FIRST: An Interview With CEO Chris Gibson, An Industry Leader in Incident Response

FIRST is the global leader in incident response. Membership in FIRST enables incident response teams to respond more effectively to security incidents, both reactively and proactively. Pulse 2.0 interviewed FIRST CEO Chris Gibson to learn more.

Chris Gibson’s Background

What is Chris Gibson’s background? Gibson said:

“Before leading FIRST, I spent over 12 years working in the Computer Emergency Response Team (CERT) at Citigroup. In 2013, I joined the UK’s Cabinet Office to build, launch, and lead the UK’s first formally chartered national CERT – CERT-UK. The creation of the organization was part of the 2011 Cyber Security Strategy created by the UK Government.”

“In 2019 I joined FIRST as its Executive Director. FIRST is an organization I’ve been involved with since 2001 and the opportunity to join in a full time capacity was too good to miss.

“FIRST (Forum of Incident Response and Security Teams) is a premier organization and recognized global leader in incident response. Our mission is to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.”

FIRSTCon Details

What is FIRSTCon and why is it important for global cyber security? Gibson shared:

“FIRSTCon is our annual security event that serves as a crucial platform for the global technology community to share goals, ideas, and information on all aspects of incident response and security. Clearly, in today’s world, protecting Critical National Infrastructure (CNI) and improving cyber security worldwide is vitally important to all of us. FIRSTCon facilitates collaboration between countries, incident response and security teams, helping them establish trust, share information and develop coordinated strategies to address global cyber threats.”

“The event is particularly important because it brings together cyber security professionals from various sectors and countries, allowing for a comprehensive exchange of knowledge and best practices. This global perspective is essential in today’s interconnected digital landscape where threats often transcend national borders.”

Securing Critical National Infrastructure (CNI)

How can countries collaborate more effectively to secure Critical National Infrastructure (CNI)? Gibson emphasized

“Effective collaboration between countries involves several key steps:

1. Establish regular, frequent meetings to share knowledge of potential threats and defense strategies.
2. Conduct joint training exercises and simulations to develop coordinated defense strategies.
3. Create frameworks for sharing threat intelligence between government agencies and the private sector.
4. Implement formal information-sharing agreements or memoranda of understanding (MOUs) to address legal and confidentiality concerns.
5. Develop clear rules and accountability measures for both public and private entities involved in protecting CNI.
6. Foster trust and build informal networks among international cyber security professionals to facilitate rapid information exchange and incident response.

This global sharing of knowledge enhances the detectability of cyber threats and reduces overall online risk. It’s crucial to recognize that many online threats are borderless – an attack that impacts one country could easily harm another.”

Role Of AI In Cybersecurity

What role does AI play in cyber security, and what challenges does it present? Gibson noted:

“AI has a dual impact on cyber security. On the positive side, it can predict attacker behavior, assist in threat modeling and automate responses to security events through approaches like SOAR (Security Orchestration, Automation, and Response).”

“However, AI can also exhibit biases due to training datasets and algorithms, potentially leading to unfair or irresponsible decisions. This underscores the need for careful governance and diverse perspectives in AI development and implementation.”

“As highlighted at FIRSTCON24 this year, multi-stakeholder collaboration in AI governance is vital to ensure the safety, ethics, and societal benefits of AI technology. Including diverse perspectives helps address potential biases and unfair decisions that can arise from AI systems.”

Improving Communication With Senior Leadership

How can cyber security teams improve communication with senior leadership? Gibson pointed out:

“To improve communication with senior leadership, cyber security teams should focus on translating technical information into clear, concise narratives. Rather than relying solely on industry-standard metrics like TTD, TTA, TTM, and TTR, teams should develop measurable standards that effectively highlight the successes and resource needs of their Incident Response programs.”

“Merisa Lee of Cisco Meraki believes that successfully telling a clear and concise story to leadership with measurable standards will effectively highlight where your Incident Response program is succeeding and where you need more budget or resourcing to improve your program.”

CACAO Method

What is the CACAO method, and how can it enhance information sharing in cyber security? Gibson revealed:

“CACAO (Collaborative Automated Course of Action Operations) is a method that provides a common, repeatable framework for sharing and executing defense plans across technological and organizational boundaries. It overcomes the limitations of current playbook-driven workflow orchestration by facilitating better information sharing.”

“As presented at FIRSTCON24, CACAO ensures that all teams within an organization have access to the same threat information and defense plans, improving overall coordination and response effectiveness.”

Protecting CNI

How can the public and private sectors work together to protect CNI? Gibson answered:

“Public and private sector collaboration can be enhanced by:

1. Establishing frameworks for sharing threat intelligence.
2. Creating pathways for information exchange and building trust between sectors.
3. Leveraging private sector expertise and resources to complement government efforts.
4. Implementing joint training exercises and simulations.
5. Developing clear accountability measures and rules for both public and private entities.”

“This collaboration allows for faster implementation of security measures and a more robust defense against cyber threats.”

Staying Ahead Of Evolving Cyber Threats

What are the key steps to stay ahead of evolving cyber threats? Gibson affirmed:

“Staying ahead of evolving cyber threats requires a multi-faceted approach:

1. Make threat intelligence more readily available across borders and between sectors.
2. Foster collaboration between countries and organizations.
3. Embrace information sharing in defense strategies, such as implementing the CACAO method.
4. Improve communication between technical teams and leadership.
5. Establish clear accountability measures.
6. Continuously adapt and learn from global cyber security events like FIRSTCon.
7. Invest in AI and machine learning technologies while ensuring responsible governance.
8. Conduct regular joint training exercises and simulations.
9. Create and maintain formal information-sharing agreements.
10. Stay informed about emerging threats and technologies through continuous education and participation in global security forums.”

“By implementing these strategies, organizations and countries can better anticipate and respond to emerging cyber threats, ultimately strengthening the global cyber security posture.”

Learning More About FIRST

Where can people go to learn more about FIRST? Gibson concluded:

“Visit First.org, listen to the FIRST Impressions podcast and connect with us on social media via GitHub, LinkedIn, Mastodon, Meta, X and YouTube.”