FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.
The Forum of Incident Response and Security Teams (FIRST) is an international not-for-profit organization bringing together a variety of security and incident response teams. FIRST is comprised of over 550 member teams from over 95 countries representing government agencies, academia, commercial enterprises, and financial corporations.
The FIRST annual conference promotes worldwide coordination and cooperation among computer security and incident response teams (CSIRTs). The conference provides a forum for sharing goals, ideas, and information on how to improve computer security on a global scale.
The 32nd Annual FIRST Conference: Where Defenders Share, held November 16-18, 2020 saw over 2,500 online registrants from over 111 countries. The second virtual FIRST conference aims to be more thoughtful and engaging than the last!
The 33rd Annual FIRST Conference: Crossing Uncertain Times, will once again be presented virtually and will be held the week of June 6, 2021. Main programming will take place June 7-9 with pre and post social activities throughout the week. The conference program agenda is forthcoming, please keep this site bookmarked!
For queries, please contact events@first.org.
View Replays of Live Sessions, Pre-con Sessions, and Sponsor Sessions Now!
2020 Conference Video Highlights
Conference Q&A
Q. What are the specific dates, live time zone, and platform for online viewing?
A. Main session programming will run June 7-9 from 12:00-17:00 UTC daily. Pre and post social activities are planned throughout that week, beginning June 6.
Conference sessions will be live streamed via FIRST's YouTube channel and open to the public (member and non-member)—there will be no login credentials required for viewing or accessing the streams. Live streams will also be recorded and available for on-demand viewing within 24 hours of airing.
Q. Will there be workshops this year?
A. Yes, there will be four workshops scheduled starting June 17 through July 15. Workshops typically run anywhere between 1.5-4 hours in length. Detailed scheduling can be found here and registration can be completed here. There is no fee to attend the workshops. Some workshops may have a limited number of registration seats available. Registration is open to the public and is first-come, first-served.
Q. Do I need to register for access to the live streams on YouTube and is there a fee?
A. Registration is not required to view the live streams. There is no registration fee. URLs to the streams will be posted to the event website the day of and advertised via FIRST’s social media accounts. Alternatively, you can also bookmark or subscribe to FIRST's YouTube channel for a live stream notification.
Q. How do I participate in the conference social activities and do I need to register for access? Is this also free?
A. While registration is NOT required for viewing conference sessions streamed over YouTube, a free registration IS required to access daily conference networking activities hosted on the WorkAdventure 2D platform. WorkAdventure will provide participants the ability to navigate a virtual conference venue in a 2D simulation with live chat and camera features.
Access to WorkAdventure will be available to all registered delegates from June 6-9 (daily 24-hour access). The platform will be the exclusive host of all live networking activities, including the following:
- exhibitor hall
- conference social events including a booth crawl scavenger hunt
- attendee lounges
- impromptu meeting rooms
- speaker Q&A rooms
- capture the flag challenges
More information about WorkAdventure can be found here.
Q. Do I need to download or install software or plugins in order to use WorkAdventure?
A. There are no plugins or software to install in order to use WorkAdventure.
Q. What devices can I use to access WorkAdventure?
More information about WorkAdventure can be found here.
A. WorkAdventure is supported by most desktop browsers. Supported browsers include Google Chrome, Firefox, Safari, and Microsoft Edge.
WorkAdventure is not compatible with mobile browsers.
A camera and microphone are ideal, but not required to access and interact in the simulation. Access to FIRST's WorkAdventure space will be restricted to those registered.
WorkAdventure is GDPR and CCPA compliant.
More information about WorkAdventure can be found here.
Q. How and when will I receive my WorkAdventure access?
A. Access information will be provided via email one week prior to the event kick-off to all participants, sponsors, and speakers that have completed their online registration. This email will also include a sponsor live chat schedule and a PDF map for perusal.
More information about WorkAdventure can be found here.
Q. What language will the conference be presented in?
A. The conference will be presented in English.
Q. Will the conference sessions be translated into other languages?
A. YouTube offers free closed captioning to those in need of translation or captioning services. Keep in mind that translation accuracy is not guaranteed using YouTube's closed captioning service, but is a great option, nonetheless.
All content presented during the 33rd Annual FIRST Conference: Crossing Uncertain Times is TLP:WHITE
For more information on TLP, click here.
Program Committee
Natsuko Inui
FS-ISAC, JP
Chair
Natsuko Inui works with FS-ISAC colleagues in the AP region to foster the community in sharing, collaboration and engagement in the Asia Pacific region. Previous to FS-ISAC, she was an Analyst at Cyber Defense Institute involved in government research projects regarding incident response and cyber-exercises. She is also Vice Chair of the Nippon CSIRT Association, the CSIRT community of Japan.
Adli Wahid
APNIC, AU
Adli Wahid is a Senior Internet Security Specialist at the Asia Pacific Network Information Centre (APNIC). He's responsible for APNIC's security outreach activities which includes engagements with CERTs/CSIRTs, LEAs and network operators . Adli had also served as a member of the FIRST board from 2014 to 2019.
Andrew Cormack
Jisc, GB
Andrew has been a member of the FIRST community for more than 20 years. From 1999-2004 he was Head of CSIRT for the UK's National Research and Education Network; nowadays he looks at how technology and data can be used in ways that can support policy and regulatory objectives, including incident response. He writes in all formats from tweets to blogs and peer-reviewed papers. He is a frequent speaker at national and international conferences, and was programme chair for the Edinburgh conference in 2019.
Baiba Kaskina
CERT.LV, LV
Baiba Kaskina is the general manager of CERT.LV (Latvian National and governmental CSIRT) managing all activities including incident response, awareness raising and liaison with the constituencies. She has been leading CSIRT teams in Latvia since 2006 and used to work for GEANT / TERENA (the Netherlands) managing large scale projects including secretariat for TF-CSIRT. From 2014-2019 Baiba was the Chair of TF-CSIRT. Baiba has been involved in different CSIRT related projects including responsible disclosure related debates, CSIRT maturity definition, assistance to newly developed teams and legal aspects of CSIRT work. Baiba is also one of the TRANSITS training courses teachers and co-chair of the FIRST Membership Committee.
Carlos Friaças
RCTS CERT, PT
Carlos was born in Lisbon (Portugal), and graduated in Computer Science at the University of Lisbon in 1999. He was a Systems Engineer at University of Lisbon from 1996 to 2000 -- with a short spell at FCCN, working for the Portuguese Schools' Network Team and ccTLD .PT. Back to FCCN during 2000, he managed the Portuguese Internet Exchange (Gigapix) for 15 years, participating at Euro-IX (euro-ix.net), while also contributing to the Networking Team, responsible for AS1930's backbone. Over the years Carlos has delivered IPv6 courses (around Europe and Portuguese speaking countries in Africa) and also some talks at TERENA Networking Conferences and RIPE meetings. He is also a co-author of several policy proposals. Since late 2015 he moved into CyberSecurity, taking a leadership role at RCTS CERT, the Portuguese R&E Network's Computer Emergency Response Team. From 2016 to 2018 he was the Chairman of the Portuguese CSIRT Network's General Assembly (redecsirt.pt). He was also LinhaAlerta's manager between 2016 and 2018, and represented the portuguese Hotline at the INHOPE Association (inhope.org). He now usually attends FIRST, TF-CSIRT and RIPE meetings, mostly focusing on incident response and anti-abuse issues.
Celia Savidge
Dell/Product and Application Security, US
Chung Kuan Chen
CyCraft Technology, TW
Chung-Kuan Chen is currently a senior researcher in CyCraft, and responses for organizing research team. He earned his PHD degree of Computer Science and Engineering from National Chiao-Tung University (NCTU). His research focuses on cyber attack and defense, machine learning, software vulnerability, malware and program analysis. He tries to utilize machine learning to assist malware analysis and threat hunting, and build automatic attack and defense systems. He has published several academic journal and conference papers, and has involved in many large research projects from digital forensic, incident response to malware analysis. He also dedicates to security education. Founding of NCTU hacker research clubs, he trained students to participate world-class security contests, and has experience of participating DEFCON CTF (2016 in HITCON Team and 2018 as coach in BFS team). He organized BambooFox Team to join some bug bounty projects and discover some CVEs in COTS software and several vulnerabilities in campus websites. Besides, he has presented technical presentations in technique conferences, such as BlackHat, HITCON, HITB, RootCon, CodeBlue OpenTalk, FIRST and VXCON. As an active member in Taiwan security community, he is in the chairman of HITCON review committee, and ex-chief of CHROOT - the top private hacker group in Taiwan.
David Bianco
Target Corporation, US
David has more than 20 years of experience in the information security field, with a particular focus on incident detection and response. He is active in the DFIR and Threat Hunting community, speaking and writing on the subjects of incident detection, threat intelligence and threat hunting. He is the principal contributor to The ThreatHunting Project (http://ThreatHunting.net). You can follow him on Twitter as @DavidJBianco or subscribe to his blog, "Enterprise Detection & Response" (http://detect-respond.blogspot.com).
David Durvaux
European Commission, BE
Incident handler for 10 years at CERT.be till 2014 then in the European Institutions. Leading the European Commission Incident Reponse Team (EC DIGIT CSIRC) since 2019.
Derrick Scholl
Juniper Networks, US
Derrick Scholl is the Sr. Director of Juniper Network’s Security Incident Response Team (SIRT). Derrick has been leading Product SIRTs for more than 20 years with previous positions at Oracle and Sun Microsystems.
Since attending his first FIRST conference in Chicago in 2000, Derrick has been a huge FIRST enthusiast. He’s been to every Annual Conference since and attended countless regional conferences, symposia, and TCs. He was elected to the FIRST Board of Directors in 2006 and served two terms as the Chairman of FIRST in 2007 and 2008. He stepped down from the Board in 2009 but came back to serve an additional 8 years from 2011-2019.
Because of his passion for the Annual Conference, Derrick served as the Board Liaison or Conference chair for the conferences in Berlin, Puerto Rico, and Edinburgh. Since leaving the Board, Derrick has served on the Program Committee for the last two conferences.
Emer O'Neill
VMware, IE
Emer O’Neill is the Senior Manager of the VMware Security Response Center, a group which is part of VMware Engineering Services, a central function within R&D. With more than 20 years of technical and management experience in the high-tech industry, Emer has been with VMware for the past 14 years and worked in the customer facing Global Support Services (GSS) as both a technical support engineer and then manager and more recently in 2016 moved to R&D leading a global team whom are responsible for analysis and remediation of software security issues in VMware products and services. Emer holds a MBS in Business Practice from UCC & the Irish Management Institute. Emer is passionate about security and has been an active member of FIRST for the past three years.
Enrico Lovat
Siemens, US
Enrico Lovat received his PhD from the Technical University of Munich for his research on the topics of usage control and information flow tracking. He joined Siemens CERT in 2016 as incident handler. Currently, he is responsible for the Cyber Threat Intelligence team at Siemens CERT.
Eric Johnson
US
Eric is the Security Engineering Manager at AMI responsible for Product Security Incidence Response, Secure Development Lifecycle, secure development training, etc.
Eric Zielinski
Veeva, US
Eric Zielinski is the Director of Security Operations for Veeva Systems where he is responsible for design, implementation, and maintenance of the detection, response, and threat intelligence processes. Prior to Veeva, Eric led the Cloud Security Engineering organization at Nationwide, where his teams were responsible for vulnerability management, data protection, identity access management, and security automation. He is a frequent speaker at conferences such as FS ISAC, SANS, O’Reilly, etc.. Zielinski holds a bachelor’s degree in Information Systems from Franklin University and several certifications, such as GCCC, GMON, EnCE, and GCIH.
Ernesto Perez Estevez
CEDIA, EC
In charge of CSIRT CEDIA since 2013. Long time Linux fan (1995-present).
Frank Herberg
SWITCH, CH
After completing his studies in engineering, Frank Herberg worked on IT infrastructure and security projects for a number of technology consulting firms. In 2012, he joined SWITCH-CERT. Today, Frank is Head of SWITCH-CERT for its Commercial Sectors. Frank is the author of the FIRST IPv6 Security training materials. In the past years, he conducted divers IPv6 security trainings and hands-on workshops for the security community.
Gavin Reid
Recorded Future, US
Gavin Reid is the CSO for Recorded Future. Recorded Future delivers advanced security intelligence to disrupt adversaries, empower defenders, and protect organizations. Reid has global responsibility for ensuring the protection, integrity, confidentiality, and availability of all customer-facing services, internal operational systems, and related information assets. Gavin has 20 years of experience in the management of all aspects of security for large enterprises. Strong ability to create and direct fast-moving technical security teams with industry-leading incident response, security research, and threat intelligence capabilities. Creator of Cisco's Security Incident Response Team (CSIRT), Cisco's Threat Research and Communications (TRAC) and Fidelity's Cyber Information Group (CIG).
Gregor Wegberg
OCINT-CSIRT, CH
Gregor Wegberg has been the Head of Digital Forensics & Incident Response at Oneconsult AG since 2020. With his team (OCINT-CSIRT), he has successfully managed numerous cyber incidents and advised companies on the prevention and management of cyber attacks. Gregor is a regular speaker and workshop leader, sharing his knowledge and experience at conferences. As an author in technical journals, he regularly writes articles that provide in-depth insights into the world of digital forensics, incident response, and cybersecurity.
Hank Nussbacher
IL
Hendrik Adrian
LACERT, Cyber Emergency Center, Incident Management Group, JP
Hendrik Adrian was a bachelor of Electrical Engineering when received Master of Science in Computer & Information Sciences & Support Services. Hendrik was working straight in the IT security field with UNIX skills in security hardening on various systems, his noted achievement was as co-founder and CEO of Kaspersky Labs regional office in Japan acted as technical leader & business executive, his retired to establish his own security protocol filtration product in a Japan security entity. Hendrik has joined LACERT works afterwards, he is in Japan government support for various educational security lecture activities in IPA, he is putting more efforts in contribution to local (Japan) and international security communities as an active speaker in various conferences i.e. IOTSecJP, R2CON, BotConf, AV Tokyo, ROOTCON, Brucon, DefCon Japan HACK.LU, etc, along with contribution as lecturer in security educational events in Japan at All Japan Security Camp and IPA ICSCoE's CyberCrest supporter. Aside of his daily work, in August 2012 he gathered world-wide security/network engineers to form a malware analysis initiative movement to then known as MalwareMustDie.org, an organization formed to suppress the growth of malware distribution, his shared technical writing on UNIX cyber threats can be viewed in https://blog.malwaremustdie.org with achievement listed in https://en.wikipedia.org/wiki/MalwareMustDie
Reference:
- https://www.rootcon.org/html/archives/rc14#unixfreaxjp
- https://www.radare.org/con/2020/#Schedule
- https://iotsecjp.connpass.com/event/154373/
- https://2018.seccon.jp/seccon/2018akihabara/#cb-08
- https://2018.seccon.jp/seccon/2018akihabara/#cb-07
- https://rada.re/con/2018/schedule.html
- https://www.ipa.go.jp/jinzai/camp/2017/zenkoku2017_koushi.html
- https://www.ipa.go.jp/jinzai/camp/2018/zenkoku2018_program_profile.html#profile_z-04
- https://www.ipa.go.jp/jinzai/camp/2019/zenkoku2019_program_profile.html#profile_z-02
- https://www.ipa.go.jp/icscoe/program/short/all_industries/2019.html
- https://www.ipa.go.jp/icscoe/program/short/all_industries/2018.html
- https://www.ipa.go.jp/icscoe/program/short/all_industries/past.index.html
- http://en.avtokyo.org/avtokyo2013/speakers#hendrik
- http://2014.brucon.org/index.php/Hendrik_Adrian.html
- https://www.botconf.eu/author/hendrik-adrian/
Activity & achievements to support security community:
https://unixfreaxjp.github.io/Hiroki Kuzuno
SECOM Co., Ltd.,, JP
Hiroki Mashiko
NTTDATA, Corp., JP
8 years experiences in Computer Forensic, Malware Analysis, Network log analysis, and Inciden Handling, and held some presentations in academic conferences, such as IPSJ / Computer Security Symposium.
Jeroen van der Ham
NCSC-NL & University of Twente, NL
Jeroen van der Ham is senior researcher at NCSC-NL and associate professor of Cyber Security Incident Response at the University of Twente. At NCSC-NL he focuses on the many developments in coordinated vulnerability disclosure and ethics of the security profession. At the University of Twente he focuses on incident response, ethics of incident response and internet security research, denial of service attacks, and anonimization in network measurements.
John Kristoff
DePaul University, US
John is a network architect in the Information Services division and adjunct faculty in the College of Computing and Digital Media at DePaul University. He is also a PhD candidate in Computer Science at the University of Illinois Chicago studying under the tutelage of Chris Kanich. He also currently serves as a research fellow at ICANN, sits on the NANOG program committee, and operates DataPlane.org.
Julien Bachmann
Hacknowledge, CH
In 12+ years of experience in infosec, I've been both in red and blue teams. After several years performing penetration testing breaking into information systems and assessing the security of web and mobile applications, I joined the defence side first working as a security researcher for an MSSP and now as a CTO for Hacknowledge, a Swiss security monitoring solution. My background in offensive techniques allows me to have a different view on how to protect enterprises and their critical assets. Once an avid CTF player, I know keep practicing software exploitation and reverse engineering on the side. I spoke and gave software exploitation or reverse engineering workshops at several Swiss and European conferences including Hack.lu, Security BSides London, EUSecWest, Insomni'hack, OWASP Geneva, and Swiss Cyber Storm. Most of my public presentations could be found under : https://speakerdeck.com/milkmix
Karthik Yetukuri
VMware, US
Karthik has first hand experience working in the trenches, defending organizations from cyber threats, with emphasis on Security Operations, Threat Intelligence and Threat Hunting. In his current position, Karthik has the privilege of leading a team of DFIR and Threat Intel Specialists.
Klée Aiken
CERT NZ, NZ
A Chicagoan lost in the Asia-Pacific, Klée is currently working as the Principal Pacific Partnership Advisor at CERT NZ, the national incident response team for New Zealand. He works to build stronger partnerships across the Pacific and with the global incident response community to support capacity building in the region. He is also a member of the Research Committee of the Global Forum on Cyber Expertise (GFCE), which works for more informed, complementary, and impactful cyber capacity building. Klée has worked on Asia-Pacific digital issues since 2013 having also served as a GFCE Advisory Board member; Senior Advisor - Strategic Engagement and Capacity Building at the Asia-Pacific Regional Internet Registry, APNIC; and as an analyst with the International Cyber Policy Centre at the Australian Strategic Policy Institute (ASPI).
Koen Van Impe
cudeso.be Comm.V., BE
Incident Response, Security Monitoring and Threat Intelligence https://www.vanimpe.eu
Konrads Klints
KPMG, SG
Krassimir Tzvetanov
Purdue University, US
Krassimir Tzvetanov is a graduate student at Purdue University focusing his research on Threat Intelligence, Operational Security Research, and Social Media Influence Operations, in the cyber domain. In the recent past Krassimir was a security architect at Fastly, a content delivery network (CDN) designed to accelerate content delivery as well as serve as a WAF and a shield against DDoS attacks. His current focus is on incident response and investigations, threat intelligence and security systems architecture. In the past he worked for hardware vendors like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation features, product security and security software development best practices. Before joining Cisco, Krassimir was Dedicated Paranoid (security) at Yahoo!, Inc. where he focused on designing and securing the edge infrastructure of the production network. Part of his duties included dealing with DDoS and abuse. Before Yahoo! Krassimir worked at Google, Inc. as an SRE for two mission critical systems, the ads database supporting all incoming revenue from ads and the global authentication system which served all of the company applications. Krassimir is very active in the security research and investigation community, has a number of contributions to FIRST SIGs, as well as participates in the Honeynet Project. In addition, Krassimir ran the BayThreat security conference and has contributed to a number of other events like DefCon, where he ran the Radio Communications group, and ShmooCon and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.
Kunio Miyamoto
NTT DATA Corporation, JP
He worked sections related to research and development above 20 years, and works NTTDATA-CERT - CSIRT for NTT DATA Group - for 10 years. He received B.D from University of Electro-Communications(1991), and Ph.D degree from INSTITUTE of INFORMATION SECURITY(2011).
Lasse Laukka
Ericsson PSIRT, FI
Security professional and leader heading the Ericsson PSIRT (Product Security Incident Response Team).
Lisa Bradley
Dell, US
Dr. Lisa Bradley is the Director of Product & Application Security at Dell Technologies focusing on Vulnerability Response & Customer Trust. In this role, she oversees the Product Security Incident Response Team (PSIRT) where she defines and drives vulnerability response and builds customer trust into the core of product and application security practices. Lisa has 20 years of Enterprise-class engineering and leadership experience including over eight years leading PSIRT programs for NVIDIA and IBM. Lisa is part of the FIRST PSIRT Sig and contributed to the FIRST PSIRT Services Framework, training, and PSIRT Maturity document. Lisa has spoken at many tech-related events including FIRST, BSIMM, DerbyCon, DEF CON, ISACA and Security Journey. Lisa enjoys spending time with her three children and teaching as an adjunct professor at local universities.
Lucimara Desidera
CERT.br / NIC.br, BR
Lucimara is a Security Analyst at CERT.br/NIC.br where she works in the areas of Outreach and Internet Security Awareness. She is also co-Chair of the Latin American and Caribbean Anti-Abuse Working Group (LAC-AAWG). Her activities include building awareness and fomenting the adoption of Internet Security best practices, as well as developing new best practices and supporting materials, working in cooperation with other incident response teams, with international organizations (such as LACNIC, LACNOG, FIRST and M3AAWG) and with different Internet sectors in Brazil. She has been speaker and program committee member at several national and international conferences. She is the Program Committee Chair for the 32nd Annual FIRST Conference (2020).
Margrete Raaum
KraftCERT, NO
Margrete Raaum is manager for KraftCERT, the Norwegian CERT for energy (oil&gas&electric), water&waste water and industrial control system industry. She has a background from IC design, computer networking, and information security. She has worked on information security since 1998: for the ISP community, in academia for a number of years, as well the Norwegian Security Authority/National CERT (NSM/NorCERT) and at the grid- and transmission system operator (Statnett). She was on the board of directors of FIRST (The Forum for Incident Response and Security Teams) for 8 years, serving as chairman for 2 years.
Martin Nagel
Niantic, Inc., CH
Martin Nagel is a Senior Security Engineer at Niantic and responsible for Threat monitoring, Incident Response and digital forensics. Prior to Niantic, Martin was working in the financial industry as a member of the corporate CSIRT team, responsible for digital forensics, malware and threat analysis, vulnerability management, the company own PKI and maintaining a wide set of security tools and solutions.
Michael Dwucet
CERT-Bund / Federal Office for Information Security (BSI), DE
Michael Dwucet graduated as a Diplom-Informatiker in Computer Science at the University of Bonn in 2008. After his graduation, he worked as an officer for the Federal Office for Information Security (BSI) in Germany. Beginning as an Incident Responder and later as an Incident Manager for the Computer Emergency Response Team for the Federal Government (CERT-Bund), he handled many high profile cases in the Government and in Critical Infrastructures. In addition, he was one of the main relation officers for the CERT and worked with many national and international bodies and communities. He is one of the FIRST representatives for CERT-Bund and a regular conference attendee. Since 2020, he is the head of the section "CERT-Bund Incident Response and Liaison Office to the National Cyber Response Centre", responsible for the Incident Response of CERT-Bund for the German government and Critical Infrastructures.
Olivier Caleff
FR
Righard Zwienenberg
ESET, NL
Zwienenberg started dealing with computer viruses in 1988 after encountering the first virus problems at the Technical University of Delft. His interest thus kindled and studied virus behavior and presented solutions and detection schemes ever since. Initially starting as an independent consultant, in 1991 he co-founded CSE Ltd. In November 1995 Zwienenberg joined the Research and Development department of ThunderBYTE. In 1998 he joined the Norman Development team to work on the scanner engine. In 2005 Zwienenberg took the role of Chief Research Officer. After AMTSO – Anti Malware Testing Standards Organization – was formed, Zwienenberg was elected as president. He is serving on the board of AVAR and on the Technical Overview Board of the WildList. In 2011 Zwienenberg was looking for new opportunities and started as a Senior Research Fellow at ESET. In April 2012 Zwienenberg stepped down as President of AMTSO to take the role as CTO and later as CEO. In 2016 he rejoined the AMTSO board for another two-year run. He also is the Vice Chair of the Executive Committee of IEEE ICSG. In 2018, Zwienenberg joined the Europol European Cyber Crime Center (EC3) Advisory Group as an ESET representative. Zwienenberg has been a member of CARO since late 1991. He is a frequent speaker at conferences – among these Virus Bulletin, EICAR, AVAR, RSA, InfoSec, SANS, CFET, ISOI, SANS Security Summits, IP Expo, Government Symposia, SCADA seminars, etc. – and general security seminars. His interests are not limited to malicious code but have broadened to include general cybersecurity issues and encryption technologies over the past years.
Ronaldo de Vasconcellos
Fox-IT - part of NCC Group, BR
Ryusuke Masuoka
Fujitsu System Integration Laboratories, JP
Dr. Ryusuke Masuoka is a research principal at Fujitsu System Integration Laboratories LTD (FSI), working on Cyber Security. Over 30 years, he has conducted research in neural networks, simulated annealing, agent system, pervasive/ubiquitous computing, Semantic Web, bioinformatics, Trusted Computing, Software/Security Validation, Cloud Computing, Smart Grid, the Internet of Things, Cyber Security Policy, and Cyber Security. He also led numerous standardization activities and collaborations with universities, national and private research institutes, and startups. He is an ACM senior member and an IEEE senior member.
Shin Adachi
US
CISSP, CISM, CISA and PMP. A seasoned incident responder for decades with the Internet Protocol based information systems design and administration experience for decades, including carrier grade multinational networks as well as multinational corporate IT. Based in Silicon Valley now after living and working experience in both east and west coast of the United States, Japan and other APAC, and Europe in my life.
Thomas Fischer
GB
Thomas has over 30 years of experience in the IT industry ranging from software development to infrastructure & network operations and architecture to settle in information security. He has an extensive security background covering roles from incident responder to security architect at fortune 500 companies, vendors and consulting organisations. He is currently security advocate and threat researcher focused on advising companies on understanding their data protection activities against malicious parties not just for external threats but also compliance instigated.
Thomas is also an active participant in the InfoSec community not only as a member but also as director of Security BSides London, ISSA UK chapter board member and speaker at events like SANS DFIR EMEA, DeepSec, Shmoocon, and various BSides events.
Tobias Dussa
DFN-CERT Services GmbH, DE
Tobias holds an MSc in Computer Science, specializing in Systems Security, Cryptography, and Networking. After working as a sysadmin at the Scientific Supercomputing Centre Karlsruhe (SSCK) since 2004, he became a founding member of the Karlsruhe Institute of Technology's CERT (KIT-CERT) in 2008, which he headed as team lead from 2011 to 2018. Since 2020, he is a senior analyst with DFN-CERT, the German NREN CERT.
Tracy Bills
CERT/CC, Software Engineering Institute, US
Tracy A. Bills is a Senior Cybersecurity Operations Researcher at the CERT® Division of Carnegie Mellon University’s Software Engineering Institute (SEI). She has over 20 years of combined experience in cybersecurity and intelligence analysis. She has helped build and mature national-level cybersecurity information sharing programs. Tracy has worked extensively to assist both public and private computer security incident response teams (CSIRTs) and security operations centers (SOCs) to develop, implement, and refine effective processes. Currently, her focus is on helping national-level CSIRTs build capabilities and capacity.
Ulrich Stadie
EnBW, DE
Former Naval Flight Officer in the German Navy till 2006; from 2006 to 2010 university degree in computer sciences (main topics: forensic, security and robotics); 2011 to 2019 member of the KIT-CERT at the KIT (Karlsruher Institute of Technology in Karlsruhe, Germany); since 2019 senior IT security manager at Energie Baden-Württemberg (EnBW; German large energie provider and power authority).
Vaddi Venkateswara Rao
CERT-In
Scientist at Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics and Information Technology, Government of India. Have 13 years of experience in the field of cybersecurity. My area of work is focused on cybersecurity incident response, investigations, vulnerability assessment and penetration testing of cyber infrastructure. International cybersecurity coordination, cooperation and lead of international working groups such as APCERT IoT Security Working Group. Reviewer of technical papers at various conferences & journals and program committee member at APCERT since 2017.
Gold Sponsor Highlight
FIRST is seeking sponsorships for its virtual edition of the 33rd annual conference on computer security and incident handling. Well-attended and well-received, the past virtual FIRST conference attracted over 2,500 delegates from over 110 countries. The annual conference is by far one of the most unique international assemblies of incident response and computer security professionals. Sponsorship opportunities are limited and are on a first-come, first-served basis. Contact events@first.org for more information.
Checkout our full sponsorship team and exhibitor listing here.
-
Gold
Cisco
Cisco Secure has integrated a comprehensive portfolio of network security technologies to provide advanced threat protection. Our technologies include next-generation firewalls, intrusion prevention systems (IPS), secure access systems, security analytics, and malware defense.
-
Gold
Cyware
Cyware helps enterprise cybersecurity teams build platform-agnostic virtual cyber fusion centers. Cyware is transforming security operations by delivering the cybersecurity industry's only Virtual Cyber Fusion Center Platform with next-generation SOAR (security orchestration, automation, and response) technology. As a result, organizations can increase speed and accuracy while reducing costs and analyst burnout. Cyware's Virtual Cyber Fusion solutions make secure collaboration, information sharing, and enhanced threat visibility a reality for enterprises, sharing communities (ISAC/ISAO), MSSPs, and government agencies of all sizes and needs.
-
Gold
Microsoft
As a leader in cloud-enabled applications and infrastructure, Microsoft is by necessity also a leader in cybersecurity. Our holistic view spans identity and access management, threat protection and response, information protection and intelligent security management. At our Microsoft Secure site (https://www.microsoft.com/en-us/security/default.aspx), we share security guidance for scenarios ranging from planning for the Security Development Lifecycle to coping with cyberattacks to applying the security features built into our products and services. Our cybersecurity knowledge isn't just based on our internal knowledge and experience, but on what we learn from customer feedback and reports from independent and industry security researchers. We greatly appreciate our partnership with the security community to protect customers around the globe.
-
Gold
Rapid7
Rapid7 simplifies cybersecurity. With powerful automation and integrated threat intelligence from our industry-leading researchers and SOC analysts, our Insight Platform gives security teams the visibility they need to secure their environment no matter the size or complexity. Don’t just protect your business, drive it forward.
-
Gold
SecureWorks
Secureworks is 100% focused on cybersecurity. In fact, it’s all we do. For nearly two decades, we’ve committed to fighting the adversaries in all their forms and ensuring that organizations like yours are protected. Secureworks® Taegis™, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improves your ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
-
Gold
Team Cymru
Since 2005, our mission has been to save and improve human lives by working with public and private sector analyst teams, enabling them to track and take down threat actors, criminals, terrorists and human traffickers around the globe. We deliver comprehensive visibility into global cyber threat activity and are a key source of intelligence for many cyber security and threat intelligence vendors. Our Community Services division provides no-cost threat detection and intelligence to network operators, hosting providers and more than 130 CSIRT teams across 86+ countries. Enterprise security analysts rely on our Pure Signal™ platform for on-demand access to global internet traffic telemetry, which allows them to see what’s happening virtually anywhere across the internet with a clarity similar to that of their own internal network telemetry. With this visibility, they close detection gaps, accelerate incident response, and get ahead of critical, recurring threats – mapping and monitoring threat infrastructures around the world and blocking attacks before they are launched.
-
Gold
VirusTotal
VirusTotal, part of Google Cloud is one of the world’s largest malware libraries. VirusTotal inspects items with over 70 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal.