(continued) |
Information Security's Third Wave
Eli Jellenc 
iDefense-VeriSign, US |
INTERPOL Initiatives to Enhance Cyber Security
(continued) |
17:00-19:30 |
Vendor Showcase - 3F Genji Waiting Room |
18:00-19:30 |
Pre-Annual General Meeting (AGM, Members Only) — 3F Genji West & North |
20:00-22:00 |
Metrics SIG
Georgia Killcrece
CERT/CC, US
|
08:00-16:00 |
Registration — Crystal Foyer |
08:00-18:00 |
Vendor Tables — 3F Genji Waiting Room |
08:45-10:30 |
General Session — 3F Genji West & North
08:45-09:00 | Opening Remarks: Derrick Scholl, FIRST Chair, US
09:00-10:00 | Keynote: Jose Nazario , Attacks Against the Cloud: Combating Denial-of-Service, Arbor Networks, US
10:00-10:30 | Keynote: Kurt Sauer , Information security one character at a time, Spinlock Technologies, JP |
10:30-11:00 |
Networking Break —3F Genji South & Taketori + Foyer |
11:00-12:00 |
Track I: Technical
5F Kokin North |
Track II: Management
3F Genji West & North |
Track III: Incident Response
5F Kokin Naka |
11:00-11:30 |
A Method for Detecting Wide-scale Network Anomalies
Minghua Wang 
CNCERT/CC, PRC |
Threat Response —doing the right thing first time!
Greg Day 
McAfee, UK |
Andreas Schuster 
Deutche Telekom AG, DE
|
11:30-12:00 |
Malicious Webpage Detection
Chia-Mei Chen 
TWCERT/CC
Sun Yat-Sen University, TW |
Threat Response —doing the right thing first time!
(continued) |
(continued)
|
12:00-13:30 |
Lunch — 3F Genji South |
13:30-15:30 |
Track I — 5F Kokin North |
Track II —3F Genji West & North |
Track III — 5F Kokin Naka |
13:30-14:00 |
Information Security Exchange Formats and Standards
Till Dörges 
PRESENSE Technologies GmbH, DE |
SCADA Security—Who Is Really In Control of Our Control Systems?
Peter Allor 
IBM, US |
(continued) |
14:00-14:30 |
How to handle Domain Hijacking Incidents
Dr. Mehdi Shajari 
Amirkabir University of Technology,
IR |
SCADA Security—Who Is Really In Control of Our Control Systems?
(continued) |
(continued) |
14:30-15:00 |
Mashup Security & Incident Response Considerations
Andrew McDermott 
Science Applications International Corporation (SAIC), US |
When Worlds Collide: Understanding Telco Fraud in a VoIP World
Scott McIntyre
KPN-CERT, NL |
(continued) |
15:00-15:30 |
Mashup Security & Incident Response Considerations
(continued) |
When Worlds Collide: Understanding Telco Fraud in a VoIP World
(continued) |
(continued) |
15:30-16:00 |
Meet the Candidates - 3F Crystal Foyer by the Membership Table |
15:30-16:00 |
Networking Break - 3F Genji Waiting Room & Taketori + Foyer |
16:00-17:30 |
Track I — 5F Kokin North |
Track II —3F Genji West & North |
Track III — 5F Kokin Naka |
16:00-16:30 |
Proactively Blacklisting Fast-Flux Domains and IP Addresses
Shahan Sudusinghe 
iDefense-VeriSign, US |
Incident Response and Voice for Voice Services
Lee Sutterfield 
SecureLogix, US |
Network Security Assistance to the Beijing Olympic Games
Bochao Liu 
CNCERT/CC, PRC
|
16:30-17:00 |
Proposal of MyJVN for Security Information Exchange Infrastructure
Masato Terada 
IPA, JP |
Incident Response and Voice for Voice Services
(continued) |
Creating an End-to-End Identity Management Architecture
Jeff Crume
IBM, US
|
17:00-17:30 |
Handling Incidents from Honeynet Data
Adli Wahid 
CyberSecurity Malaysia, MY |
VoIP Panel Discussion
Panelists:
Scott McIntyre 
KPN-CERT, NL
Kurt Sauer 
Spinlock Technologies, JP
Lee Sutterfield 
SecureLogix, US
|
Creating an End-to-End Identity Management Architecture
(continued) |
19:00-22:00 |
Conference Banquet — 3F Genji Ballroom |
08:00-1600 |
Registration — Crystal Foyer |
08:00-18:00 |
Vendor Tables — 3F Genji Waiting Room |
08:45-10:30 |
General Session — 3F Genji West & North
08:45-09:00 | Opening Remarks: Derrick Scholl, FIRST Chair, US
09:00-10:00 | Keynote: Takayuki Sasaki , The Great Hanshin-Awaji Earthquake, Director, Vice President and Executive Officer, Head of IT Headquarters, JR West, JP |
10:30-11:00 |
Networking Break —3F Genji Waiting Room & Taketori + Foyer |
11:00-12:00 |
Track I: Technical
5F Kokin Naka |
Track II: Management
3F Genji West & North |
Track III: Incident Response
5F Kokin North |
11:00-11:30 |
Greg Day 
McAfee, UK |
More of What Hackers Don't Want You to Know
Jeff Crume 
IBM, US |
To be or not to be—An Incident Recovery Case Study
Chunyan "Sherman" Xie 
National University of Singapore, SG |
11:30-12:00 |
(continued)
|
More of What Hackers Don't Want You to Know
(continued)
|
To be or not to be—An Incident Recovery Case Study
(continued) |
12:00-13:30 |
Lunch — 3F Genji South & 5F Taketori |
13:30-15:00 |
Track I — 5F Kokin Naka |
Track II — 3F Genji West & North |
Track III — 5F Kokin North |
13:30-14:00 |
Chinese Hacker Community and Culture, Underground Malware Industry
Wei Zhao 
KnownSec, PRC |
Closing the Gap between Policy Creation and Enforcement
Sven Bruelisauer 
Open Systems AG, CH |
The Threat of Banking Trojans: Detection Forensics and Response. (Insights from a Bank CSIRT)
Marc Vilanova 
e-la Caixa CSIRT, ES |
14:00-14:30 |
Chinese Hacker Community and Culture, Underground Malware Industry
(continued)
|
The Incident Response and the Law Enforcement
Yoshio Yamada 
National Police Agency of Japan, JP |
Analysis of the DDoS Attacks on Georgia & Estonia
Toomas Lepik 
CERT-EE, EE
David Tabatadze 
CERT-GE, GE |
14:30-15:00 |
Peter Allor 
IBM, US |
Contradictions in Current European Security Policy
Dr. Jan K. Koecher 
DFN-CERT Services GmbH |
CSIRT Modeling Architecture
Yoshida Takahiko 
NTT, JP |
15:15-18:30 |
Annual General Meeting (AGM, Members Only) — 3F Genji West & North
**Members must have a valid government issued photo ID in order to enter the AGM. No exceptions.**
|
08:00-16:00 |
Registration — Crystal Foyer |
08:00-14:00 |
Vendor Tables — 3F Genji Waiting Room |
08:45-10:30 |
General Session — 3F Genji West & North
08:45-09:00 | Opening Remarks: Derrick Scholl, FIRST Chair, US
09:00-10:30 | Keynote: Ray Stanton , Security and the Future Generation, Global Head, Business Continuity, Security and Governance Practice, BT, UK |
10:30-11:00 |
Networking Break —3F Genji Waiting Room & Kokin South |
11:00-12:00 |
Track I: Technical
5F Kokin North |
Track II: Management
3F Genji West & North |
Track III: Incident Response
5F Kokin Naka |
11:00-11:30 |
Update on Carrier Infrastructure Security Attacks
Jose Nazario
Arbor Networks, US |
Show Me The Evil--A Graphical Look at Online Crime
Dave Deitrich 
Team Cymru |
Peter Allor
IBM, US |
11:30-12:00 |
Update on Carrier Infrastructure Security Attacks
(continued) |
Show Me The Evil--A Graphical Look at Online Crime
(continued) |
Internet Analysis System (IAS) - Module of the German IT Early Warning System
Martin Bierwirth
Andre Vorbach 
Federal Office for Information Security (BSI, Germany)
|
12:00-13:30 |
Lunch — 3F Genji South & East |
13:30-14:30 |
Track I— 5F Kokin North |
Track II — 3F Genji West & North |
Track III — 5F Kokin Naka |
13:30-14:00 |
New Developments on Brazilian Phishing Malware
Jacomo Piccolini 
ESR/RNP, BR |
The Essential Role of the CSIRT in Secure Software Development
Kenneth Van Wyk 
KRvW Associates, LLC, US |
Anti-bot Countermeasures in Japan
Chris Horsley 
Takashi Manabe
JPCERT/CC |
14:00-14:30 |
New Developments on Brazilian Phishing Malware
(continued) |
The Essential Role of the CSIRT in Secure Software Development
(continued) |
|
14:30-15:00 |
Closing Remarks — 3F Genji West & North
Derrick Scholl, FIRST Chair, US |