Contents

• Reflections from FIRST Copenhagen

• Cybersecurity in the news

• Jobs in Cyber

  • Senior Technical Analyst: Network and Security - O …

  • Digital Degree Apprenticeship - PwC

• Learning and Tools of the month

Dear reader,

We had some big news last month.

JCSC been accepted as a member of the Forum of Incident Response and Security Teams (FIRST).

FIRST is the international body for Cyber Security Incident Response Teams (CSIRTs) and represents a range of organisations including National CSIRTs (which includes JCSC, and almost all countries around the world), corporate CSIRTs (internal security functions of larger global companies), and Product CIRTs (which respond to issues with specific products). You can find Jersey listed here.

Our membership follows an extensive 15-step process including sponsorship, application, assessment, site visit, review, and approval. It delivers on the original objectives set out by the Government of Jersey in establishing JCSC, and represents a key stage in our development and maturity. The site visit for JCSS was conducted by the UK’s NCSC, and assessed JCSC’s capability against 80+ points on an international maturity framework.

Membership of FIRST allows us to establish trust with our counterparts in other jurisdictions. In cyber security trust is built one relationship at a time, and one engagement at a time. It requires both organisational relationships and personal ones. When it works well, we can find out about incidents before they happen, and provide or receive support from colleagues across a global community.

We’ve already provided assistance to others, including recently the UK and the Bahamas, and we’ve received help and support too. We’re currently seeking insights from other small CSIRTs to help improve our threat intelligence decisions. Many cyber incidents cross borders, and the ability to rapidly notify six other jurisdictions after one recent incident in Jersey, and have that information trusted, was crucial. This international collaboration makes us all stronger, as well as showing Jersey as a trusted, safe and capable jurisdiction for financial services and the digital economy.

The next step in building this trust and collaboration is the forthcoming Cyber Security (Jersey) Law which provides the essential foundations for responding as an island community to this complex global risk.

My thanks in particular to NCSC (UK) and JP-CERT/CC (Japan) for their sponsorship of our FIRST membership application, and also to the JCSC team for their support in building real capability rather than taking a quicker 'tickbox' approach to meeting the criteria for membership.

Whilst we are entering the holiday season now, the work does not stop.

Until next month then,

Matt

Upcoming events

New dates added: Lunch and Learn

As you may have heard on BBC Radio Jersey last week, we’ve listened to your feedback and added more dates for Lunch and Learn sessions throughout the rest of this year. The new sessions include:

• Thursday 7 August: Small businesses and charities

• Friday 5 September: Financial and professional services

• Monday 3 November: Hospitality

• Tuesday 2 December: Small businesses and charities

As always, you can join us in person at 1 Seaton Place, or via Teams. These sessions are designed for people who aren’t cyber security specialists, and focus on basic controls that can prevent some of the most common cyber attacks.

Can’t make these sessions? Want a bespoke session for your organisation or industry? Just email us at [email protected] to request another session. 

Reflections from FIRST Copenhagen

From Matt:

From our experience in Jersey I've found that we can significantly enhance our cyber incident response practices by applying lessons learned from real-world crises. At the FIRST 2025 conference in Copenhagen in June, I discussed how traditional cyber incident response models like NIST and ISO are effective for handling incidents within a single organisation but struggle in complex, multi-agency situations that require real-time collaboration.

Reflecting on our local response to non-cyber events like Storm Ciaran (2023) and hybrid-cyber events like Russia’s invasion of Ukraine (2021-), I discussed four critical themes: clear operational guidelines, effective communication, shared situational awareness, and continuous training. By adopting frameworks used by emergency services — especially the JESIP (Joint Emergency Services Interoperability Programme) used in Jersey and the UK — we, as cyber responders, can better manage hybrid crises involving multiple stakeholders.

I advocated for the integration of JESIP principles (such as the Joint Decision Model, structured communication, and standardised documentation) into our cyber incident management practices. Additionally, aligning cyber and emergency responses internationally could foster a common understanding and significantly enhance our cyber resilience. Ultimately, better collaboration should help build more robust systems to protect lives and ensure business continuity during cyber incidents. We continue to work towards that in Jersey.

If you’d like to read more on this topic, you can find them at my personal website.

From Paul:

One of the most impressive talks I attended at the conference was given by SektorCert which has put in place a monitoring system to protect Critical National Infrastructure (CNI) and critical infrastructure. SektorCERT have rolled out their solution to nearly 400 entities and was able to use the visibility provided by the solution to protect Denmark during an eleven-day attack by an APT (Advanced Persistent Threat) actor against their CNI infrastructure. One of the key insights is that the technology utilised was scaled from small to large CNI provides which could allow it to be deployed locally.

Another interesting talk presented a system to allow CSIRTS to share and receive vulnerability reports in a totally anonymous way from constituents and/or each other. The presenters shared their experiences of coordinated vulnerability disclosure and the challenges it brings whilst showcasing the design principles to alleviate the issues highlighted.

One of the most technical talks was about the way an incident responder solved a ransomware incident involving 1400 windows systems by rewriting boot loaders, thus avoiding paying a hefty ransom. Other notable talks included one about detecting anti-forensic tool usage on Windows and Linux systems and another on how APT threat actors hide malware on Linux based systems with examples from the telecoms industry.

The conference also allowed many networking opportunities and discussions about the problems faced by the global CSIRT community especially amongst the smaller island CSIRTS.

Cybersecurity in the news

Windows 10 support extended for 12 months

Good news if you’re a Windows 10 user and haven’t yet upgraded to Windows 11: from July, Microsoft will be rolling out extended support for an extra 12 months. It’ll cost up to $30 for individual users, and $61 per device for organisations.

US-Iran conflict migrates to cyber space

We’ve talked before about the ways in which cyber crime is often part of broader international conflicts and the escalating tensions between the US and Iran are demonstrating this once again.

Jobs in Cyber

Senior Technical Analyst: Network and Security - Ogier

This role would suit someone who has a minimum of 5 years’ experience, and experience of technical project management, and knowledge of information security.

Digital Degree Apprenticeship - PwC

This internship would suit people who are want to earn their first undergraduate degree while working and studying on-Island.

Are you recruiting for a cyber role locally? Tell us at [email protected] and we’ll share your job listing with the community.

Learning and Tools of the month

Each month, we provide a round up of tools that our team have found useful, and which could be useful to cyber security professionals. If you’ve found a helpful tool you’d like to share, please email us and we’ll include it in a future newsletter.