After nearly 2.5 years, the TF-CSIRT community were finally able to meet together face-to-face in a meeting hosted by G√ČANT on 10-11 May 2022.  As with all meeting planning at the moment, the arrangements were very last minute and always in doubt.  However we still managed to bring together 100 face-to-face and 60 online to re-establish connections and conversations.

The meeting started with a Capture The Flag issue kindly organised by which turned out to be more of a technical challenge than anticipated but did not stop several members of the community from performing well.  Elastic run occasional Capture the Flag exercises on a sign-up basis – more information can be found on their events page.

We then spent some time talking about what is important about TF-CSIRT and what would we like to see being offered to the community after the 2.5 disruption.  It was great to see a large number of first time attendees at TF-CSIRT but it was also obvious that there was agap in the knowledge for this newcomers – for example many did not know about the TRANSITS training programme.  Some discussion was also had on meeting format and the challenges of hybrid events especially in the security community.  The general consensus was that hybrid did not work for TF-CSIRT, but that we should look at some opportunities for online get-togethers.

Day two focused on more traditional content.  Baiba Kaskina gave an excellent overview of the challenges CERT.LV has faced through the pandemic and in response to the war in Ukraine.  She highlighted the different ways they had been able to make use of the expertise in the community and the experiences gained through building connections at TF-CSIRT, which was a great showcase for why we do what we do.  Josef Smidrkal then gave a lively presentation on the “portable lab kit” he used during lockdowns to continue managing his work – although some people may challenge his definition of portable.

The rest of the meeting was dedicated to an NREN focus, reflecting on the roots of TF-CSIRT and its emergence from the research and education sector.  Roderick Mooi gave an update on Threat Intelligence work within NRENs and develops to improve the distribution and management of data across organisations.  We then had three presentations on NREN SOC approaches – notable in that all three organisations are taking very different paths to achieve SOC functionality.

We also hear the feedback that people would like to have the dates of future TF-CSIRT meetings earlier.  We definitely understand this, but during the pandemic finding and committing to plans with hosts has been very challenging.  We are happy to announce the date for the next two meetings will be:

  • 28-29 September 2022 in Vilnius, Lithuania.
  • 31 Jan – 2 Feb in Bilbao, jointly hosted with FIRST.

Please also note that registration for the next meeting will be the first to use the new registration system within the Trusted Introducer system.  You will need your certificates for this so now is a good time to make sure all your team members have that access and get prepared.

It was a joy to see so many of you again, and we look forward to many more meetings in person very soon.