FIRST Impressions Podcast

In this episode of the First Impressions Podcast, FIRSTCON26 Speakers, Cheng-Lin Yang and Lily Chen of CyCraft, explore a growing threats to LLM-assisted security workflows: poisoned artifacts designed to manipulate AI-generated analysis. They discuss how a single malicious document can attract an AI's attention, influence its reasoning, and ultimately alter the information presented to security teams. The conversation covers the evolution of prompt injection attacks, the challenges of defending modern language models, and more! Tune in to preview their FIRSTCON26 session.

In this episode of the First Impressions Podcast, we sit down with Vijay Sarvepalli and Christopher Cullen to unpack the chaotic reality of modern vulnerability coordination. From AI-generated bug reports and patching nightmares to insecure pickle files, Log4j flashbacks, and the race to secure open source software before attackers strike, the conversation dives deep into how security teams can “push left” and automate the path from vulnerability discovery to secure release. Equal parts technical insight, cautionary tale, and therapy session for anyone who survived Log4Shell, this episode explores why fixing vulnerabilities is still harder than finding them, and what the future of coordinated vulnerability disclosure might look like in an AI-driven world.

In the first episode of the 2026 season of the First Impressions Podcast, Mor Weinberger and Lior Kaplan preview their upcoming FIRST Conference session, “From Discovery to Fix: What 10,000 Open Source Projects Reveal About CVE Remediation.” The discussion explores why vulnerability remediation remains slow despite the growing speed of CVE discovery, especially as AI accelerates vulnerability research and exploit development. Drawing from research across thousands of open source projects, they examine the challenges of patch adoption, dependency management, and supply chain complexity. The episode also highlights practical ways organizations can reduce risk and improve remediation efforts ahead of FIRSTCON26 in Denver.

The FIRST Impressions Podcast returns for FIRSTCON26! This kick off episode brings Program Chair, Merike Kaeo, to the table to discuss the vision behind the 38th Annual FIRST Conference program and the goals and challenges faced. Centered around the theme “Peak Defense: Building Adaptive Systems for Modern Threats,” Merike shares how this year’s program was carefully designed to balance technical depth, operational strategy, incident response, and AI security topics while ensuring diverse perspectives and skill levels. The episode highlights the importance of community collaboration, knowledge sharing, and making cybersecurity capabilities more accessible for smaller and underserved organizations through automation, practical incident response planning, and stronger global cooperation.

In this episode of the FIRST Impressions Podcast, FIRSTCON25 Speaker, Matias Mesiä of NCSC-FI, discusses the high-impact 2024 data breach that targeted the City of Helsinki’s education department. With over 100,000 residents affected, Matias breaks down how the incident unfolded and the coordinated response involving NCSC-FI, city officials, service providers, and law enforcement. He shares the unique challenges of managing a major breach under intense media scrutiny. Tune in for key lessons on public-sector cybersecurity, crisis communication, and response readiness.

In this episode of the FIRST Impressions Podcast, Martin and Chris chat with FIRSTCON25 speaker, John Hollenberger of Fortinet. John offers a sneak peek into his session, "Building the Blueprint: Designing Effective Storyboards for Cybersecurity Tabletop Exercises." He explains how detailed storyboards can shape more impactful tabletop exercises by aligning objectives, scenarios, injects, and key decision points. Tune in to learn how to create exercises that are not only engaging but truly enhance organizational preparedness.

In this episode of FIRST Impressions, the hosts interview FIRSTCON25 speaker, Cornelia Puhze of SWITCH-CERT, a human-centered security professional and co-chair of the FIRST Human Factors in Security SIG. Cornelia dives into the world of social engineering, AI-driven manipulation, and how we can better educate people to protect themselves from scams without the burden of technical jargon. She emphasizes the power of gut instincts, breathing, and human intuition in recognizing and resisting criminal tactics. Tune in to explore how we can train ourselves to stay secure in a tech-driven world — naturally.

In this episode of FIRST Impressions, hosts Martin McKay and Chris John Riley speak with Desiree Sacher and Carson Zimmerman about their upcoming talk at the 2025 FIRST Conference in Copenhagen. Drawing from personal experience and scientific research, they unpack the complexities of burnout in cybersecurity — exploring its causes, impact, and sustainable solutions for both individuals and organizations

In this episode of FIRST Impressions, hosts Chris John Riley and Martin McKeay speak with John Stoner, Global Principal Security Strategist at Google Cloud. Together they discuss the importance of ongoing detection testing, the challenges of running emulations in production environments, and how to balance technical goals with organizational constraints. John previews his upcoming talk at the 2025 FIRST Conference, offering practical strategies for evolving security practices without boiling the ocean.

In this special FIRSTCON25 FIRST Impressions episode, our hosts, Chris John Riley and Martin McKeay interview Henrik Larsen, Program Chair of the 2025 FIRST Conference in Copenhagen. Henrik discusses the conference theme: “Fortresses of the Future: Building Bridges, Not Walls” and previews keynote speakers, Scandinavian influence, and cultural highlights of the host city. Tune in to learn what to expect this June and learn more about the diverse speaker lineup and the vibrant Copenhagen experience awaiting us!

In this FIRST Impressions podcast episode, we dive into the fascinating world of mobile network security with Umair Bukhari, Director and Head of Ericsson P-Cert. Umair shares insights on the evolution of telecom threat environments, from the early days of 1G to the cutting-edge advancements in 5G and beyond. In the interview, he highlights how these changes impact both users and network security, emphasizing the importance of secure, cloud-native technologies and zero-trust architecture. This episode is a must-listen for anyone interested in the future of telecom security and the ongoing battle between attackers and defenders in this critical field! Tune in to learn more.

Join us on the First Impressions podcast for an exclusive interview with Todd Beardsley from CISA, recorded live at the 36th annual FIRST Conference in Fukuoka, Japan. Todd delves into the Known Exploited Vulnerability (KEV) list, explaining its critical role in cybersecurity and how even years-old vulnerabilities continue to be exploited. Learn about the detective work involved in validating exploitations and the importance of public-private partnerships. Don't miss this insightful episode—tune in now to stay ahead of cyber threats!

In this special episode of the First Impressions podcast, recorded at the 36th annual FIRST Conference in Fukuoka, Japan, hosts interview Carson Zimmerman, a seasoned SOC expert. Zimmerman discusses his presentation, "14 Questions Are All You Need," which helps SOCs evaluate performance and address areas for improvement, emphasizing the importance of deep, insightful questions and the human element in security operations. He also highlights the challenges of aligning SOCs with compliance regimes and addresses the issue of burnout in the industry. Tune in to learn tips and tricks to SOC success!

In this episode of the First Impressions podcast, hosts Chris John Riley and Martin McKay interview Nitesh Surana and Jaromir Horejsi of Trend Micro to discuss their upcoming talk at the FIRST conference. Their session will explain how they discovered threat actors abusing GitHub's cloud-based development environment, Codespaces, to build and test infostealers. While Codespaces itself is secure, its features can be abused. In this episode, they recommend developers that use such services be aware of potential abuse tactics and share the goal of their FIRSTCON talk is to raise awareness and provide clarity on how cloud providers can improve incident response and quickly shut down reported abuse.

In this episode of the First Impressions podcast, hosts Chris John Riley and Martin McKay interview Satoshi Okada and Takuho Mitsunaga , researchers from Toyo University who will be speaking at FIRSTCON24. In the episode, they discuss artificial intelligence, specifically large language models (LLMs) like ChatGPT, and the importance of multi-stakeholder governance for safer AI development. Okada and Mitsunaga explain the pros and cons of LLMs and emphasize the need for governance. Tune in to learn more and be sure to attend their talk this June in Fukuoka!

Join the First Impressions Podcast hosts for a chat with FIRSTCON24 Diamond Sponsor representatives, Ko and Rick from LACERT! Explore LACERT's pioneering role in Japan's cybersecurity since 1995, including innovative tools like Falcon Nest, and their overall contributions to global cybersecurity standards. Don't miss the insights of this episode and learn more about the importance of international collaboration in incident response!

Join hosts Martin McKeay and Chris John Riley for the newest FIRST Impressions Podcast episode featuring FIRSTCON24 speakers, James Potter and Raja Jasper from Huntington National Bank. The pair discuss their upcoming conference talk and explore the challenges of remote work in cybersecurity. Tune in for expert insights on digital communication etiquette, global team collaboration, and the evolving landscape of cybersecurity in the age of remote work.

This First Impressions podcast features representatives from CyCraft, one of FIRSTCON24’s Diamond sponsors. Based in Taiwan, CyCraft utilizes cutting-edge AI and machine learning to tackle a myriad of security challenges, from threat hunting to identity analysis. Tune in to discover why CyCraft is passionate about community engagement and learn about the practical applications of machine learning in cybersecurity, including event triage and attack pattern recognition.

Join hosts Martin McKeay and Chris John Riley in this episode of the First Impressions podcast as they chat with Georgy Kucherin from Kaspersky's Global Research and Analysis team. Together they discuss combating sophisticated spyware targeting mobile devices like Pegasus and Operation Triangulation, highlighting the challenges in protecting our digital lives. Kucherin shares strategies for analyzing mobile threats and adapting to evolving tactics, preparing listeners for his talk at the upcoming FIRST Conference in Fukuoka, Japan. Tune in for insights into the frontline of cybersecurity!

Tune in to the latest episode of the First Impressions podcast, where hosts Martin McKeay and Chris John Riley sit down with Megan Sanford, VP Chief Product Security Officer at Schneider Electric Energy Management Division. As a keynote speaker at the 36th annual FIRST Conference in Fukuoka, Japan, Sanford shares insights into the world of product security. Discover why a secure development lifecycle and integrating security features into products are crucial for resilience. Sanford introduces ICS for ICS, a concept bridging emergency management with cyber incident response, urging listeners to adopt this framework for enhanced efficiency in handling cyber threats. Don't miss out on this insightful discussion that could shape the future of incident response.

In this episode, the FIRST Podcasters interview FIRSTCON24 Program chair, Taki Uchiyama about the upcoming 36th Annual FIRST Conference to be held in Fukuoka, Japan, June 9-14, 2024. Under the theme of “Bridging Security Response Gaps”, Taki shares the importance of communication and collaboration within the security community and his hopes for the 2024 conference. This episode shares an inside look at the challenges of scheduling keynote speakers and the anticipation of a rich selection of presentations. Taki also shares tidbits about the rich cultural and historical attractions of Fukuoka city.

In this short episode, the FIRST Podcasters interview FIRSTCON24 Program chair, Taki Uchiyama. The 36th Annual FIRST Conference will be held in Fukuoka, Japan, June 9-14, 2024, under the theme: “Bridging Security Response Gaps”. Taki shares some of the topics he hopes to highlight next year including improving industry diversity and showcasing emerging security teams. Tune in for details on how to get involved in FIRSTCON24!

In this episode, the FIRST Podcasters interview FIRSTCON23 Keynote speaker, Lesley Carhart and discuss her session: “How Did We Get Here? The History and Future of Cyberattacks against Industrial Control Networks”. Lesley explains and explores the complicated history of Industrial incident response and just how cybersecurity affects physical systems.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Umair Bukhari and discuss his conference session: “Extra-Ordinary Vulnerability Coordination – A Method to the Madness”. Umair highlights Ericsson’s newly established PSIRT framework for Extra-Ordinary Vulnerability Coordination (EVC) and the necessary actions, work streams, and communication that must be put in place to efficiently handle such events. Umair shares thoughtful steps for others to adopt the model.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Dr. Eugene Spafford and his partner, Dr. Pattie Spafford. Together they discuss their recently published book, “Cybersecurity Myths and Misconceptions” co-authored by Leigh Metcalf, and Josiah Dykstra. They touch on the importance of communication and clear terminology that surpasses cultural barriers. Cybersecurity is people-centric and yet so much has been done by tech specialists without the end user in mind, the book proposes steps to clear language with metaphoric illustrations by Pattie.

In this episode, the FIRST Podcasters interview FIRSTCON23 Diamond Sponsor Rep, Vinay Bansal, the CTO of Cisco’s CSIRT. Vinay discusses Cisco’s long history with FIRST and its Special Interest Groups (SIGs) and shares details on Cisco’s new initiative for Attack Surface Management. This episode highlights the importance of information sharing and mentoring and how FIRST conferences have been a platform to create invaluable global relationships.

In this episode, the FIRST Podcasters interview FIRSTCON23 speakers, Kevin Hagopian and Emer O’Neill, and discuss their conference session: “Small But Mighty - The Crucial Role a PSIRT Plays in Customer Trust, Adoption and Renewal”. Kevin and Emer highlight the evolution of a PSIRT within a software company, and how to best adapt processes and policies to protect a company’s brand.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Jaromir Horejsi, and preview his upcoming conference session: “Abusing Electron-Based Applications in Targeted Attacks”. Jaromir provides an overview on Electron frameworks and how they are targeted and attacked by infection vectors.

In this episode, the FIRST Podcasters interview FIRSTCON23 speaker, Koen van Hove, and preview his upcoming conference session: “SPooFd: How to Spoof Mails, Even with Full SPF and DMARC Protection”. Providing a brief history of the internet and email, Koen explains how email spoofing started and transformed. Koen spotlights big vendors and how they approach email security. In his talk, Koen will demonstrate how SPF and DMARC protections are bypassed and outline a path to better security.

In this episode, the FIRST Podcasters interview Jay Jacobs, who is a co-chair of the Exploit Prediction Scoring System Special Interest Group (EPSS SIG) and one of the founders of the Cyentia Institute. Evolving over the last year and a half, EPSS works to gather as much data as possible on vulnerabilities and look for indicators that something will be exploited in the future. Scores are updated daily with new evidences gained on potential exploitations. It is nearly impossible for companies to keep up with all their vulnerabilities, so prioritization is a must. Exploitation activity helps narrow down what’s important. The EPSS SIG is constantly updating and improving models to close gaps.

In this episode, the FIRST Podcasters interview Peter Lowe, co-chair of the DNS Abuse Special Interest Group (DNS SIG). SIG member turned chair, Peter was also appointed as FIRST’s DNS Abuse “Ambassador” and has been tasked with representing the Forum within the DNS space. Peter chats about how DNS has become a hot topic in the public consciousness. He also explains why the SIG is trying to better define DNS Abuse from the point of view of incident responders and security teams. The SIG is creating a model for DNS stakeholders which will classify the different kinds of DNS Abuse and lists who can help with mitigation, prevention, and detection. Peter also touches on the future goals of the SIG and how to become a member.

In this episode, the FIRST Podcasters interview James Chappell and Krassimir Tzvetanov, co-chairs of FIRST’s Cyber Threat Intelligence Special Interest Group (CTI SIG). Along with a third co-chair, Adrian Hendrik, this group focuses on creating best practices and CTI training materials. With the goal of education, the SIG focuses on creating a common body of Cyber Threat knowledge and terms. Filling the gaps with thoughtful curriculum and organizing presentations, the SIG hopes to be a guiding light in the often difficult to navigate Cyber Threat Intelligence landscape. Interested parties are encouraged to join these efforts by applying for SIG membership at: https://www.first.org/global/sigs/cti/. The SIG also manages a CTI news mailing list, to join simply send an email to cti-sig-news-subscribe [at] first.org.

In this episode, the FIRST Podcasters interview Désirée Sacher-Boldewin who joined the FIRST Board of Directors in June 2022. Désirée has also taken on the role of co-coordinator for FIRST’s Special Interest Groups (SIGs). The SIGs cover a variety of topics with efforts to create new standards, map existing protocols, and make best security practices accessible to all. In 2023, the FIRST Impressions Podcast will highlight several SIGs to spotlight their achievements and aspirations. In this episode, Désirée touches on FIRST’s infrastructure improvements and shares her excitement to have her new position to spearhead future endeavors.

The FIRST Podcasters interview various team members of SentinelOne, a Diamond Sponsor of FIRSTCON22, which is a fully autonomous EDR solution for businesses and enables basic end point detection and response. The team shares insight into current investigations around the world as well as observable attacker patterns to stress the importance of taking a layered approach to security.

The FIRST Podcasters interview Maddie Stone of Google Project Zero on the current 2022 threat landscape and past Zero Day patterns. Maddie shares insight into how security professionals should work to make exploitations more difficult for attackers. With an evolving approach to Zero Days, we can create continuous solutions that treat patches as an opportunity to dive deeper.

In this episode, the FIRST Podcasters interview Rebecca Taylor of Secureworks on the importance and structuring of knowledge management. Rebecca provides valuable insight into the processes, frameworks, and templates that must be incorporated to create a roadmap of understanding and interconnected relationships. She stresses the value of feedback loops, work streams, and ongoing evolution.

In this episode, the FIRST Podcasters interview Crowdstike’s Senior Consultant, Emma Jones, on the importance of diversity. The umbrella term describes all sorts of efforts, from belonging to inclusion to equality and representation. Emma discusses how every day actions build in processes of trust and how thinking differently isn’t wrong; it’s imperative. How do we create a stage where everyone is qualified to speak? How do we make and share information in a way that is consumable to everyone? Tune in to find out.

In this episode, FIRST Podcasters interview FIRSTCON22 Speakers Raphaël Vinot and Quinn Norton on their tool Lookyloo. This open-source project was made to capture and record all the happenings on a website in real time. After a news website fell victim of malvertising, Raphaël and Quinn were called in to investigate. After a failed search for a tool to monitor the page, they created their own. Users of Lookyloo will have access to all the contents of a webpage mapped onto file tree as well as a created database of content and relationships to better help monitor and protect their sites.

In this heavy-hitting episode, FIRST Podcasters interview team Ukraine. The CERT-UA group share insights and revelations as they compare 2021 cyber incidents to 2022 and discuss attacker tactics. A large time frame of exploits came in early January, just as Ukrainians were receiving warnings of potential war. Sowing disorder, the disinformation campaign had a cyber component, as assailants attempted to convince the public that their government could not protect them or their data.

In this episode, FIRST Podcasters interview FIRSTCON22 Speaker, Vishal Thakur, who is the Director of DFIR at Ankura Consulting. Together the group discusses how to live in the on-going “ransomware pandemic” and the importance of practicing good security hygiene. Tune in for tips on how to successfully communicate and streamline communication when attacked and how tabletop exercises can better prepare your team for the next one.

In this episode, FIRST Podcasters interview FIRSTCON22 Diamond Speaker and Sponsor, Ganesh Pai who is the Founder and CEO of Uptycs, a cloud-native security analytics platform. Ganesh reflects on the magic of past FIRSTCONs as he looks forward to Dublin. With the focus on people over tools, Ganesh marvels at the opportunity to watch new industry professionals grow and shares a deeper dive into Uptyc’s osquery.

The FIRST Podcasters interview FIRSTCON22 Speakers, Thomas Schmidt and Jens Wiesner, on the subject of their conference session: "Securing the Supply Chain Together - Through Automation of Advisories and Vulnerability Management". Working in separate departments of the German Federal Office for Information Security (BSI), Schmidt and Wiesner are experts at standardizing advisories. Get a taste of their conference presentation as Martin and Chris grill them on remediation measures, mitigations, and what Common Security Advisory Framework (CSAF) does as a solution.

The FIRST Podcasters interview FIRSTCON22 Speaker, Helen Patton, on the context of her conference session: "How to Talk to a Board so the Board will Talk Back". Helen explains how perspectives may differ between security practitioners in the weeds of vulnerabilities and an upper management’s big picture point of view. Get a taste of Helen's conference presentation as she discusses how to establish and maintain board relationships and explain the value of risk to non-experts.

2022 Conference Chair, Brian Honan, talks all things FIRSTCON as we prepare to hold the next gathering in Dublin this June. The 34th Annual FIRST Conference: "Neart Le Chéile: Strength Together" will take place June 26 - July 1, 2022.

In this episode, Naama Ben-Dov, a strategy merger and acquisition manager at Microsoft, discusses a developer’s journey and the importance of planning for the future. Together with the podcasters, she points out how what a customer may want is often in opposition to what they need and in turn, encourages difficult conversations. Tune in to hear how the human psyche drives innovation. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Iren Reznikov is a Cyber Investor based in Israel specializing in deep tech security startups. Together with the FIRST Impressions podcasters, she opens a dialogue into the lifecycle of acquisitions and how current political tensions may affect the cyber landscape. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Join the interview in progress! Chris, Martin, and Andy chat building teams, navigating within organizations, career change, and interpretive dance. Andy Ellis is the Advisory CISO at Orca Security, where he helps companies embrace secure practices while leaping into the cloud era. He is a 2021 Inductee into the CSO Hall of Fame, an Operating Partner at YL Ventures, the CEO of leadership training company Duha, and was formerly a U.S. Air Force officer and the CSO at Akamai Technologies. You can find him on Twitter at @csoandy. Ellis has received The Spirit of Disneyland Award, The Wine Spectator's Award of Excellence, the Air Force Commendation Medal, and the CSO Compass Award. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Neil is Lead Architect in BBC Digital Distribution, focusing on website traffic management and supporting technologies. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Chances are, you know Ed. Ed Skoudis is founder of the SANS Institute’s Penetration Testing Curriculum and creator of SANS NetWars, CyberCity, and the Holiday Hack Challenge. Learn more about the upcoming SANS Holiday Hack Challenge at https://www.sans.org/mlp/holiday-hack-challenge/. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

Chris catches up with Jen Ellis, VP of Community and Public Affairs at Rapid7 and talk ransomware. Recorded October 2021. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.