#FIRSTCTI22 FIRST CTI Event Berlin 2022 Review

It is November 9th 2022 and I had a few days to digest and think about the FIRST CTI event taking place in Berlin from 2022-11-01 to 2022-11-03.

You can find more direct feedback and impressions on Twitter with the hashtag #FIRSTCTI22 where I also shared stuff.

The program is published at https://www.first.org/events/symposium/berlin2022/program. So let’s dive into my thoughts.

To give some context, I participated in the first FIRST CTI, called FIRST Technical Colloquium on Threat Intelligence, hosted by Siemens in 2016. Back then the topic was very new (remember STIX/CybOX, Mantis). But some topics were relevant already back then like how to operationalize Threat Intelligence and how to evaluate information. It was great then and I was excited to see what has changed since then.


As I only arrived on Tuesday, I had to skip the trainings, but I was able to talk to participants with mixed impression, which is no surprise given the different roles / background of the participants (more on that later) so I hope many of them provide feedback to the event team so they can extract the right learnings on which training is best suited for the audience.


I had the honor to moderate the Wednesday, so while I was able to hear all talks, I had to also focus on logistics, take time and have some questions ready for the speakers. To my surprise the audience did not take that much advantage of the fact that we were all in one room and asked very few questions. Maybe this is something which we need to re-learn after the pandemic?

I really liked the talk from James Chappell „Ten Years of Cyber Threat Intelligence: Retrospectives“. It was a perfect entry and set the stage for the two following days and for sure James is a veteran in the field, so there were several observations that stuck with me.

Next up was another highlight for me: „Crossing the Cyber Sad Gap“ from Jake Nicastro. Jake went into the risk of our jobs and how it can affect the mental health and offered some points to take home and address in your team, very eye opening and I am sad that this talk will not be made available to the public.

Another thing I want to highlight is the mixture at the event between practitioners and academia, Clemens Sauerwein from the University of Innsbruck, Department of Computer Science, AT presented on stage and there were several delegates who were really interested in conversation with industry and public sector people.

Obviously I was nervous giving my own talk together with tomchop, but I think it went really well.

Overall Wednesday was a really pleasant mixture of topics.


Overall the audience was a little over 330 delegates. From conversations I would assume around 40 % with a DFIR background, 40 % from CTI related roles and 20 % either a mixture or something else, but I guess the organizers have better stats on this.

The size of the audience felt ideal for me as well. There were enough people to run into random people to start a conversation but it was not too large to get lost, I think sub 400 is ideal.

There were delegates from all kinds of regions, with a majority coming from Europe, which is not a surprise given the event location. To build a reputation I would like to see the event happen again in Berlin, if there is demand to have something similar in other regions like AMER or APAC, I would suggest building local forks vs. Rotating over the planet like FIRST does for the annual conference. That should also make it easier for the planning team to figure out logistics, but again is my personal opinion and there are also advantages for changing locations.


Personally I prefer events under three days. Longer events make me tired and come with too much social toll for me. Two days still enable follow up and enough opportunities to have conversations going a little deeper then „hey my name is John Doe, I work at XYZ, nice to meet you“ and then never see that person again.


Started with another excellent talk about the human aspect of our industry „Why Your Security Analysts Are Leaving and What You Can Do to Retain Them“ by Thomas Kinsella, I highly recommend this talk.

I skipped one talk that was pre-recorded and instead spent my time networking with delegates, as I hope to see the talk afterwards on YouTube instead.

It is always nice to see new tools announced at events, same here, when „ORKL: Building an Archive for Threat Intelligence History“ was covered by Robert Haist. Solid talk and I recommend checking out the project web page and reaching out to Robert if you want to help the project.

The rest of the talks were all solid but I do not want to bother you with all my thoughts, I have provided feedback to the events team and I recommend you doing the same (check your mails for the survey).

The program committee did an excellent job setting up a program that catered for technical and strategic folks. Kudos: @thomasschreck_ , @adulau , @asfakian, James Chappell and Dr. Morton Swimmer.


An important aspect of such events for me is to meet with old friends but also make new connections and introduce new people to the community. This time I tried to execute something I learned from Kate.

I made (or asked someone to make one) reservation in a restaurant nearby for 6-8 people, asked 2-4 people I already know and want to see again and added people I wanted to meet for a long time and or folks who asked to be introduced.

The result: a great combination of nice food, excellent group sizes to have different topics to talk about but not too large that it would go nowhere or someone would feel lost (at least I hope).

The absolute highlight for me was going to C-Base, if you have never heard about it, make sure to check it out, I will not spoil it here. Thanks Y.W. For your hospitality my friend.


If I had one wish for the future of that event, I would hope to have a more diverse audience and speakers. We as the community need to push more and improve.


I have not been involved in the planning of the event other than setting a draft budget in November / December 2021 as part of the normal FIRST budgeting process. And above is purely my personal opinion on things.

Photocredit: Kamil Bojarski

CCC Event in Berlin + streams

Derzeit sind ja die 28C3 von CCC vom Chaos Computer Club und sind damit in aller Munde. Quasi alle Vorträge werden in den einschlägigen Medien wie heise etc. aufgegriffen und zu Artikeln verarbeitet.
Ich will hier nichts nachkauen sondern einfach auf die Seiten verweisen:

http://events.ccc.de/ die event seite
http://28c3.fem-net.de/ Streams zu den Vorträgen

Für alle Technik-afinen zu empfehlen, manche Vorträge haben es echt in sich und bieten eine Stunde unkonventionelle Ansätze zu IT Themen.

Stay tuned

Der tag nach dem Herz für Blogger

Ein Herz für Blogs und der Tag danach…
Gestern über die Aktion „Ein Herz für Blogs“ geschrieben, heute haben sich dort mehrere Hundert Blogs in die TrackbackListe eingetragen. Beeindruckend!
Trackback: Stadtbahn-Blog
Trackback: Doktorsblog
Trackback: Testspiel.de
Trackback: hombertho.de
Trackback: C33» Blogarchiv
Trackback: Architekturblog
Trackback: anrichter
Trackback: twive!
Trackback: superschurke.de
Trackback: PinMe

Wikipedia Aufrufstatistiken

Über stats.grok.se werden Zugriffszahlen der Wikipedia in Diagrammen dargestellt. Dabei kann nach Monat und Projektsprache gefiltert werden und der entsprechende Artikeltitel angegeben werden.

Die Quelle der Stats ist dabei: dammit.lt/wikistats falls jemand selbst eine Auswertung schreiben möchte.

Besonders schön ist der Vergleich der „top viewed pages“ einer Sprache, dabei kann man fast schon einen Trend ausmachen, bzw. Aussagen treffen, was das Land bewegt, in Anbetracht der großen Reichweite die das Wikipedia Projekt mittlerweile erreicht hat.

Die Top 20 deutschen Suche Begriffe sind dabei:

  1. Olympische Spiele
  2. Georgien
  3. Medaillenspiegel der Olympischen Sommerspiele 2008
  4. Nekrolog 2008
  5. Südossetien
  6. Berlin
  7. Johnny Cash
  8. Batman
  9. Volksrepublik China
  10. Olympische Sommerspiele
  11. Liste der Hunderassen
  12. Heath Ledger
  13. Hamburg
  14. The Dark Knight
  15. Paul Potts
  16. Michael Phelps
  17. Vereinigte Staaten
  18. Olympische Sommerspiele 2008/Fußball
  19. Europa
  20. Joachim Ringelnatz

Im englischen Sprachraum sind die folgenden Begriffe im gleichen Zeitraum auf die Top Plätze gekommen:

  1. 2008 Summer Olympics
  2. Sarah Palin
  3. Michael Phelps
  4. YouTube
  5. Bernie Mac
  6. Olympic Games
  7. Joe Biden
  8. Georgia (country)
  9. The Dark Knight (film)
  10. Deaths in 2008
  11. Facebook
  12. Wikipedia
  13. Sex
  14. Barack Obama
  15. MySpace
  16. Usain Bolt
  17. United States
  18. Jonas Brothers
  19. Mark Spitz
  20. Nastia Liukin

Zeitraum: August 2008

Auffalend hierbei ist das dominierende Thema in beiden Bereichen waren die Olympischen Spiele 2008 in Peking mit deren Superstars Usain Bolt und Michael Phelps. Auch der Kassenschlager Batman mit dem verstorbenen  Heath Ledger schafft es unter die Top Abfragen. Die restlichen Ergebnisse überraschen jedoch, so scheinen sich im deutschsprachigen Raum mehr Leute für Außenpolitik (China, Südossetien und Georgien) zu interessieren, beschäftigten sich im englischen mehr Leute mit der eigenen Politik, so taucht der mittlerweile gewählte Präsident Barack Obama genauso wie die Vizekandidatin von McCain Sarah Palin ganz oben auf. Auch Internetkonzerne scheinen es den Amerikanern / Engländern angetan haben (Facebook, Youtube, MySpace). Über die Tatsache, dass „Sex“ unter den Top 20 Suchausdrücken im englischen erscheint, im deutschen jedoch erst an 50. Stelle, kann man wohl nur schmunzeln.

(Die Top Werte wurden um die internen Verlinkungen wie letzte Änderung, Startseite etc. gekürzt um Übersichtlichkeit zu ermöglichen.

MP3 Experiment Flashmob 2.0

Eine sehr skurrile Geschichte, unter improveeverywhere.com werden in unregelmäßigen Abständen mp3s zur Verfügung gestellt, die sich experimentierfreudige Menschen herunterladen. Diese Dateien werden auf einen tragbaren MP3 Player gezogen und dnan geht es zu einem vereinbartem Zeitpunkt an einen Ort, an dem dann alle gleichzeitig die Play Taste drücken.

Ab dann hören alle quasi parallel Anweisungen von einer „höheren Stelle“ was sie tun sollen, wie z.B. winken, lachen usw. Dabei kommt sicherlich ein gutes Kollektivgefühl auf.

Je mehr Teilnehmer, desto atemberaubender sieht das ganze auch für Nicht-Teilnehmer aus. Das ganze ist mittlerweile auch nach Deutschland geschwappt, im Rahmen des 24th international short film festival in Berlin gab es eine solche Aktion. Dabei wurde auch im Vorfeld festgelegt, dass jeder Teilnehmer eine bestimmte Shirt Farbe tragen soll, ein Regenschirm und einen Luftballon mitbringen soll.

Hier mal ein Video der englischen Ausgabe:

Flashmobs sind ja mittlerweile durch Print und TV Medien sehr weit bekannt, dabei treffen sich Leute an einem bestimmten Ort, um dort einige Minuten regungslos zu verharren, oder in großer Zahl Fast Food Ketten an deren Kapazitätgrenzen zu bringen.

Gefunden über: informationsschaum.de