The Threat Intel Coalition

The Threat Intel Coalition is a Special Interest Group (SIG) at the Forum for Incident Response and Security Teams (FIRST) that assists civil society in detecting and defending against targeted digital threats. Civil society organizations often lack information about the threats they face and the resources needed to prevent and mitigate intrusions. We aim to improve that situation and provide help in two ways. First, we link up civil society organizations facing a targeted threat to researchers at threat intelligence providers who provide assistance in a trusted and confidential setting. We have strong information sharing rules in place to protect the privacy of members and ensure civil society remains in control of who knows what about them. Second, we organize free training sessions and shared resources to support capacity building. Our members include researchers at all leading threat intelligence providers, civil society from around the world and academic experts. Membership is open to all civil society organizations and researchers willing to contribute.

The Threat Intel Coalition is a member of First

First Member

Focus Areas

Capacity Building

We create workshops, training and access to shared resources

Information Sharing & Assistance

We link civil society facing cyber threats to researchers who provide assistance and information in a trusted and confidential setting.

Become a Member

Community of Trust

we aim to build a community of trust among civil society organizations, academics and industry member to foster long term cooperation.


Dr. Lennart MaschmeyerCo-chair

Lennart Maschmeyer is a Senior Researcher at the Center for Security Studies at ETH Zurich. He holds a PhD in Political Science from the University of Toronto and an MPhil in International Relations from the University of Oxford. Lennart’s research examines how information technology impacts security competition and the exercise of power in world politics. Specifically, he explores the subversive nature of cyber operations and its strategic implications, as well as the role of non-state actors in cyber conflict.

Abir GhattasCo-chair

Abir is the Director of Information Security at Human Rights Watch. She provides strategic and operational oversight for managing information security risks that HRW staff face in their work.
Abir’s work and research focuses on women rights, digital rights and the intersection of gender and tech. Abir sits on Article19‘s international board, OTF’s advisory council and the grant advisory board of AccessNow. She also founded HammamRadio, A feminist participatory radio, launched from Berlin where she is based.

Ben ReadCo-chair

Benjamin Read is the Senior Manager for Cyber Espionage Analysis in FireEye’s Intelligence unit. His team leads tracks and reports on espionage groups from China, Russia, North Korea and many other countries. He was an analyst on the same team at iSIGHT Partners before it was acquired by FireEye in January 2016. Prior to iSIGHT, Mr. Read worked as a special assistant at the National Security Council’s European Affairs Directorate. While there, he supported the numerous presidential trips and meetings including the 2012 NATO Summit in Chicago.


Academia/Research Civil Society Industry
Debora Irene Christine, United Nations University Macao Abir Ghattas, Human Rights Watch Alexandru Ciobanu, Amgen
Ernesto Perez Estevez, CEDIA Adli Wahid, APNIC Anton Cherepanov, ESET
Florian Egloff, ETH Zurich Alexandra, Digital Defenders Ben Read, Mandiant
Gil Baram, Tel Aviv University Andreas Muehlemann, Switch BGen (ret.) Robert Mazzolin, RHEA Group
Irene Poetranto, CitizenLab Andrej Petrovski, SHARE Foundation Camille Francois, Graphika
James Shires, U Leiden Andrew Cormack, JISC Chetan Patel, Helaba
JD Work, Marine Corps University/Columbia U Anthony Sule, CCHub Christopher McCown, VMWare
John Scott-Railton, Citizen Lab Artur Papyan, Media Diversity Institute Cristiana Kittner, Mandiant
Lennart Maschmeyer, ETH Zurich Carlos Alvarez, ICANN Cilas Cutler, Institute for Security and Technology
Lilly Muller, Kings College London Cooper Quintin, EFF Dlshad Othman, AWS
Masashi Crete-Nishihata, CitizenLab Daniel Bedoya, AccessNow Greg Lesnewich, Recorded Future
Matteo Bonfanti, ETH Zurich Danish Umar, Digital Rights Foundation Jamie Collier, Mandiant
Myriam Dunn-Cavelty, ETH Zurich Etienne Maynier, Amnesty International Jayce Nichols, Mandiant
Ron Deibert, Citizen Lab Hassen Selmi, AccessNow Jeremy Haas, Looking Glass
Silas Cutler, Institute for Security and Technlogy Ingrid Skoog, CDR Jill Sopko, Verizon Media
Xander Bouwman, TU Delft Jamie Lord, CERT Joshua Saxe, Sophos/Covid-19 CTC
  Jon Camfield, Internews Juan Andres Guerrero-Saade, SentinelOne
  Laurie A Tyzenhaus, CERT Lilian Teng, Verizon
  Lobsang Gyatso, TibCERT Marten Van Hoorenbeck, Zendesk
  Neil Blazevich, Internews Matt Dahl, CrowdStrike
  Neil Jenkins, CTA Mayo Yamasaki, NTT-CERT
  Nighat Dad, Digital Rights Foundation Mihai Chelalau, Amgen
  Paula Martins, APC Mihai Molcuti, Amgen
  Peter Micek, AccessNow Nart Villeneuve, TrendMicro
  Samuel Eibu, Defend Defenders Pasquale Stirparo, Dragos
  Sani Abhilash, CERT-In Rainer Ginsberg, BASF
  Sekuloski Milan, Geneva Centre for the Democratic RamPrabhu Murugeshan, Diageo
  Control of Armed Forces Roderick Mooi, Sanren
  Serge Droz, FIRST Ryan P. Miller, Target
  Stéphane Labarthe, Fundacion Karisma Shin Adachi, NTT-CERT
  Tonu Tammer, CERT-EE Sylvain Martinez, Elysium Security
  Josh Levy, Center for Digital Resilience Tim Preson, Bell Canada
  Runa Sandvik, Independent Security Researcher Tobias Ellenberger, Oneconsult
  Thom Kaye, AccessNow Vaman Amarjeet Gokuldas Kini, WorldBank
  Dustin Kramer, Independent Winonna DeSombre
  Habeeb Adebisi, Co-Creation Hub, CiviCERT Adam Caudle, Verizon
  Simbiat Sadiq, Co-Creation Hub, cyber safe foundation James Motherway, GIAC
    Peter Lowe, DNS Filter
    Evan Wolff, Crowell
Scroll to top