The Threat Intel Coalition is a Special Interest Group (SIG) at the Forum for Incident Response and Security Teams (FIRST) that assists civil society in detecting and defending against targeted digital threats. Civil society organizations often lack information about the threats they face and the resources needed to prevent and mitigate intrusions. We aim to improve that situation and provide help in two ways. First, we link up civil society organizations facing a targeted threat to researchers at threat intelligence providers who provide assistance in a trusted and confidential setting. We have strong information sharing rules in place to protect the privacy of members and ensure civil society remains in control of who knows what about them. Second, we organize free training sessions and shared resources to support capacity building. Our members include researchers at all leading threat intelligence providers, civil society from around the world and academic experts. Membership is open to all civil society organizations and researchers willing to contribute.
The Threat Intel Coalition is a member of First
We create workshops, training and access to shared resources
We link civil society facing cyber threats to researchers who provide assistance and information in a trusted and confidential setting.
we aim to build a community of trust among civil society organizations, academics and industry member to foster long term cooperation.
Lennart Maschmeyer is a Senior Researcher at the Center for Security Studies at ETH Zurich. He holds a PhD in Political Science from the University of Toronto and an MPhil in International Relations from the University of Oxford. Lennart’s research examines how information technology impacts security competition and the exercise of power in world politics. Specifically, he explores the subversive nature of cyber operations and its strategic implications, as well as the role of non-state actors in cyber conflict.
Cristiana Brafman Kittner is a Senior Manager on Proofpoint's Threat Research Engineering team, specializing in eCrime intelligence and human-centric cyber threats. She previously served as a military strategist and intelligence analyst supporting the U.S. Department of Defense, including work with the Pentagon, defense policy offices, and frontline cyber response teams. Cristiana's background spans geopolitical analysis, incident response, and threat hunting, giving her a strategic perspective on how global events and adversary behavior shape cyber risk. She holds degrees from Boston University and Georgetown University and is a published author focused on cyber threats and organizational resilience.
| Academia/Research | Civil Society | Industry |
|---|---|---|
| Debora Irene Christine, United Nations University Macao | Abir Ghattas, Human Rights Watch | Alexandru Ciobanu, Amgen |
| Ernesto Perez Estevez, CEDIA | Adli Wahid, APNIC | Anton Cherepanov, ESET |
| Florian Egloff, ETH Zurich | Alexandra, Digital Defenders | Ben Read, Mandiant |
| Gil Baram, Tel Aviv University | Andreas Muehlemann, Switch | BGen (ret.) Robert Mazzolin, RHEA Group |
| Irene Poetranto, CitizenLab | Andrej Petrovski, SHARE Foundation | Camille Francois, Graphika |
| James Shires, U Leiden | Andrew Cormack, JISC | Chetan Patel, Helaba |
| JD Work, Marine Corps University/Columbia U | Anthony Sule, CCHub | Christopher McCown, VMWare |
| John Scott-Railton, Citizen Lab | Artur Papyan, Media Diversity Institute | Cristiana Kittner, Mandiant |
| Lennart Maschmeyer, ETH Zurich | Carlos Alvarez, ICANN | Cilas Cutler, Institute for Security and Technology |
| Lilly Muller, Kings College London | Cooper Quintin, EFF | Dlshad Othman, AWS |
| Masashi Crete-Nishihata, CitizenLab | Daniel Bedoya, AccessNow | Greg Lesnewich, Recorded Future |
| Matteo Bonfanti, ETH Zurich | Danish Umar, Digital Rights Foundation | Jamie Collier, Mandiant |
| Myriam Dunn-Cavelty, ETH Zurich | Etienne Maynier, Amnesty International | Jayce Nichols, Mandiant |
| Ron Deibert, Citizen Lab | Hassen Selmi, AccessNow | Jeremy Haas, Looking Glass |
| Silas Cutler, Institute for Security and Technlogy | Ingrid Skoog, CDR | Jill Sopko, Verizon Media |
| Xander Bouwman, TU Delft | Jamie Lord, CERT | Joshua Saxe, Sophos/Covid-19 CTC |
| Jon Camfield, Internews | Juan Andres Guerrero-Saade, SentinelOne | |
| Laurie A Tyzenhaus, CERT | Lilian Teng, Verizon | |
| Lobsang Gyatso, TibCERT | Marten Van Hoorenbeck, Zendesk | |
| Neil Blazevich, Internews | Matt Dahl, CrowdStrike | |
| Neil Jenkins, CTA | Mayo Yamasaki, NTT-CERT | |
| Nighat Dad, Digital Rights Foundation | Mihai Chelalau, Amgen | |
| Paula Martins, APC | Mihai Molcuti, Amgen | |
| Peter Micek, AccessNow | Nart Villeneuve, TrendMicro | |
| Samuel Eibu, Defend Defenders | Pasquale Stirparo, Dragos | |
| Sani Abhilash, CERT-In | Rainer Ginsberg, BASF | |
| Sekuloski Milan, Geneva Centre for the Democratic | RamPrabhu Murugeshan, Diageo | |
| Control of Armed Forces | Roderick Mooi, Sanren | |
| Serge Droz, FIRST | Ryan P. Miller, Target | |
| Stéphane Labarthe, Fundacion Karisma | Shin Adachi, NTT-CERT | |
| Tonu Tammer, CERT-EE | Sylvain Martinez, Elysium Security | |
| Josh Levy, Center for Digital Resilience | Tim Preson, Bell Canada | |
| Runa Sandvik, Independent Security Researcher | Tobias Ellenberger, Oneconsult | |
| Thom Kaye, AccessNow | Vaman Amarjeet Gokuldas Kini, WorldBank | |
| Dustin Kramer, Independent | Winonna DeSombre | |
| Habeeb Adebisi, Co-Creation Hub, CiviCERT | Adam Caudle, Verizon | |
| Simbiat Sadiq, Co-Creation Hub, cyber safe foundation | James Motherway, GIAC | |
| Peter Lowe, DNS Filter | ||
| Evan Wolff, Crowell |
