Cisco CSIRT is a global team of information security professionals responsible for the 24/7 monitoring, investigation and response to cybersecurity incidents for Cisco-owned businesses. CSIRT engages in proactive threat assessment, mitigation planning, incident detection and response, incident trending with analysis, and the development of security architecture.

CSIRT is a part of the Forum of Incident Response and Security Teams (FIRST). Comprised of over 400 members globally, FIRST provides a collaborative platform for public and private sector CSIRTs from government, commercial, and educational organizations. Among their activities, FIRST holds a series of events including a global annual conference each June, and regional Symposia and Technical Colloquia that provide highly technical sessions to a smaller audience.

Cisco has been involved with the FIRST organization for 28 years, as active SIG, committee, and board members; sponsors, speakers, and participants. CSIRT has been the network sponsor for FIRST events since 2007. This partnership has been a stepping-stone for Cisco Information Security Architect, David Schwartzburg, to be elected to the FIRST Board of Directors. He currently oversees the direction, operations, and security for all FIRST infrastructure.

CSIRT’s involvement with FIRST leads to actionable insights that keep the network and users safer:

  • Keeping up with the complexity and volume of threats
  • Innovating ways to keep assets safe
  • Creating effective network security solutions to face tomorrow’s evolving threats
  • Collaborating with peer organizations and other defenders

The 31st Annual FIRST Conference “Defending The Castle” takes place the 16th through 21st of June 2019 in Edinburgh, Scotland.  More information on Cisco’s lineup of workshops and activities at this year’s FIRST conference are included below.

Tuesday, 18 June

CSIRT Schiltron: Training, Techniques, and Talent   
James Sheppard & Jeff Bollinger
11:45 – 12:45

Optimized Playbook, Roll out! How an optimized playbook can reduce time-to-detect
Christopher Merida & Jason Kmack
17:45 – 18:15

Wednesday, 19 June 

Detecting Covert Communication Channels via DNS
Dhia Mahjoub & Thomas Mathew
11:45 – 12:45

Thursday, 20 June

Cyber Threat Response Clinic,
Hakan Nohre, Luc Billot, and Tobias Mayer
11:45 – 12:45

During the conference, Cisco CSIRT engineers will be monitoring all wireless network traffic for security threats from within a designated Security Operations Center (SOC). Conference participants are invited to receive a free educational tour of the FIRST Conference SOC to see firsthand how Cisco detects and responds to current and emerging threats faster across the entire network and how Cisco puts holistic security innovations and practices into action. During the tour, participants will receive a security briefing and have time for Q&A with engineers. We look forward to seeing you there!



Jeff Bollinger

CSIRT Manager

Infosec CSIRT