34th Annual FIRST Conference | Neart Le Chéile - Strength Together

Birds of a Feather (BoF) Schedule

Schedule is subject to change. Please be sure to refer to the conference mobile app during conference week for the latest and most accurate times.

Monday, June 27th

Wicklow Hall 2A
13:20 – 13:50
 US

FIRST Membership Application Process Overview

Nora Duhig (FIRST, US)

TLP:CLEAR

Tuesday, June 28th

Wicklow Hall 2AWicklow Hall 2BWicklow Meeting Room 5
14:30 – 15:30
 US

DDoS and Routing Security BoF

John Kristoff (NETSCOUT ASERT, US)

TLP:CLEAR
16:30 – 17:30
 US

Hard to Measure Risk BoF

Art Manion (vu.ls, US)

17:30 – 18:30
 US

PSIRT-CSIRT Collaboration

Katie Trimble-Noble (Intel, US); Thomas Millar (CISA, US)

TLP:GREEN

Wednesday, June 29th

Wicklow Hall 1Wicklow Hall 2A
11:45 – 12:45
 US

M3AAWG Abhorrent Takedown Guide Introduction and Feedback

Dennis Dayman (M3AAWG, US)

13:00 – 14:00

Law Enforcement Special Interest Group

Pei Ling LEE, Shane CROSS (INTERPOL)

TLP:CLEAR

Thursday, June 30th

Wicklow Meeting Room 4Wicklow Meeting Room 5
10:15 – 12:15
 NL PL FR

SIM3 Hands On

Don Stikvoort (Open CSIRT Foundation, Chairman of the Board EU Cyber4Dev Expert, NL); Miroslaw Maj (ComCERT S.A., PL); Olivier Caleff (Open CSIRT Foundation, FR)

TLP:CLEAR
17:00 – 18:00
 US

Implementing SSVC

Vijay Sarvepalli (Carnegie Mellon University - CERT, US)

TLP:CLEAR
  •  USTLP:CLEAR

    DDoS and Routing Security BoF

    The threat landscape for Distributed Denial of Service (DDoS) attacks and Internet BGP security will be briefly surveyed and discussed. Many of the threat in these areas, such as reflection/amplification and route hijacking are well-known in the Internet service provider (ISP) community, but less well understood outside of backbone and router operators, especially when it comes to both mitigation strategies and deployment challenges of new technology such as the Resource Public Key Infrastructure (RPKI). The first part of this session will present a current state of the art and insight from an operator and researcher perspective. The second part will shift to participant discussion with the intent to facilitate information-sharing and addressing the specific DDoS/BGP interests of FIRST Conference attendees.

    June 28, 2022 14:30-15:30

  •  USTLP:CLEAR

    FIRST Membership Application Process Overview

    Members of the FIRST Membership Committee will give a presentation about the application process and answer questions. Any team or liaison who is interested in FIRST membership should attend.

    Duration - 30 mins plus Q&A

    June 27, 2022 13:20-13:50

  •  USTLP:CLEAR

    Implementing SSVC

    Stakeholder-Specific Vulnerability Categorization (SSVC) is a new proposed way to understand and manage vulnerabilities in a holistic way. This prioritization technique attempts to increase clarify of a vulnerability's impact that will lead to proper allocation of an organization's limited resources to address vulnerabilities. Today's organization has a complex number of stakeholders impacted by vulnerabilities, their roles and their decisions require an overlapping visibility into the vulnerability at hand. SSVC also tries to provide flexibility to this multiple stakeholders with a decision tree approach.

    This BoF session is all about finding out how practical is SSVC? Can SSVC provide stakeholders with appropriate decision given their succinct visibility into the enterprise? How as SSVC helped one or more organizations with specific examples of vulnerabilities that have caught the recent news? Can mall, medium and large enterprises all benefit from SSVC? Are there target organizations and stakeholders that SSVC is not appropriate for? and why?

    June 30, 2022 17:00-18:00

  • TLP:CLEAR

    Law Enforcement Special Interest Group

    INTERPOL will formulate a proposal to create a Special Interest Group (SIG) to discuss law enforcement issues with the FIRST community. The proposed Law Enforcement SIG aims to enable contact and exchange of experience and best practices between FIRST members within law enforcement and members from other private and public sectors, so as to foster better mutual understanding on work relating to the prevention and disruption of cybercrime and other cyber threats.

    Main areas for engagement and discussion within the SIG include:

    • Modalities for collaboration and coordination of joint disruption operations between law enforcement and other entities
    • Threat assessment and notification process within private entities and non-law enforcement public entities (CSIRTs)
    • Understanding modi operandi of threat actors and how CSIRT and law enforcement can better align efforts to disrupt these actors

    Presenters Ms LEE Pei Ling Head Cyber Strategy & Capabilities Development, Cybercrime Directorate, INTERPOL

    Mr Shane CROSS Acting Head Cybercrime Intelligence Unit, Cybercrime Directorate, INTERPOL

    June 29, 2022 13:00-14:00

  •  US

    M3AAWG Abhorrent Takedown Guide Introduction and Feedback

    Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) created a trusted environment and process to facilitate conversation between cybersecurity practitioners who are charged with managing takedowns of abusive material on their networks following the 2019 Christchurch, New Zealand mass shooting.

    The purpose of a recently created guide is to outline the enforcement process in the event any organization becomes aware of Abhorrent and/or Violent Content hosted on their network(s) which falls under, but not limited to any regulations applicable to your organization or any policies you may have for your clients. This guide is intended to be used as a guide containing steps organizations may take into consideration when developing their Abhorrent and/or Violent Content Takedown procedures.

    M3AAWG is hosting a BoF looking for feedback to its current document and also looking to FIRST and its members to assist in the creation of the process, but also the network of companies willing to help rid the Internet of Abhorrent and/or Violent Content.

    June 29, 2022 11:45-12:45

  •  USTLP:GREEN

    PSIRT-CSIRT Collaboration

    This panel will discuss how PSIRT and CSIRT members collaborate today, and explore how they might improve their work together in the future. If technology assurance is truly “incident response played backwards,” how can these two types of teams help each other create a safer tomorrow?

    June 28, 2022 17:30-18:30

  •  NL PL FRTLP:CLEAR

    SIM3 Hands On

    The SIM3 training instructors from Open CSIRT Foundation will lead a roundtable with teams (and sponsors) to go through the SIM3 Assessment Tool and answer questions. Teams applying to FIRST and their sponsors are encouraged to attend as SIM3 is now a FIRST application requirement. Recommended to attendees of the Sunday SIM3 training as follow-up.

    June 30, 2022 10:15-12:15