FIRST Impressions Podcast

In this episode, the FIRST Podcasters interview FIRSTCON24 Program chair, Taki Uchiyama about the upcoming 36th Annual FIRST Conference to be held in Fukuoka, Japan, June 9-14, 2024. Under the theme of “Bridging Security Response Gaps”, Taki shares the importance of communication and collaboration within the security community and his hopes for the 2024 conference. This episode shares an inside look at the challenges of scheduling keynote speakers and the anticipation of a rich selection of presentations. Taki also shares tidbits about the rich cultural and historical attractions of Fukuoka city.

In this short episode, the FIRST Podcasters interview FIRSTCON24 Program chair, Taki Uchiyama. The 36th Annual FIRST Conference will be held in Fukuoka, Japan, June 9-14, 2024, under the theme: “Bridging Security Response Gaps”. Taki shares some of the topics he hopes to highlight next year including improving industry diversity and showcasing emerging security teams. Tune in for details on how to get involved in FIRSTCON24!

In this episode, the FIRST Podcasters interview FIRSTCON23 Keynote speaker, Lesley Carhart and discuss her session: “How Did We Get Here? The History and Future of Cyberattacks against Industrial Control Networks”. Lesley explains and explores the complicated history of Industrial incident response and just how cybersecurity affects physical systems.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Umair Bukhari and discuss his conference session: “Extra-Ordinary Vulnerability Coordination – A Method to the Madness”. Umair highlights Ericsson’s newly established PSIRT framework for Extra-Ordinary Vulnerability Coordination (EVC) and the necessary actions, work streams, and communication that must be put in place to efficiently handle such events. Umair shares thoughtful steps for others to adopt the model.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Dr. Eugene Spafford and his partner, Dr. Pattie Spafford. Together they discuss their recently published book, “Cybersecurity Myths and Misconceptions” co-authored by Leigh Metcalf, and Josiah Dykstra. They touch on the importance of communication and clear terminology that surpasses cultural barriers. Cybersecurity is people-centric and yet so much has been done by tech specialists without the end user in mind, the book proposes steps to clear language with metaphoric illustrations by Pattie.

In this episode, the FIRST Podcasters interview FIRSTCON23 Diamond Sponsor Rep, Vinay Bansal, the CTO of Cisco’s CSIRT. Vinay discusses Cisco’s long history with FIRST and its Special Interest Groups (SIGs) and shares details on Cisco’s new initiative for Attack Surface Management. This episode highlights the importance of information sharing and mentoring and how FIRST conferences have been a platform to create invaluable global relationships.

In this episode, the FIRST Podcasters interview FIRSTCON23 speakers, Kevin Hagopian and Emer O’Neill, and discuss their conference session: “Small But Mighty - The Crucial Role a PSIRT Plays in Customer Trust, Adoption and Renewal”. Kevin and Emer highlight the evolution of a PSIRT within a software company, and how to best adapt processes and policies to protect a company’s brand.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Jaromir Horejsi, and preview his upcoming conference session: “Abusing Electron-Based Applications in Targeted Attacks”. Jaromir provides an overview on Electron frameworks and how they are targeted and attacked by infection vectors.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Koen van Hove, and preview his upcoming conference session: “SPooFd: How to Spoof Mails, Even with Full SPF and DMARC Protection”. Providing a brief history of the internet and email, Koen explains how email spoofing started and transformed. Koen spotlights big vendors and how they approach email security. In his talk, Koen will demonstrate how SPF and DMARC protections are bypassed and outline a path to better security.

In this episode, the FIRST Podcasters interview Jay Jacobs, who is a co-chair of the Exploit Prediction Scoring System Special Interest Group (EPSS SIG) and one of the founders of the Cyentia Institute. Evolving over the last year and a half, EPSS works to gather as much data as possible on vulnerabilities and look for indicators that something will be exploited in the future. Scores are updated daily with new evidences gained on potential exploitations. It is nearly impossible for companies to keep up with all their vulnerabilities, so prioritization is a must. Exploitation activity helps narrow down what’s important. The EPSS SIG is constantly updating and improving models to close gaps.