FIRST has outlined plans for three cybersecurity conferences in 2026, with events in the US and Germany. The programme will focus on vulnerability management, cyber threat intelligence, and incident response collaboration.
The announcement comes as the organisation forecasts a rise in disclosed software vulnerabilities. It expects 2026 to be the first year to exceed 50,000 published Common Vulnerabilities and Exposures (CVEs), the widely used catalogue of publicly disclosed security flaws.
Speakers across the series include cybersecurity leaders from the Cybersecurity and Infrastructure Security Agency, Google, Microsoft, Nvidia, the European Commission, and Munich University of Applied Sciences, among others.
Founded in 1990, FIRST is a membership body for incident response and security teams. It includes more than 837 member teams, alongside 204 liaisons and four associates, spanning corporations, government bodies, universities, and other institutions across 115 countries.
Chris Gibson, CEO of FIRST, said the conferences are designed to strengthen relationships between organisations before incidents occur.
“The organizations that recover fastest are the ones with trusted networks already in place, sharing threat intelligence and coordinating response before a crisis hits,” Gibson said.
Vulnerability focus
The first event is CVE/FIRST VulnCon 2026, scheduled for April 13 to April 16 in Scottsdale, US. It will run alongside the Annual CNA Summit, linked to the CVE Numbering Authority system used to assign vulnerability identifiers.
VulnCon is positioned as a meeting point for professionals working in vulnerability management and cybersecurity. The conference will cover collaboration and information exchange, with an emphasis on practical outcomes that attendees can apply to their own vulnerability programmes.
The event will be open to members and non-members who are active in vulnerability management. The broad target audience reflects how vulnerability processes have expanded beyond security teams into software development, IT operations, product security, and risk management.
Threat intelligence
The second conference, the 2026 Cyber Threat Intelligence Conference, will take place in Munich, Germany, from April 21 to April 23. It is aimed at practitioners and managers who work with threat intelligence and want to discuss strategy and operational approaches.
The programme will include management-level discussions, technical sessions, and hands-on workshops. Plenary talks will address sensitive real-world challenges, while workshops will be delivered in small groups.
Threat intelligence has become a central element of many organisations’ security operations. It spans vendor reporting, internal telemetry analysis, and information sharing among peers and public bodies. It also raises ongoing questions about what intelligence is actionable, how it can be shared safely, and how it connects to incident response and vulnerability management.
Incident response
The third event, the 38th Annual Conference, will be held in Denver, US, from June 14 to June 19. FIRST’s main gathering typically attracts computer security incident response teams (CSIRTs) from a wide range of sectors.
The annual conference is presented as a venue for worldwide collaboration among CSIRTs, covering goals, ideas, and strategies tied to incident response and broader cybersecurity practice.
The announcement also highlighted the need for communities that can exchange information quickly during fast-moving incidents. That need has grown as threats cross borders and supply chains, and as attacker tooling and infrastructure become easier to reuse.
Khushali Dalal, Women of FIRST SIG Co-Chair, said the organisation’s approach centres on shared knowledge and learning across the community.
“FIRST’s collaborative approach empowers cybersecurity professionals to solve complex challenges together, fostering a culture of shared knowledge and continuous learning. By uniting experts across the globe, we create a stronger, safer internet for all, where mentorship and teamwork drive meaningful progress in securing digital spaces,” Dalal said.
Expected turnout
Each event will include content tailored to regional needs, while maintaining a consistent emphasis on technical depth and practical application. FIRST expects the series to draw thousands of security professionals from government, the public and private sectors, and academic institutions.
The events come as many organisations reassess how they track vulnerabilities, prioritise patching, and coordinate incident response. Security teams face pressure to reduce exposure windows while managing fragmented technology estates and a growing number of software components drawn from open source and third parties.
Sametria McKinney, a FIRST member and Director of the National Computer Incident Response Team of The Bahamas, emphasised the value of community during incidents.
“While you can accomplish significant things alone, doing this work in a community is exponentially more effective. Through FIRST, you become part of a worldwide effort where a global network answers when you call, supports you during incidents, and shares critical information when it matters most,” McKinney said.
