first2015 conference program

CONFERENCE PROGRAMOverview

June 13th, SaturdayPre-Conference

June 14th, SundayPre-Conference

June 15th, MondayPotsdam IPotsdam IIIBellevueCharlottenburgOther Meetings

June 16th, TuesdayPotsdam IPotsdam IIIBellevueCharlottenburgOther Meetings

June 17th, WednesdayPotsdam IPotsdam IIIBellevueCharlottenburgOther Meetings

June 18th, ThursdayPotsdam IPotsdam IIIBellevueCharlottenburgOther Meetings

June 19th, FridayPotsdam IPotsdam IIIBellevueOther Meetings

June 13th, SaturdayPRE-CONFERENCE

10:00 17:00 FIRST Education & Training Committee Meeting - Check

June 14th, SundayPRE-CONFERENCE

09:00 16:30 Train the Trainers - RookDon STIKVOORT (Avalon Coaching & NLP), Lauri PALKMETS (ENISA)

09:00 17:00 FIRST Training - CheckFIRST Education Summit III (Invite Only) - Bellevue

15:00 16:00 Session Chair Volunteers Meeting - Knight

17:00 18:00 Ambassador Program Training - Rook

18:30 19:00 Newbie Reception - Pavillon

19:00 21:00 Ice Breaker Reception - Pavillon

1

June 15th, MondayPOTSDAM I POTSDAM III BELLEVUE CHARLOTTENBURG OTHER MEETINGS

09:15 09:30 Conference Opening - Potsdam I

09:30 10:00 Keynote Presentation - Potsdam ICornelia ROGALL-GROTHE (German State Secretary & Federal Government Commissioner for Information Technology)

10:00 10:30 Morning Networking Break - Conservatory / Potsdam Foyer

10:30 11:00 Behind the Scenes this Week at FIRST - Potsdam I

11:00 12:00 Adventures inFighting CybercrimeMr. Piotr KIJEWSKI(CERT Polska/NASK)

A Proposal forCybersecurityMetrics ThroughCyber GreenYurie ITO (JPCERT), Mr.Wes YOUNG (CSIRTGadgets)

Building instantlyexploitableprotection foryourself and yourpartners againsttargeted cyberthreats using MISPMr. Andras IKLODY(NATOCommunications andInformation Agency)

CVSS - BoF - Chess

12:00 13:00 Lunch - LA Caf & Pavillon

13:00 14:00 The Crack inKrakenBOTMr. Peter KRUSE (CSISSecurity Group A/S)

I'm Sorry to InformYou...Mr. Eireann LEVERETT(Cambridge Centre forRisk Studies), Dr.Marie MOE (SINTEFICT)

3J4E - JIGSAW,JUMPSTART,JUNCTURE: ThreeWays to Enhance Cyber-Exercise-ExperienceMr. Stefan RITTER(National IT-SituationCentre and CERT-Bund, German FederalOffice for InformationSecurity BSI)

BetterCrypto.orgWorkshop and Hands-on TrainingMr. David DURVAUX(BetterCrypto.org), Mr.Aaron ZAUNER (Azet),Mr. L. Aaron KAPLAN(CERT.at)

14:00 14:30 So You Want aThreat Intelligence*Function (*But WereAfraid to Ask)Mr. Gavin REID(Lancope)

Working Towards theTokyo 2020 Olympics- Situation in 2015Ms. Mariko MIYA (CDI-CIRT (Cyber DefenseInstitute, Inc.) - Japan)

Everyday Etiquette:Responding toUncoordinatedDisclosuresMs. Laura RABA (US-CERT)

BetterCrypto.orgWorkshop and Hands-on Training (cont.)

Vendor - SIG - Chess

14:30 15:00 Afternoon Networking Break - Conservatory / Potsdam Foyer

14:30 15:00 Vendor - SIG (cont.)

15:00 16:00 Threat InformationSharing;Perspectives,Strategies, andThreat ScenariosMr. Timothy GRANCE(NIST), THOMASMILLAR (US-CERT), Mr.Pawel PAWLINSKI(CERT Polska / NASK),Mr. Luc DANDURAND(ITU), Sarah BROWN(Fox-IT)

Malware in YourPipes: The State ofSCADA MalwareMr. Kyle WILHOIT(Trend Micro)

Collecting, Analyzingand Responding toEnterprise Scale DNSEventsMr. Bill HORNE(Hewlett-Packard)

BetterCrypto.orgWorkshop and Hands-on Training (cont.)

Vendor - SIG (cont.)

16:00 17:00 Barriers andPathways toImproving theEffectiveness ofCybersecurityInformation SharingAmong the Publicand Private SectorsLaura FLETCHER(George MasonUniversity), Kristin M.REPCHICK (GeorgeMason University),Julie STEINKE (GeorgeMason University)

FIRST Update:Financial & BusinessReview

Incident ResponseProgramming with RMr. Eric ZIELINSKI(Nationwide)

Vendor - SIG (cont.)

17:00 17:30 Lightning Talk FIRST Update:Financial & BusinessReview (cont.)

17:30 18:00 Lightning Talk (cont.) 2

June 16th, TuesdayPOTSDAM I POTSDAM III BELLEVUE CHARLOTTENBURG OTHER MEETINGS

08:45 09:00 Opening Remarks - Potsdam I

09:00 09:45 Keynote Presentation: Securing our Future - Potsdam IMikko HYPPONEN (F-Secure)


10:15 11:15 Fact Tables - A CaseStudy in ReducingReactive IntrusionTime-to-Know by95%Mr. Jeff BOERIO (IntelCorp.)

SecAdmin -Mitigating APTs Tools for theAdministratorMr. David JONES(Cisco)

Quality OverQuantityCuttingThrough CyberthreatIntelligence NoiseMr. Rod RASMUSSEN(IID)

CSIRT Info SharingWorkshopShari LAWRENCEPFLEEGER (I3P-Dartmouth-GMU-NL-SE (various CSIRTS))

11:15 11:45 Prepare YourCybersecurity Teamfor SwiftContainment PostIncidentMr. MichaelHARRINGTON (FidelisCybersecuritySolutions)

A Day in the Life of aCyber IntelligenceProfessionalMs. KatherineGAGNON (World BankGroup)

Seven Years in MWS:Experiences of theCommunity BasedData Sharing for Anti-Malware Research inJapanDr. Masato TERADA(Hitachi IncidentResponse Team),Yoichi SHINODA(JAIST), MitsuhiroHATADA (NTTCommunicationsCorporation)

CSIRT Info SharingWorkshop (cont.)


12:45 13:15 Overview of SouthKorea TargetMalwaresMrs. Dongeun LEE(KRCERT/CC, KISA)

When BusinessProcess and IncidentResponse Collide:The Fine-Tuning ofthe IR ProgramMs. Reneaue RAILTON(Duke Medicine)

Ce1sus: AContribution to anImproved CyberThreat IntelligenceHandlingMr. Jean-Paul WEBER(GovCERT.lu)

Hands-on NetworkForensicsMr. Erik HJELMVIK (FMCERT)

Network Monitoring -SIG - Chess

13:15 14:15 The CybercrimeEvolution in Brazil:An Inside View ofRecent Threats andthe Strategic Role ofThreat IntelligenceMr. Ricardo ULISSES(Tempest SecurityIntelligence), Mr. AldoALBUQUERQUE(Tempest SecurityIntelligence)

Security Operations:Moving to aNarrative-DrivenModelMr. Joshua GOLDFARB(FireEye)

Case Study: CreatingSituationalAwareness in aModern World.Mr. Michael MEIJERINK(NCSC-NL)

Hands-on NetworkForensics (cont.)

Network Monitoring -SIG (cont.) - Chess


14:45 15:45 Enabling Innovationin Cyber SecurityMr. Michael GORDON(Lockheed Martin)

Technology, Trust,and Connecting theDotsMr. George JOHNSON(NC4), Mr. WayneBOLINE (DIB ISAC(DSIE)), DeniseANDERSON (FS-ISAC)

Bring Your OwnInternet Of Things(BYO-IoT)Mr. Jake KOUNS (RiskBased Security), Mr.Carsten EIRAM (RiskBased Security)


VRDX - SIG - Check

15:45 16:45 DSMS: AutomatingDecision Support andMonitoring Workflowfor IncidentResponseMr. Chris HORSLEY(CSIRT Foundry), Mr.SC LEUNG (HKCERT)

CrisisCommunication forIncident ResponseMr. Scott ROBERTS(GitHub)

Cyber SecurityChallenges in theFinancial Sector:Internal and ExternalThreatsMs. Rosa XochitlSARABIA BAUTISTA(Mnemo-CERT)


VRDX - SIG (cont.)

17:00 18:00 Energy - SIG - Chess

17:00 19:00 Vendor Showcase Reception - Conservatory / Potsdam Foyer

3

June 17th, WednesdayPOTSDAM I POTSDAM III BELLEVUE CHARLOTTENBURG OTHER MEETINGS


09:00 10:00 Keynote Presentation: Europols European Cybercrime Centre punching above its weight - Potsdam IPhilipp AMANN (European Cybercrime Centre, Europol)


10:30 11:30 Passive Detectionand ReconnaissanceTechniques to Find,Track and AttributeVulnerable "Devices"Mr. AlexandreDULAUNOY (CIRCL -Computer IncidentResponse CenterLuxembourg), Mr.Eireann LEVERETT(Cambridge Centre forRisk Studies)

TBA FIRST Update:Education & Training

CVSS v3 Hands-onTrainingMr. Seth HANFORD(TIAA-CREF)

Metrics - SIG - Check

11:30 12:30 National CyberProtection throughFacilitation. RealCases by CERT-UAMr. Nikolay KOVAL(CERT-UA)

Traffic Light Protocol(TLP) - BoFTom MILLAR (US-CERT)

Sustainable CSIRTS -SIGMr. Jamie LORD(CERT/CC), Tracy BILLS(CERT/CC), WassieGOUSHE (CERT/CC),Bill JONES (CERT/CC)

CVSS v3 Hands-onTraining (cont.)

Metrics - SIG (cont.)


13:30 14:30 The Future ofInformationExchange PolicyMr. Paul MCKITRICK(Microsoft), Ms. MerikeKAEO (IID)

Data-Driven ThreatIntelligence: UsefulMethods andMeasurements forHandling IndicatorsMr. Alexandre PINTO(Niddel), Mr.Alexandre SIEIRA(Niddel)

Sinfonier: StormBuilder for SecurityIntelligenceMr. Fran GOMEZ(Telefonica), Mr.Leonardo AMOR(Telefonica)

Hands-on PenTesting iOS AppsMr. Kenneth VAN WYK(KRvW Associates, LLC)

Policy - BoF - ChessMr. Don STIKVOORT


15:00 16:00 Theory and Practiceof Cyber Threat-IntelligenceManagement UsingSTIX and CybOXDr. Bernd GROBAUER(Siemens)

The Needle in theHaystackMr. Jasper BONGERTZ(Airbus Defence andSpace CyberSecurityGmbH)

How We Saved theDeath Star andImpressed DarthVaderMr. Matthew VALITES(Cisco CSIRT), Mr. JeffBOLLINGER (CiscoCSIRT)

Hands-on Pen TestingiOS Apps (cont.)

CSIRT Maturity Kit -BoF - ChessMr. Don STIKVOORT

16:00 17:00 Validating andImproving ThreatIntelligenceIndicatorsMr. Douglas WILSON(FireEye)

Malware AnalysisCase Study &ExperimentalEvaluation on theApplicability of LiveForensics forIndustrial ControlSystemsMr. Yuji KUBO (CFC),Mr. Kensuke TAMURA(CFC)

Machine Learning forCyber SecurityIntelligenceMr. Edwin TUMP(NCSC-NL)

Hands-on Pen TestingiOS Apps (cont.)

FIRST MembershipInformation Session -Check

17:00 18:00 Lightning Talks

18:30 19:15 Reception at the Postbahnhof

19:15 22:00 Banquet at the Postbahnhof

4

June 18th, ThursdayPOTSDAM I POTSDAM III BELLEVUE CHARLOTTENBURG OTHER MEETINGS


09:15 10:00 Keynote Presentation: Collaborative Security - Reflections about Security and the Open Internet - Potsdam IOlaf KOLKMAN (Internet Society)


10:30 11:00 Evaluating theEffectiveness ofFuzzy HashingTechniques inIdentifyingProvenance of APTBinariesMs. Bhavna SOMAN(Intel Corporation)

Protecting Privacythrough IncidentResponseMr. Andrew CORMACK(Jisc)

Building CommunityPlaybooks forMalware EradicationMr. Christian SEIFERT(Microsoft)

VulnerabilityCoordination - SIG

CERT Directory API -BoF - Chess

11:00 11:30 Recent Trends ofAndroid MaliciousApps: Detection AndIncident Response inSouth KoreaMr. Inseung YANG(KrCERT/CC), Ms.Jihwon SONG(KrCERT/CC)

Defining andMeasuring CapabilityMaturity for SecurityMonitoring PracticesMr. Eric SZATMARY(Dell SecureWorks)

Building CommunityPlaybooks for MalwareEradication (cont.)

VulnerabilityCoordination - SIG(cont.)

CERT Directory API -BoF (cont.)

11:30 12:00 A Study on theCategorization ofWebshellMr. Jae Chun LEE(KISA, KrCert/CC), Mr.Jinwan PARK(KrCERT/CC)

ENISA ThreatLandscape: Currentand Emerging ThreatAssessmentDr. Louis MARINOS(ENISA)

A Cognitive Study toDiscover How ExpertIncident RespondersThinkMr. Sam J. PERL (CMUSEI CERT/CC)

VulnerabilityCoordination - SIG(cont.)


13:00 14:00 VRDX-SIG: GlobalVulnerabilityIdentificationMr. Art MANION (CMUSEI CERT/CC), Mr.Takayuki UCHIYAMA(JPCERT/CC), Dr.Masato TERADA(Hitachi IncidentResponse Team)

Effective TeamLeadership andProcessImprovement ForNetwork SecurityOperatorsMr. Jeremy SPARKS(United States AirForce)

Global StandardsUnification - How EUNIS Platform, NISTand IETF Standardsare BreakingBarriers forInformation Sharingand AutomatedActionMs. Merike KAEO (IID)

Whos worked onCSIRT andCybersecurityCapacityDevelopment inAfrica? - BoF - CheckMr. Jamie LORD(CERT/CC), Tracy BILLS(CERT/CC), WassieGOUSHE (CERT/CC),Bill JONES (CERT/CC)

14:00 15:00 Il Buono, il Brutto, ilCattivo: Tales fromIndustryMr. Rich BARGER(ThreatConnect Inc.),Mr. Andre LUDWIG(Novetta Solutions)

Unifying IncidentResponse Teams ViaMultilateral CyberExercise forMitigating CrossBorder Incidents:Malaysia CERT CaseStudyMrs. Sharifah RoziahMOHD KASSIM(MyCERT,CyberSecurityMalaysia)

A Funny ThingHappened on theWay to OASIS: FromSpecifications toStandardsTom MILLAR (US-CERT)

IPv6 Security Hands-onMr. Frank HERBERG(SWITCH-CERT)

Whos worked onCSIRT andCybersecurity CapacityDevelopment inAfrica? - BoF (cont.)~Ending 14:30~


15:30 17:30 AGM (Members Only) -Potsdam I

IPv6 Security Hands-on (cont.)

5

PLATINUM SPONSOR

NETWORK SPONSOR

GOLD SPONSOR

LOCAL HOST DIAMOND SPONSOR

BANQUET SPONSOR

27th ANNUAL FIRST CONFERENCE BERLIN 14-19 JUNE 2015

June 19th, FridayPOTSDAM I POTSDAM III BELLEVUE OTHER MEETINGS


09:00 10:00 Keynote Presentation: Thecybercrime techniques,tactics and procedures(TTP) have evolvedtowards the mobile appsworld - Potsdam IMr. Chema ALONSO(Telefonica/Eleven Paths)

Internet Architecture Board(IAB) and Internet Society(ISOC) workshop onCoordinating AttackResponse at Internet Scale(CARIS)


10:00 10:15 IAB and ISOC Workshop(cont.)

10:15 11:15 Building CERT Team andResponding Incidents inthe Large EnergyCompany.Mr. Miroslaw MAJ(Cybersecurity Foundation)

Implementation ofMachine Learning Methodsfor Improving DetectionAccuracy on IntrusionDetection System (IDS)Mr. Bisyron MASDUKI (Id-SIRTII), Mr. MuhammadSALAHUDDIEN (Id-SIRTII)

Streamlined IncidentResponse from a ForensicPerspectiveMatthew ROHRING (U.S.Department of HomelandSecurity / U.S. ComputerEmergency Readiness Team)

IAB and ISOC Workshop(cont.)

11:15 11:45 Sector Based CyberSecurity Drills - LessonsLearntMr. Malagoda PathiranageDILEEPA LATHSARA(TechCERT)

Keeping Eyes on MaliciousWebsites - ChkDefaceAgainst Fraudulent SitesMr. Hiroshi KOBAYASHI(JPCERT/CC), TakayukiUCHIYAMA (JPCERT)

Discovering Patterns ofActivity in UnstructuredIncident Reports at LargeScaleDr. Bronwyn WOODS (CERTProgram, SEI, CMU),THOMAS MILLAR (US-CERT),Mr. Sam J. PERL (CERT CC)

IAB and ISOC Workshop(cont.)

12:00 13:00 Closing Remarks - Potsdam I





Powered by TCPDF (www.tcpdf.org)

Thu, 04 Jun 2015 12:00:24 +0000

Conference ProgramJune 13th, SaturdayJune 14th, SundayJune 15th, MondayJune 16th, TuesdayJune 17th, WednesdayJune 18th, ThursdayJune 19th, Friday

first2015 conference program

Documents