🎉 That’s a wrap on the Ljubljana 2025 FIRST #TechnicalColloquium!

For two dynamic days, the global incident response community came together for in-depth technical exchange, hands-on learning, and meaningful collaboration. Hosted by SI-CERT and Register.si (the registry for the .si top-level domain, both units of ARNES – the Academic and Research Network of Slovenia), the event welcomed 123 participants from 21 countries, including 12 expert lecturers and representatives from FIRST members, industry, government, the WB6 project, and eGA.

Technical track sessions saw strong engagement across both days, complemented by two highly successful hands-on workshops:
• Threat Hunting with CIRCL Tools
• Hands-On Data Breach Investigation with the Dark Net

Experts from the EU-funded Cyber Balkans project (IPA III/2022/435-019) enriched the program with valuable regional and operational insights.

👏 Thank you to all speakers, participants, partners, and organizers who made Ljubljana 2025 such a success! Cheers to you!

FIRST achieved record growth in 2025, surpassing 820 member teams across 110+ countries and delivering practical tools and resources for the global cybersecurity community.

Key highlights from the year:

🌍 Expanding Global Community: Our membership includes organizations from national CERTs to multinational enterprises such as CISA, Google, Airbus, Samsung, and the Australian Cyber Security Centre.

👥 Member-Led Innovation: Our 30+ Special Interest Groups produced high-impact resources including the "Suspicious" threat detection framework, DNS Abuse guidance, and TLP:CLEAR Ransomware Empowerment Training.

📈 Research & Frameworks: FIRST-supported research advanced threat understanding through Vulnerability Forecast Reports, ransomware analysis, and EPSS integrations with Proofpoint and Microsoft Security Copilot.

🤝 Building Capacity Worldwide: Community trainers delivered 33+ trainings in 2025, including the A4 Initiative in The Bahamas, Cameroon, Malawi, and Trinidad & Tobago, and the Africa Regional Liaison Initiative's cyber drill in Ghana.

Read the full announcement: https://go.first.org/qffaV

#cybersecurity #CyberDefense
#IncidentResponse #infosec

FIRST, through our ARL team, is thrilled to share the success of the 2025 Threat Conference in Durban, South Africa - an energizing gathering held under the powerful theme “Cybersecurity Across Cultures.”

The FIRST Africa Regional Liaison initiative is made possible through generous support of the UK International Development as part of the Africa Cyber Program.

Opened by Deputy Minister Mondli Gungubele, the conference brought together 87 participants from 41 institutions, soaring past attendance expectations by nearly 74% and breaking historical benchmarks for the event. The energy in the room reflected a shared commitment across South Africa’s cybersecurity community to collaborate, learn, and build resilient digital ecosystems.

🌍 A cross-sector milestone
Government, academia, and private industry were all at the table, including national leaders such as the Civil Aviation Authority (sectoral CSIRT), DCDT, CSIR, SABC, and Shadowserver Foundation.
Ministerial-level support amplified the importance of aligning with South Africa’s digital priorities and highlighted FIRST’s growing role as a trusted partner in the region.

🚀 Impact That Moves the Needle
• Strengthened ARL’s role as a catalyst for national and regional cybersecurity capacity building
• Gained deeper insights into South Africa’s national and municipal cyber challenges, directly shaping our 2026 roadmap
• Reaffirmed momentum from our ongoing work with the DCDT
• Clear demand for support in sectoral CSIRT maturity, municipal cyber readiness, AI-related cyber risks, and policymaker digital literacy

💡 Key Takeaways Driving Future Work
• Localized, hands-on technical training continues to deliver the strongest impact
• Policy and technical interventions must go hand-in-hand: no more working in silos
• Sectoral CSIRTs (like Civil Aviation) are ready for long-term maturity uplift programs
• Municipal governments are calling for more structured capacity development
• Stakeholders showed strong interest in emerging technologies, especially AI, and the cyber implications ahead

🎤 ARL’s Contributions at ThreatCon
• Delivered a keynote: “From Inclusion to Resilience: Securing Africa’s Digital Transformation with Trust, Culture, and Collaboration”
• Led a fully hands-on technical workshop: “Hunting Threat Actor TTPs with Open Source Tools: Windows OS”
• Engaged across multiple plenary discussions with regional experts

We’re incredibly proud of the collaborative spirit shown at ThreatCon 2025 and energized by the momentum this creates for cybersecurity capacity building across Africa. Thank you to all our partners and participants for helping move this work forward.
More on the conference: https://www.threatcon.co.za/

FIRST's Africa Regional Liaison Initiative and The Shadowserver Foundation recently delivered a Threat Intelligence and Information Sharing training and cyberdrill in Ghana during National Cybersecurity Awareness Month.

The Africa Regional Liaison Initiative is made possible by generous funding from UK International Development as part of the Africa Cyber Program. Building on two previous successful collaborations with Ghana's Cyber Security Authority (CSA), the exercise brought together 66 participants from 21 institutions across public and private sectors.

Key highlights:

🛡️ First-of-its-kind cyberdrill utilizing the public Shadowserver Dashboard to simulate cyberattack response and conduct national cyber hygiene assessments

💻 Hands-on training with open-source tools including MISP, IntelMQ, and Shadowserver data feeds

🤝 Strategic discussions with CERT-GH and CSA leadership to expand collaboration across West Africa

🌍 FIRST and Shadowserver teams met with Rt. Hon. Stephen McPartland, CREST Ambassador and former UK Minister of State for Security, to discuss the African Cybersecurity Program's impact

#CyberDefense #cybersecurity
#IncidentResponse #infosec

CyberWeek@LAC4 2025 officially kicked off today in Santo Domingo, Dominican Republic!

FIRST is proud to sponsor this important event that brings together cybersecurity professionals, policymakers, researchers, and business leaders from Latin America, the Caribbean, and Europe to strengthen regional and global cyber resilience.

Carlos Leonardo, FIRST Board of Directors Member and Director of CSIRT-RD opened today's program with "Trust on the Edge: CSIRTs Leading Battles on Bits and Beliefs"—exploring how the LAC region can build borderless resilience as cyber challenges span both system integrity and information credibility, from quantum computing reshaping cryptographic security to disinformation campaigns destabilizing institutions.

He will also present on CSIRTs Maturity Evaluation later this week on Wednesday, November 19.

Learn more: https://go.first.org/ZAq1W

#CyberWeekLAC4 #cybersecurity #infosec