Aaron Allen brings over 15 years of extensive experience in public sector cybersecurity, working across academia and international organizations. Currently, he serves at the NATO Cyber Security Centre, where he focuses on developing capabilities that support NATO's cyber defenders. His previous roles include security operations and leading incident response efforts at the International Atomic Energy Agency and the University of Kentucky, contributing to his deep expertise in safeguarding critical systems. As an alumnus of the Dragon Research Group, Mr. Allen contributed to the founding of the annual CTF event, a key feature of the FIRST annual conference.

Adli Wahid is a Senior Internet Security Specialist at APNIC. He is an active member of the security community and involved in many capacity development project. Adli is currently the lead for the APNIC Community Honeynet Project. Prior to joining APNIC, he had served the Bank of Tokyo Mitsubishi-UFJ & the Malaysia CERT (MYCERT).

Andreas is a seasoned Cyber Threat Intelligence (CTI) analyst and Threat Hunter (TH) with over 15 years in cybersecurity. He currently specializes in the analysis of adversary tradecraft, providing actionable intelligence for strategic and tactical use, and leading and supporting hunting programs and various intelligence initiatives for mission success.

Throughout his career, Andreas has led multiple teams in threat intelligence, detection engineering, and incident investigation. His experience includes hands-on work as a CSIRT manager for multiple organisations, and conducting CSIRT maturity assessments and advisory roles based on frameworks such as SIM3, MRD-IMC, CSF, ISO/IEC 27035, and NIST SP 800-61. Additionally, he has acted as an incident commander and forensics expert in incident response engagements involving advanced threat actors, incl. nation-state actors and organized crime groups (OCG).

He strongly advocates for intelligence-driven defense to mitigate complex cyber threats and collaborates with other CTI researchers for investigation, profiling and tracking. He is dedicated to improving detection- and hunting capabilities by deeply understanding adversary tactics and techniques, as well as refining methods for operationalizing intelligence. Andreas holds a Master’s degree in Information Security and is an active participant in Capture the Flag events, continuously honing his skills.

Apart from pivoting and dissecting threats, Andreas is found coaching young football- and chess talents in his local community.

Andreas Mühlemann has been working over 15 years in IT security. He has worked for different industries like Finance, Industry, Logicstic, Electricity, Research and has a broad background in Cyber Security, Network Security and Linux Security. His current role in the CTI Team of Swisscom includes Cyber Threat Intelligence, IOC sharing, malware analysis and network security. He's actively contributing in FIRST SIGs and passionate about open source software.

Chung-Kuan Chen is currently serving as the security research director at CyCraft, where he is responsible for organizing and leading the research team. He also holds a position as Adjunct Assistant Professor at Soochow University in Taiwan. He earned his PhD degree in Computer Science and Engineering from National Chiao-Tung University (NCTU). Chung-Kuan Chen's research focuses on cyber attack and defense, machine learning, software vulnerability, malware and program analysis. He also is also dedicated to security education and has founded the NCTU hacker research club, where he has trained students to participate in world-class security contests. He has also participated in DEFCON CTF (2016 as part of the HITCON Team and 2018 as a coach of the BFS team). He has organized the BambooFox Team to join several bug bounty projects, leading to the discovery of CVEs in COTS software and several vulnerabilities in campus websites. In addition, he has given technical presentations at conferences such as BlackHat, HITCON, CHITB, RootCon, CodeBlue, FIRST and VXCON. As an active member in Taiwan security community, he serves as chairman of the HITCON review committee, as director of Association of Hacker In Taiwan and is a member of CHROOT - the top private hacker group in Taiwan.

Derrick Scholl is the Sr. Director of Juniper Network’s Security Incident Response Team (SIRT). Derrick has been leading Product SIRTs for more than 20 years with previous positions at Oracle and Sun Microsystems.

Since attending his first FIRST conference in Chicago in 2000, Derrick has been a huge FIRST enthusiast. He’s been to every Annual Conference since and attended countless regional conferences, symposia, and TCs. He was elected to the FIRST Board of Directors in 2006 and served two terms as the Chairman of FIRST in 2007 and 2008. He stepped down from the Board in 2009 but came back to serve an additional 8 years from 2011-2019.

Because of his passion for the Annual Conference, Derrick served as the Board Liaison or Conference chair for the conferences in Berlin, Puerto Rico, and Edinburgh. Since leaving the Board, Derrick has served on the Program Committee for the last five conferences.

Enrico Lovat received his PhD from the Technical University of Munich for his research on the topics of usage control and information flow tracking. He joined Siemens CERT in 2016 in the dual role of Incident Handler and Cyber Threat Intelligence Team Lead. In 2022 he moved to Siemens Technology as Principal Key Expert, supervising the research in technologies and innovations for cybersecurity services.

Harish Shankar is currently working as Director – Head of Product Vulnerability Management in Schneider Electric. In this role, he heads Schneider Electric’s PSIRT Team which is represented as SE - Corporate Product Cyber Emergency Response Team (CPCERT) where he is responsible for defining and governing product vulnerability response.

Prior to this role, he handled Product Incident Response and has hands-on experience on Incident Response and Digital Forensics. He also held the positions of Information Security Officer for the APAC region in Schneider Electric.

Hendrik Adrian (Rick) earned his Bachelor’s degree in Electrical Engineering before completing a Master of Science in Computer and Information Sciences. He began his career directly in IT security, focusing on UNIX systems' security hardening. One of his notable accomplishments was serving as co-founder and CEO of the regional office of a known antivirus product in Japan for 6 years, where he acted as both a technical leader and business executive. Following his retirement from this role, he established his own security protocol filtration product and service in Japan for the next 11 years.

Afterward, in the past 10 years after he joined the LAC Cyber Emergency Center, contributing as Team LACERT representative. In this period Rick has also supported the Japanese government through various educational security initiatives with the Information-Technology Promotion Agency (IPA). As an active participant in both local and international security communities, he has shared his expertise as a speaker and trainer at numerous conferences, including IOTSecJP, R2CON, BotConf, AV Tokyo, ROOTCON, BruCON, DefCon Japan, and HACK.LU.

Additionally, he has contributed to security education through events such as the All Japan Security Camp and the IPA ICSCoE's CyberCrest program. He is mostly known for his effort to organize a global network of security engineers to create a malware analysis initiative aimed at curbing malware distribution, in this effort his technical writings as contribution for security community can be found on https://blog.malwaremustdie.org, with further achievements documented on https://en.wikipedia.org/wiki/MalwareMustDie .

Jacomo Piccolini joined Team Cymru in 2012 as part of the Outreach Team and is based in Brazil. Prior to working at Team Cymru, he worked at the Brazilian Research and Academic Network, at their Academic CSIRT, and acted as the Academic Coordinator for the Educational School’s security and IT governance curriculum. With 23 years of field experience, Jacomo holds a degree in Engineering and a post-graduate degree in Computer Science and Business Administration. Jacomo is known globally due to his long time involvement in FIRST (The Forum for Incident Response and Security Teams). He is a Liaison Member of FIRST and the team representative for Team Cymru. Jacomo is also Team Cymru representative at OIC-CERT.

Previously Jacomo coordinated hands-on activities for FIRST and is now contributing on the Membership Committee. Jacomo is also known for his work and contributions within several security communities and trust-based groups, serving as an advisor, doing pro bono work and as an elected board member. Jacomo is responsible for Team Cymru's Community Services, including the CSIRT Assistance Program (CAP) and the Data Sharing Partnerships. When possible he returns to education, teaching network forensics and CSIRT security courses, at the post-graduate level, as an invited professor. When not working to make our networks safer places, Jacomo spends time doing his other great love, photography.

Jeroen van der Ham is associate professor in the Design and Analysis of Communication Systems (DACS) group at the University of Twente. He enjoys interdisciplinary research, bridging the gap between theory and practice, and is a proud member of the FIRST community. His research focuses on vulnerability prioritisation and management, incdent response, the many developments in coordinated vulnerability disclosure and ethics of cybersecurity and computer science.

Jorge Merchán, cybersecurity specialist in CEDIA's CSIRT, leads the areas of SOC, CSIRT and GRC in CEDIA, member of the national network of trust in Ecuador, member of the EduLACSeg workgroup coordinated by Red CLARA. Working in cooperation with other incident response teams, with international organizations (such as LACNIC, FIRST and GEANT). Experienced in Project Management, Research, Security Monitoring, Identity Management, Security QA (SAST/DAST), SecDevOps, Ethical Hacking, Hardening, IT Security Incident and Event Management, Regulations (ITIL, ISO 27001/27002, 27701, GDPR), passionate about technology, cybersecurity, information security, IT security. He was a member of the Program Committee of the 35th Annual FIRST Conference (2023).

Mr. Lawrence Muchilwa is an accomplished professional with a distinguished career in cybersecurity, IT operations, strategy, policy, and stakeholder engagement. He is currently pursuing a PhD, building upon his Master’s degree in Information Systems Technology and a Bachelor’s degree in Computer Science.

With over a decade of diverse professional experience, Mr. Muchilwa has excelled in roles such as senior consultant, subject matter expert, lead trainer, and departmental head across various regional and global organizations. His work has spanned East Africa, the Middle East, the Americas, and the Asia Pacific, demonstrating his ability to adapt to and thrive in multicultural and multidisciplinary environments. In his capacity as the African Regional Liaison for the Forum of Incident Responder and Security Teams (FIRST), Mr. Muchilwa plays a crucial role in fostering collaboration and enhancing incident response capabilities across the continent. As a fellow at the Africa Cyber Defense Forum (ACDF), he contributes to shaping the discourse on cybersecurity defense strategies in Africa, ensuring that the region is equipped to address emerging threats. His contributions to cybersecurity are underpinned by a commitment to community development, excellence, innovation, and continuous learning and an ability to bridge technical expertise with strategic insight.

Mr. Muchilwa is also a pivotal figure in the Africa regional cybersecurity landscape, where he leads the Research and Innovation Working Group at the Kenya Cybersecurity and Forensic Associations (KCSFA). His leadership extends to the community level as the founder of BSides Nairobi, a vibrant community of cybersecurity professionals, thought leaders, and innovators dedicated to advancing cybersecurity knowledge and practices.

Lisa Lobmeyer works in Incident Response at HiSolutions as Team Lead, helping organizations affected by IT security incidents. She is responsible for managing HiSolutions daily IR business as well as advancing HiSolutions' participation in various communities. She enjoys helping people discover hidden talents during crisis.

Logan Wilkins currently leads a software engineering team in Cisco’s CSIRT, overseeing development programs related to incident detection and response, data management, and security metrics. Within FIRST he is the co-chair of the Metrics SIG and has served as a Candidate Sponsor for multiple groups. In addition to his experience in Cisco’s security organization, Logan has also worked in e-commerce, pharmaceutical drug discovery and was previously a high school teacher, giving countless students their first introduction to Computer Science.

Martin is a veteran in IT Security. After his university degree in civil engineering, he right away started as a programmer and system engineer, then had multiple lead functions and since >20 years he is employed by Trend Micro. He founded the “Virus Help Munich” 1992 and is working in the field of Security since then. He is heading the Forward-looking Threat Research team (FTR) at TREND MICRO and in this function working with CERTs and law enforcement around the globe. He is attending FIRST conferences since 2009, participated in the PC 2020 and his team is an active contributor to all FIRST events and activities.

Michael Hamm has worked for more than 10 years as Ingenieur-Sécurité in the field of classical Computer and Network Security (Firewall, VPN, AntiVirus) at the research centre “CRP Henri Tudor” in Luxembourg. Since 2010, he has been working as an operator and analyst at CIRCL – Computer Incident Response Centre Luxembourg where he is working on forensic examinations and incident response.

Milan is the head of SK-CERT, Slovakia's national CSIRT team. He has been active in cybersecurity, software development, Unix/Linux, and networking for 30 years. His expertise lies in technical topics such as low-level programming, penetration testing, malware analysis, building CSIRT capabilities, and troubleshooting. He has co-authored several projects, including the security framework in the Linux OS kernel and the TCP/IP stack in Z80 assembler. In his spare time, he teaches courses on binary vulnerabilities and forensic analysis at the Faculty of Informatics and Information Technologies at the Slovak University of Technology (STU). Milan has not missed a FIRST annual conference since 2018 and served on the Program Committee for the 2023 annual event in Montreal.

Olivier CALEFF is a FIRST Liaison member in the FIRST community, and is a member of the Board of Directors at FIRST. He has been involved in incident management and CSIRT-related organizations (FIRST, TF-CSIRT, CSIRTs Network, InterCERT-FR) since 1996. He contributed to bootstrap CSIRTs in France since 2005 and performed FIRST site visits since 2013. He is an advocate of OpenCSIRT Foundation’s SIM3 (Security Incident Management Maturity Model), and a SIM3 Certified Auditor. He also contributes to various SIGs. Olivier CALEFF is currently a Cyber Resilience and CSIRT Expert at ERIUM. He previously worked for SANODI, global healthcare supplier, and CERT-FR – the French governmental CSIRT. He has been teaching security for 30 years in French and English, including the delivery of TRANSITS and FIRST security trainings.

LinkedIN profile: https://www.linkedin.com/in/caleff/

Otgonpurev Mendsaikhan (Ogo) is a board member and international liaison at MNCERT/CC and has an interest in threat intelligence, information sharing and vulnerability research. He has written academic papers on automated cyber threat intelligence, utilization of natural language processing in cyber threat intelligence. He holds a PhD in Informatics from the Nagoya University of Japan and Masters in Information Security from Carnegie Mellon University of USA. He is a proud FIRST member, and looks for collaborative research and intelligence sharing in FIRST community.

Shin Adachi is a distinguished incident responder with extensive global experience, having worked across the East and West coasts of the United States, Japan, and various Asia Pacific countries.

He has been active in FIRST community by contributing to various Committees and special interest groups. He has also actively contributed to, or spoke at other renowned security communities, including ENISA, NIST, ITU-T, Liberty Alliance, Infosec Taiwan, Asia PKI Consortium, and a notable public-private partnership. He holds CISSP, CISM, CISA, and PMP.

Tobias holds an MSc in Computer Science, specializing in Systems Security, Cryptography, and Networking. After working as a sysadmin at the Scientific Supercomputing Centre Karlsruhe (SSCK) since 2004, he became a founding member of the Karlsruhe Institute of Technology's CERT (KIT-CERT) in 2008, which he headed as team lead from 2011 to 2018. Since 2020, he is a senior analyst and team leader of the Cyber Threat Intelligence team at DFN-CERT the German NREN CERT. He is also a member of the EGI CSIRT and the eduGAIN CSIRT as well as a founding member of SAFER.

Tom Millar has served in CISA for 15 years, working to strengthen the agency's information sharing capabilities, increasing the level of public, private and international partner engagement, and supporting initiatives to improve information exchange by both humans and machines, such as the standardization of the Traffic Light Protocol and the development of the Structured Threat Information eXpression. Prior to his cybersecurity career, he served as a linguist with the 22nd Intelligence Squadron of the United States Air Force. Mr. Millar holds a Master's of Science from the George Washington University and is a Distinguished Graduate of the National Defense University's College of Information and Cyberspace.

Trey Darley works at Accenture Security in Brussels, where he is setting up a security testing lab of sorts, and trying to do some good for the world. Trey has been a long-standing member of the FIRST community, and has served a variety of volunteer roles, including a term on the FIRST board, during which he co-founded the FIRST standards committee. Trey is well known for his work on open cybersecurity standards like STIX/TAXII and others. He's also been aligned with the Langsec faction for many years. Trey's patron saints are Grace Hopper and Paul Erdös.

Ulrich holds an MSc in Computer Sciences (main topics: forensic, security and robotics). After serving in the German Navy as a Naval Flight Officer for 15 years and completing his universal degree, he joined the KIT-CERT of the KIT (Karlsruher Institute of Technology in Karlsruhe, Germany) from 2011 to 2019. Since 2019 he is a senior IT security manager at the "Energie Baden-Württemberg AG" (EnBW; German energy provider and power authority) and is one of two team leaders of the EnBW-CERT.

Vegar is a security advisor at Sopra Steria who focuses on developing capabilities and maturity of operational security teams. He spent the first two decades of his career at Telenor, initially on the IT Operations side, then gradually transitioning to anti-fraud and ultimately security monitoring and incident response, as these fields emerged as increasingly more important factors in protecting a global telco's critical infrastructure. With experience ranging from the depths of datacenters, the intricacies of corporate IT processes and the relentless demands of the IR frontlines, he is a strong advocate for collaboration, believing that teams can greatly benefit from sharing their successes and learning from their mistakes. As one of the founding organizers of the annual FIRST TC in Oslo, Vegar is now excited to also contribute to the FIRSTCON25 program.

Will began his career serving in the US Marine Corps, joined US-CERT (Now CISA) as a Network Security Analyst working for 10+ years in government and military roles. Will moved into the private sector working with Koch Industries and continued his role as a Senior Security Analyst and Engineer and played a variety of other roles including Enterprise Security Architect, CIO, CTO, and CISO. Will joined Team Cymru in April of 2022 as a Security Engineer focused on advanced Threat Intelligence & Threat Hunting.