FIRST is offering training courses on Sunday, 11 June. The morning session will be taught by Michael Hausding (SWITCH) and cover Beginners/Introductory level topics including CSIRT Fundamentals, Operations and Incident Coordination. The afternoon session will be presented by Krassimir Tzvetanov (Fastly) and is titled Mitigating DDoS Attacks.
There is no cost to attend – however, registering and not showing, may result in a cancellation of your conference participation. So please be sure to review the subject matter and notify us if there is a change in your anticipated attendance. Registration is now open.
On Sunday, FIRST will host an all-day Hackathon from 10:00-17:00 (Flamingo A). FIRST will provide a room where interested participants can work in smaller groups and have the ability to collaborate with other conference attendees toward a common goal. The event will be moderated and FIRST will provide the project topics and wireless internet access, in addition to refreshments, so participants can focus on the most important thing - finishing their project.
Please purpose projects or ideas you want to work on by 20th May 2017. We will announce the program by the end of May under www.first.org/hackathon. Please submit your ideas to first-hackathon@first.org.
Sunday, June 11th from 13:00-16:00 local time in San Juan
Don Stikvoort MSc (Open CSIRT Foundation, NL)
Don Stikvoort is a theoretical physicist who was one of Europe's Internet pioneers since 1988. Since 1992 he has been a member of FIRST in various capacities - right now he is Liaison Member, and the co-chair of the TLP SIG. Together with Klaus-Peter Kossakowski he started the European cooperation of CSIRTs in 1993 that later led to TF-CSIRT and the Trusted Introducer. Don leads his own company, specialising in security management and community building - but is also a certified master trainer and executive coach. His CSIRT specialty is the topic of governance and maturity - he is the lead author of the SIM3 maturity model. Don is the Chairman of the Board of the Open CSIRT Foundation, and regularly gives keynote talks, in which he challenges his audiences to think outside the box and assume full responsibility for their work, in the context of society and the humans that make up society.
The FIRST and the Open CSIRT Foundation offer you this 3 hour introduction into the topic of CSIRT maturity. With the growing importance of CSIRTs in the fabric of cyber security worldwide, there is an increasing need of assessing how "mature" a CSIRT is in order to support the improvement of that maturitu. This process needs to be sufficiently objective as to allow comparison and benchmarking, but also to serve as the basis for membership models, accreditations and certifications. Your trainer is one of the pioneers in the CSIRT community and also in the topic of maturity, and will first give you an overview of some common approaches in this area. Next, the SIM3 model will be explored - SIM3 being the most popular CSIRT maturity model available at the moment. Successful applications of SIM3 will be explored, and you will learn how to use it for self assessment. Finally, the topic of CSIRT service maturity will be introduced, being an area that is still very much in development.
Registration is limited to 20 participants.
Sunday, June 11th from 14:00-19:00 local time in San Juan (Tropical Ballroom)
Join us for an afternoon of fun challenges with an IR twist. We will provide the beat and the incident response scenarios where you can learn new skills and practice current ones against a set of simulated security incidents. Can you identify what caused the blues? What would you do differently? How can you architect multiple AWS services to prevent it from happening again? How do you automate the incident response? Take part in our jam to find out!
As the challenges develop, you will take the initial infrastructure, and challenge by challenge, improve it into a resilient and secure deployment. Use your knowledge of AWS services and information security to perform incident response in the cloud and forensic analysis to find out whodunit! We will have a number of experienced AWS experts in the room that will be available to discuss ideas, provide guidance and in general help your team get through any roadblocks that pop up. New to AWS? New to security? Come and join us! Our activities are structured to accommodate AWS users of all levels. We have AWS experts, plus guided exercises, that will ramp up your security knowledge. We will form team on the spot, provide 10 challenges to tackle. You score the points by solving and get some cool swag for all participants and a special prize for the winning team!
Bird of a Feather Sessions, activities primarily focus on meetings which take place at the conference based on the interest of a number of members. They are not necessarily intended to lead to year round work.
BoF sessions are scheduled to take place during before conference sessions begin (8:30-9:30am) or following the final session of the day. We will have an up-to-date-schedule and bulletin board near the registration desk onsite. Attendees are welcome to request a BoF in advance by emailing first-sec@first.org or by adding their own BoFs to the bulletin board onsite (rooms are assigned based on first come, first served – and room assignment space is limited. A Schedule of BoFs can be found here.
Get your PGP Key signed to increase trust!
Wednesday, June 14th from 10:45 to 11:15 (at Registration desk).
Thursday, June 15th(at AGM).
Alexander Jaeger (FIRST)
Why?
PGP is one of the foundations of the security community, and to rely on PGP there needs to be trust in the PGP keys. The trust is made by signatures and validation of identity. FIRST facilitates this community effort by hosting PGP Key signing events.
We will have at least two PGP Key signing events - listen to the opening remarks or a remark at registration desk for changes in regards time / date.
For those who haven’t participated in the past years it will go like to following:
Hint: Please do not upload your key an hour before the key signing, as I might be printing out the keyring a few hours earlier.
There is a good documentation about PGP Key signing parties: http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
How to become a better trainer and presenter!
Friday, June 16th from 10:45 to 17:45 (Salon Del Mar B). They will be a 2 hour break for closing remarks and lunch.
Don Stikvoort MSc (Open CSIRT Foundation, NL)
Don Stikvoort is a theoretical physicist who was one of Europe's Internet pioneers since 1988. Since 1992 he has been a member of FIRST in various capacities - right now he is Liaison Member, and the co-chair of the TLP SIG. Together with Klaus-Peter Kossakowski he started the European cooperation of CSIRTs in 1993 that later led to TF-CSIRT and the Trusted Introducer. Don leads his own company, specialising in security management and community building - but is also a certified master trainer and executive coach. His CSIRT specialty is the topic of governance and maturity - he is the lead author of the SIM3 maturity model. Don is the Chairman of the Board of the Open CSIRT Foundation, and regularly gives keynote talks, in which he challenges his audiences to think outside the box and assume full responsibility for their work, in the context of society and the humans that make up society.
This is the first part of a 3-part trainer training, brought to you by FIRST. The other 2 parts will be regularly organized as well in the near future, and will further help you improve your trainer skills by means of video training and more in depth teachings that reflect your specific needs in this area.
Space is limited (no fee to attend) and pre-registration is required.
12th Annual Technical Meeting for CSIRTs with National Responsibility
Is your organization responsible for protecting the security of nations, economies, and critical infrastructures? If so, attend NatCSIRT 2017 to discuss with your peers the unique challenges you face every day. You will drive discussions that focus on current issues, tools, and methods relevant to the National CSIRT community. This year’s meeting is co-located with the 29th Annual FIRST Conference in San Juan.
This meeting is by invitation only and more details can be found at http://www.cert.org/natcsirt/.