Table of Contents

1. Lieutenant Governor visits JCSC

2. Cyber Law Workshops: more dates added

3. Gamifying cybersecurity training: reflections from …

4. Hackers speed up vulnerability exploits…

5. Jobs in Cyber

6. Tools of the Month

Dear reader,

So far, 2026 is flying by: it’s hard to believe that March is just around the corner. Over the last month, we’ve been focused on delivering Cyber Law workshops, and collating the feedback we’ve received.

So far, these workshops have led to useful discussions on the unexpected risks (and potential mitigations) facing our key industries, and given us a useful steer on how we can best support Operators of Essential Services. If you haven’t signed up to a workshop, we’ve added more dates, which you can find below. (And if you can’t make any of the available dates, you can always contact us for an individual briefing.)

I am a regular visitor to Guernsey as we set up GCSC. Last week I presented to the Committee for Home Affairs on the progress we have already made, as well as next steps. I’m pleased to say our first permanent team member in Guernsey joins us in March. We are also currently advertising a role for the Guernsey based Cyber Defence Analyst, and have reopened the Guernsey Head of Cyber Defence role. You can find the links to these in the jobs section below.

The other big event has been welcoming the Lieutenant Governor, His Excellency, Vice Admiral Jerry Kyd KBE to the JCSC Operations Centre. Visits like this make for a nice photo opportunity but they also serve an important purpose.

Yes, we had a wide-ranging discussion on geopolitics, nation-level infrastructure in a small Island jurisdiction, and the economic drivers behind a lot of cyber crime. But I also had the chance to talk to His Excellency about JCSC and what we do. And given His Excellency’s interest in this area, and the wide range of people he meets, this gives us a chance to raise awareness of what we do with audiences that we wouldn’t otherwise reach.

Of course, you don’t need to be the Lieutenant Governor to visit our offices. Remember: anyone can book a free 30-minute Cyber Advice session with the team, using this form.

Until next time,

Lieutenant Governor visits JCSC

On Tuesday 10 February, His Excellency, Vice Admiral Jerry Kyd KBE visited JCSC with his team. We were pleased to welcome him to the Operations Centre, introduce the team, and explain more about what we do. We were joined by our colleagues Elisabeth, Christoph and Mark from the Digital Economy Team, who have been leading the work on the Cyber Security (Jersey) Law.

During the visit, His Excellency asked questions about the effect of broader geopolitical events in Jersey; the challenges facing the Island when it comes to cyber security; and how the Island deals with the challenge of being a small jurisdiction that hosts nation-level infrastructure. He also took time to engage with individual team members and to hear about their experiences and aspiration.

Cyber Law Workshops: more dates added

We’ve now welcomed 70 people to our Cyber Law workshops. Remember: if your organisation qualifies as an Operator of Essential Service (OES) under the draft Cyber Security Law, you’ll need to take certain steps when the Law comes into effect. You can find more about this on our information hub at jcsc.je/cyberlaw.

We’ve added more dates so that more OES can attend, including a general session on 5th March online for anyone who has not been able to attend sector specific sessions. If you can’t attend any of the dates below, please get in contact with us.

• NEW: Thursday 5 March: all sectors - ONLINE ONLY - (10:30 - 14:00)

• RESCHEDULED: Thursday 12 March: Telecommunications (12:30 – 14:00)

• NEW: Thursday 12 March: Briefing for Jersey Bankers’ Association (invitation only)

• NEW: Thursday 19 March: Banking Sector (12:30 - 14:00)

Attendance is free but places are limited: tap the button below to book your place.

Gamifying cybersecurity training: reflections from TF-CSIRT and FIRST

I recently attended the TF-CSIRT meeting and FIRST Regional Symposium held in Jerez. One highlight of the meeting was seeing how people teach cyber security. The NIS2 Directive in Europe mandates that organisations provide regular training. But many people do all they can to avoid this because they find it boring.

(In a past life I used to provide this sort of training for a UK government department. I have to say that I sympathise with this view.) 

Turning training into a game makes a difference. People are more engaged, they remember more, and it makes more of a difference to culture. Our colleagues in Latvia have produced several games. One is like an escape room. Another is the sort of table-top exercise we have done with some local businesses. 

A third is a group exercise where teams of 4-6 hunt down the hacker and work out how they got in. The Latvian CERT have adapted this for several audiences – military, government and schools. It only works face to face, so they have also trained people to take the game out to more distant locations. 

 We are keen to do more to reach our constituency, and we think that there are ideas here that we need to try out. We’d love to hear your thoughts about this. 

Hackers speed up vulnerability exploits…

Research from VulnCheck suggests that an increase in the vulnerabilities being exploited on or before the day of a CVE disclosure. And while the research is only on work done by VulnCheck, it does suggest a broader pattern (and the increasing challenges facing cyber defenders).

…and INTERPOL foils scammers

INTERPOL’s Red Card 2.0 shows both the possibility of foiling large scale cyber-enabled crime and the high level of international co-operation and resources needed to do it.

Jobs in Cyber

Are you recruiting for a cyber role locally? Tell us at [email protected] and we’ll share your job listing with the community.

Cyber Defence Analyst: Guernsey Cyber Security Centre (GCSC)

The Cyber Defence analyst will undertake day-to-day operational activity for GCSC as part of the wider JCSC and GCSC. The role will focus on providing advice and support to organisations and residents across the Channel Islands (with a specific focus on the Bailiwick of Guernsey), as well as undertaking technical incident response, local community engagement, threat intelligence monitoring, and the operation of cyber defence services.

Head of Guernsey Cyber Defence: Guernsey Cyber Security Centre (GCSC)

The Head of Guernsey Cyber Defence will lead the operational activity of GCSC as part of the senior management team of the Jersey and Guernsey Cyber Security Centres (CSCs), promoting and improving the cyber resilience in Guernsey and its community of organisations, business and citizens.

Cyber Manager, Risk Assurance: PwC

This role would suit someone with 5 years’ experience in the industry, knowledge of industry frameworks, and experience of managing large projects.

Information Security Analyst/Senior Analyst: Ogier

This role would suit someone with experience in a professional services setting, good communication, and a desire to progress towards security certifications.

Penetration Tester: Cortida Ltd

This role would suit someone with three years’ experience of pen testing and experience with a range of pen testing tools.

Penetration Testing Team Leader: Cortida Ltd

This role would suit someone with a CHECK Team Leader qualification, six years’ experience of pen testing, and the ability to build relationships with a range of stakeholders.

Tools of the Month

Each month, we provide a round up of tools that our team have found useful, and which could be useful to cyber security professionals. If you’ve found a helpful tool you’d like to share, please email us and we’ll include it in a future newsletter.

Did you know? JCSC can check potentially malicious files for you in our sandbox, but please let us know before sending them over.