33rd Annual FIRST Conference • Virtual Event
Conference Program At-A-Glance
Final Agenda as of June 9, 2021.
To view the main session catalog, on-demand catalog, and workshop catalog, please select the option from the main menu under Program. You may also access speaker bios from the catalogs.
If you wish to register for a workshop, please click here.
View Replays of the Live Sessions, Pre-con Sessions, and Sponsor Sessions Now!
Pre-Con | Sunday, June 6
| Live Schedule (UTC) | WorkAdventure |
|---|---|
| 21:00-22:00 |
Social Event: Open Networking and Explore the Conference Venue |
Day 1 | Monday, June 7
| Live Schedule (UTC) | Breakout 1 | Breakout 2 | Breakout 3 | WorkAdventure |
|---|---|---|---|---|
| 12:00 - 12:15 | Opening Remarks | |||
| 12:15 - 13:15 | Keynote Presentation: An Unauthorized Exchange - From Targeted Espionage to the Global Cyber Pandemic Steven Adair (Volexity, Inc., US) |
Speaker Q&A, Networking, Exhibitor Hall | ||
| 13:15 - 13:30 | BREAK | |||
| 13:30 - 14:00 | Tech / Intermediate Practical Attack Vectors and Their Ideal Defensive Strategies for ICS & SCADA Mars Cheng, YenTing Lee (TXOne Networks, TW) |
Mgmt / Intermediate Building PPP Resilience Through National Level Cyber Exercises Antti Nyqvist (Technology Industries of Finland, FI), Julia Vainio (NCSC-FI, FI) |
Mgmt / Beginner A Playbook for Effective Corporate Communication After a Cyber Security Incident Dr. Jason Nurse (University of Kent, UK) |
Speaker Q&A, Networking, Exhibitor Hall |
| 14:00 - 14:30 | Tech / Beginner The Rise of the Eternal Botnet David Sancho (Trend Micro, ES) |
Mgmt / Intermediate A Supply Chain Incident of Major Influence in Israel Chen Girat (INCD, IL) |
Mgmt / Beginner Coming Together Under a Pandemic - Case Study on the COVID-19 MISP Information Sharing Community Andras Iklody, Alexandre Dulaunoy (CIRCL, LU) |
Speaker Q&A, Networking, Exhibitor Hall |
| 14:30 - 14:45 | BREAK | |||
| 14:45 - 15:15 | Tech / Beginner Practical ISP CSIRT Incident Handling with Network Flows, ELK Stack and Cybersecurity Intelligence Signal - NIMBUS, A Community Service from Team Cymru. Francisco Badaro (ITS Telecomunicacoes, BR), James Shank (Team Cymru, US) |
Academic / Beginner Incident Response as a Lawyers' Service Dr. Daniel Woods (University of Innsbruck, AT) |
SESSION CANCELLED | Speaker Q&A, Networking, Exhibitor Hall |
| 15:15 - 15:45 | Tech / Advanced Surviving a Ransomware Attack - Lessons from the Field Peter Morin (Grant Thornton, CA) |
Mgmt/Beginner DNS is Under Attack - the Miscreant's Offensive Playbook with a Defensive Counter Barry Greene (Akamai, US) |
Mgmt / Beginner Don't You Know That You're Toxic? Moving Towards Positive Security Practices within your Organisation Nicole Harris (GEANT, UK), Sigita Jurkynaite (NRD CIRT) |
Speaker Q&A, Networking, Exhibitor Hall |
| 16:00 | Social Event: Sponsor Booth Scavenger Hunt & Gold Sponsor Trivia Raffle | |||
| 16:00 | Capture the Flag Opening Information Session - Closed Registered |
Day 2 | Tuesday, June 8
| Live Schedule (UTC) | Breakout 1 | Breakout 2 | Breakout 3 | WorkAdventure |
|---|---|---|---|---|
| 12:00 - 12:30 | Tech / Intermediate Scoring Security Vulnerabilities in Medical Devices: Rubric for CVSS Sumanth Naropanth, Rahul U (Deep Armor, IN) |
Mgmt / Intermediate Root Cause Analysis (RCA) in Dell PSIRT David Spencer (Dell Technologies, US) |
Tech / Advanced How to Apply the Machine Learning Appropriate Way for Your Security Operation Kunihiko Yoshimura (Fujitsu, JP) |
Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag |
| 12:30- 13:00 | Tech / Beginner Simple Method of Automatic Risks Assessment for Web Systems Considering Assets Sensitivity Mitsuharu Sasaki (NTT, JP) |
Mgmt / Beginner The CAIS/RNP Experience in Brazilian General Data Protection Law (LGPD) Compliance Cleberson Silva (RNP - Rede Nacionial de Pesquisa e Ensino, BR), Nicole Rieckmann (CAIS - RNP, BR) |
Tech / Intermediate CGN - Carrier Grade NAT - Carrier Grade Problems Simon Kenin (Independent Consultant, IL) |
Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag |
| 13:00 - 13:15 | BREAK | |||
| 13:15 - 14:15 | Featured Panel: Life in Security - Practitioners in the Wild Nazira Carlage (Salesforce, US), Jeffrey Carpenter (Secureworks, US), Katie Moussouris (Luta Security, US), Caroline Wong (Cobalt, US) |
Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag | ||
| 14:15 - 14:30 | BREAK | |||
| 14:30 - 15:00 | Tech / Intermediate / PRE Breaking the Chain of Trust Alex Bazhaniuk, Jesse Michael, Mickey Shkatov (Eclypsium, US) |
Tech / Advanced Panel: Towards Real World Cyber Risk Eireann Leverett (Airbus, UK), Matilda Rhode (Airbus, UK), Sasha Romanovsky (RAND, US), Jay Jacobs (Cyentia, US), Luca Allodi (Eindhoven University of Technology, NL) |
Tech / Intermediate Improving Internet Wide Scanning with Dynamic Scanning Alexandre Dulaunoy (CIRCL, LU) |
Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag |
| 15:00 - 15:30 | Tech / Intermediate / PRE From RATs to Extorting Multibillion Companies: The Evolution of a Modern Ransomware Group Fernando Merces (Trend Micro, BR) |
Tech / Advanced Panel: Towards Real World Cyber Risk (continued) |
Mgmt / Intermediate From 2017 to 2021: Integration of an Operational Situation Awareness Team to a CSIRT - The Need for Specific Missions When Scaling-up. Lena Elemento, Esther Lyonnet (ANSSI - CERT-FR, FR) |
Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag |
| 15:30-16:30 | Open Social Hour, Speaker Q&A, Networking, Exhibitor Hall, Capture the Flag |
Day 3 | Wednesday, June 9
| Live Schedule (UTC) | Breakout 1 | Breakout 2 | Breakout 3 | WorkAdventure |
|---|---|---|---|---|
| 12:00 - 12:30 | Tech / Intermediate Attacking Bluetooth LE Design and Implementation in Mobile + Wearables Ecosystems Sunil Kumar, Nitin Lakshmanan (Deep Armor, IN) |
Mgmt / Intermediate Step 0 for a Multi-party Vulnerability Coordination is Yet Another Multi-party Vulnerability Coordination Umair Bukhari (Ericisson, FI) |
Mgmt / Intermediate Considerations in CSIRT Activities in the Risk of Infection with New Real Viruses Seiichi Komura (NTT Advanced Technology, JP) |
Speaker Q&A, Networking, Exhibitor Hall |
| 12:30 - 13:00 | Tech / Intermediate Attack Defense Graph analysis for supporting SOC and CSIRT operations Frank Fransen (TNO, NL), Erik Ringdahl (foreseeti, SW) |
Mgmt / Advanced Connecting the Dots in a Cyber Pandemic Era Dana Toren (INCD, IL) |
Tech / Beginner Gaining CISO Support and Improving Security Operations Situational Awareness with Threat Briefings Angela Wu (VMware, SG) |
Speaker Q&A, Networking, Exhibitor Hall |
| 13:00 - 13:15 | BREAK | |||
| 13:15 - 13:45 | Tech / Intermediate CSAF 2.0 - A new start to automate advisories Thomas Schmidt (CERT Bund, DE) |
Mgmt / Intermediate Influence Operations Krassimir Tzvetanov (Purdue University, US) |
Tech / Intermediate From a Hospital into the Realm of Hades Alberto Magallon Sabado, Juan Gonzalez (Cybersecurity Agency of Catalonia, ES) |
Speaker Q&A, Networking, Exhibitor Hall |
| 13:45 - 14:15 | Tech / Intermediate Defense Through Invisibility: Zero Trust Security for the Enterprise Jason Garbis (Individual Contributor, US) |
Mgmt/Beginner Story Telling Through Reports James Potter, Raja Jasper (Huntington Bank, US) |
Tech / Intermediate Dispatch: Crisis Management Automation for the Entire Organization Marc Vilanova, Kevin Glisson (Netflix, US) |
Speaker Q&A, Networking, Exhibitor Hall |
| 14:15 - 14:20 | BRIEF BREAK | |||
| 14:20 - 14:45 | Closing Remarks | Speaker Q&A, Networking, Exhibitor Hall | ||
| 14:45 - 16:00 | Closing Social Hour, Speaker Q&A, Networking, Exhibitor Hall |
Post-Con, Member-Only | Thursday, June 10
| Live Schedule (UTC) | Member-Only Access |
|---|---|
| 13:00 |
FIRST Annual General Meeting Members-only, please log into the FIRST Portal and visit the AGM section for details on how to attend the webinar. |
Post-Con, CTF Participants | Friday, June 11
| Live Schedule (UTC) | CTF Participants and General Interest - Registration to be posted week of June 6 |
|---|---|
| 12:00-13:00 |
SecLounge Capture the Flag Closing Remarks and Awards Presentation This closing session is open to all who wish to view the presentation. No registration required: https://first-org.zoom.us/j/98811495162?pwd=K1FsTTBHbkxaREJEQmpFbER2OHlKUT09 |
Post-Con, Workshops | Thursday, June 17
| Live Schedule (UTC) | Open to All Participants |
|---|---|
| 13:00-16:00 |
Writing Meaningful Threat Intel Reports in MISP - No Capacity Restrictions Andras Iklody, Alexandre Dulaunoy, Sami Mokaddem (CIRCL, LU) |
Post-Con, Workshops | Thursday, June 24
| Live Schedule (UTC) | Open to All Participants |
|---|---|
| 13:00-14:30 |
Modern Threat Hunting - No Capacity Restrictions Vicente Diaz (TotalVirus, ES) |
Post-Con, Workshops | Thursday, July 1
| Live Schedule (UTC) | Open to All Participants |
|---|---|
| 13:00-14:30 |
Applying CTF Framework to Online Incident Response Exercise - Capacity Restriction - 60 Seats Yoshihiro Masuda (Fujifilm Business Innovation Corporation, JP), Hajime Ishizuka (NTT Security, JP), Takashi Kasubuchi (NTT-WEST, JP), Yusuke Kon (Trend Micro, JP) |
Post-Con, Workshops | Thursday, July 15
| Live Schedule (UTC) | Open to All Participants |
|---|---|
| 13:00-15:00 |
Using Yara & Strelka to Identify & Detect Malware - Capacity Restriction - 75 Seats Derek Thomas, Paul Hutelmyer (Target, US) |