Cybersecurity today is a global, collaborative effort – and no one understands that more than Chris Gibson, CEO of the Forum of Incident Response and Security Teams (FIRST).

Since joining FIRST as Executive Director, Chris has been dedicated to building trust and strengthening real-time cooperation. His experience spans the early days of incident response, leading critical national teams, and guiding an international nonprofit that shapes best practices for the world’s cybersecurity community.

In this interview, Chris explains how FIRST supports incident responders, the risks organizations face without a sound strategy, and why cross-border collaboration and continuous learning are key to staying secure in today’s dynamic threat landscape.

How did FIRST originate? What has your journey been like since your arrival?

What began as an informal collaboration among US--based response teams in 1990 quickly evolved into a formal, global community,incorporated in 1995. Today, the Forum of Incident Response and Security Teams (FIRST) represents more than 800 member teams across 113 countries, all united by a shared mission: to make the internet safer for everyone.

My personal journey with FIRST began in 2001 while working at Citibank’s Computer Emergency Response Team (CERT), where I led global forensics. Later, I had the opportunity to build and lead CERT-UK, the United Kingdom’s first formally chartered national CERT.

Joining FIRST as Executive Director in 2019 felt like a homecoming – I had already served on the board for a decade, including two years as Chair. Taking on the CEO role has been both a professional milestone and a return to something deeply meaningful: building trust-based global collaboration to strengthen cybersecurity worldwide.

Can you introduce us to what FIRST does? What are the main challenges you help navigate?

FIRST is the world’s leading association of incident responders. We’re an international nonprofit dedicated to supporting the people on the front lines of cybersecurity: the responders, analysts, and defenders who keep the internet safe.

Cybersecurity challenges are global, and no single organization, country, or region can solve them in isolation. That’s why collaboration is at the heart of what we do. We foster trusted, peer-to-peer networks that transcend borders – enabling real-time knowledge sharing, rapid response coordination, and the development of community-driven best practices.

We champion technical excellence, ethical responsibility, and continuous learning through yearly events, such as FIRSTCON. Whether the threat landscape is shifting or stable, our commitment remains the same: empower the incident response community with the tools, knowledge, and trust they need to act quickly and effectively.

How can businesses be at risk when they don't have a strategic incident security response approach in place?

Without a clear incident response strategy, businesses are essentially flying blind in a storm. It’s not a question of if a breach will happen, but when. Delayed response times can amplify the impact of an attack: data loss, reputational harm, regulatory fines, and customer attrition.

Worse, many organizations only discover their gaps mid-crisis. Without tested playbooks, effective training, or clear escalation paths, even minor incidents can escalate quickly. A well-developed incident response plan gives businesses the confidence to act decisively, limit damage, and recover faster.

Have you noticed any new security trends or challenges that have emerged as a result of recent global events?

The past few years have brought a sharp rise in both the volume and sophistication of cyber threats. Ransomware actors now use double or triple extortion tactics, combining encryption, data theft, and social engineering to increase leverage.

Remote work, cloud migration, and expanding supply chains have introduced new vulnerabilities and widened attack surfaces. We’re also seeing critical infrastructure increasingly targeted, shifting cyber risks from corporate disruption to national security concerns.

The need for real-time, cross-border cooperation has never been greater, and that’s precisely where FIRST comes in.

What incident response and security measures do you think every business should implement to stay competitive and secure in today’s digital landscape?

First, embed security into your organization's DNA. This means conducting ongoing risk assessments, providing continuous training, and investing in resources for your teams. Most importantly, ensure your incident response plan isn't just theoretical – it needs to be tested and actionable.

Second, prioritize collaboration. No organization is an island. Join trusted communities like FIRST or sector-specific networks to gain critical intelligence, peer support, and early warnings about emerging threats.

Finally, embrace standards and automation. Tools like CVSS (Common Vulnerability Scoring System) and EPSS (Exploit Prediction Scoring System) help teams prioritize vulnerabilities for remediation.

Many companies are embracing cloud-based incident response stacks and automation platforms. What are some commonly overlooked aspects during this transition?

Security often lags behind in the rush to adopt new platforms. One common blind spot is third-party risk – businesses often underestimate how much exposure they inherit from other tools and providers. Another is configuration: cloud platforms offer immense flexibility, but misconfigurations remain a top cause of breaches.

Automation can also cut both ways. Without careful oversight, it can magnify errors or introduce new vulnerabilities. That’s why it’s essential to align your tool stacks with your security posture.

What are the security best practices organizations should adopt to protect the integrity of their brand, optimize customer experience, and scale sustainably?

Trust is the cornerstone. Customers expect their data to be protected and their service providers to act transparently and competently in a crisis. That begins with secure-by-design principles and privacy embedded throughout the development lifecycle.

To scale effectively, your security must scale, too. Design response protocols that grow with your infrastructure. Monitor continuously, audit regularly, and invest in people – not just tools. And stay engaged with the global security community. The threat landscape evolves quickly, and visibility across borders can make the difference between prevention and response.

Looking toward the future, what trends or innovations do you predict will shape the incident response and vulnerability management landscape over the next few years?

We're going to see a major push toward automation – not just within organizations, but across organizational boundaries. Standards like CACAO will enable machine-to-machine coordination of defense actions, reducing response times from hours to milliseconds.

We also expect further convergence between cyber threat intelligence and operational response. Organizations will increasingly need real-time context: not just what happened, but why it matters and how to respond.

And finally, what’s next for FIRST? Are there new services, markets, or technologies you're planning to explore in the near future?

We’re focused on scaling trust and capacity, especially in underserved regions. That includes expanding our global training programs, strengthening regional partnerships, growing our Special Interest Groups (SIGs), and creating more ways for members to engage and lead.

We’re also launching new funding programs, such as the CORE Initiative with Fortinet as its founding partner. CORE supports initiatives like subsidized training for low-income countries, new course development, and the enhancement of our Suguru Yamaguchi Fellowship Program to grow the next generation of cybersecurity leaders.

Above all, we’re doubling down on our core mission: building bridges across borders, sectors, and disciplines. Because cybersecurity isn’t just a technical problem – it’s a global team effort.