FIRST Regional Symposium Europe 2023

Training and continuous professional development are important at e2e for everyone, including managers. Recently, I attended the 2023 FIRST Regional Symposium Europe in Bilbao, Spain.

For some people their preferred training method is via books, videos, or online labs, but for me it’s conferences. I enjoy all the different topics, and its great exposure to diverse inputs and points of view. I normally come away buzzing with ideas and different things I want to follow-up on, and this time was no exception!

Smaller than the annual FIRST conference, the regional symposium consisted of two days of conference talks, followed by a day of training. I opted for the “CSIRT Manager’s Course – CSIRT KPIs, CSIRT Annual Report Writing, CSIRT Mandate Clarification, CSIRT Manager Time Allocation” as my training, but there were several training courses to choose from.

The talks had a few common themes, such as information sharing, threat actor campaign updates, and of course, ransomware. This is a significant risk for all businesses these days, so it was great to hear about the latest research and discoveries that defenders are making in this regard. Like any software, ransomware can also have software bugs or issues. Understanding this can help defenders to positively react and respond to ransomware attacks and can also lead to the ability to decrypt any impacted files in some cases. While there was a view ahead of what may happen to ransomware and the attackers behind it, it was also clear that ransomware was not going away anytime soon.

I found the day of training really interesting, and a great opportunity to discuss and share ideas with managers in a similar role to myself. It can be quite challenging to discuss issues sometimes at a networking event, as you can find yourself talking to your competitors. I did not have this feeling at the FIRST training, as everyone was genuinely there to learn from each other – whether they were from a government CERT, a regional CSIRT, internal SOC, or SOC-as-a-service (SAAS) company. Having the opportunity to talk through some of our common issues (what does make a good KPI? ) was really valuable! It was heartening to come away from the training knowing that not only was I working on the right things, but that others also were facing the same challenges. I think this is one of the great things about the FIRST community, knowing that so many others are facing and working through the same challenges, and that we can help each other with them.

Recently, I’ve started having regular calls with the security team managers at some of our e2e customers. Similar to the training I attended, it’s a chance for us to share and discuss ideas and work through common issues, beyond just the customer/supplier relationship. I’ve found these to be really insightful and beneficial, and great to be able to share my wealth of experience with others, but also to learn from them. If we’re not having one of these calls yet, and you’re interested in having one, please do get in touch! You can contact us using this link or through the contact page on our webiste.

Lewis Philbey, SOC Manager

Written on February 28, 2023