A reef takes time to grow: CIRT-BS
By Hadyn Green
Wednesday, April 22nd, 2026
Even Cyber Reefs require work and nurturing to become a protective barrier.
Working within constraints means you need to be innovative. Innovation means you need to be bold. But being bold means you better have a good product because you won’t have many chances. It’s a delicate balance that we have seen all over the globe.
In The Bahamas, the CIRT-BS team had a great idea and worked hard at it and now, after a little over a year of an initial trial and proof of concept, they have a great product that’s ready for an official launch: Cyber Reef.
The idea of Cyber Reef is providing special access to services from CIRT-BS for medium to large organizations.
- Targeted information sharing – CIRT-BS collects public IP ranges and domains, correlates them against trusted threat-intelligence sources.
- Targeted alerts – reporting on malicious activity involving their networks, compromised or infected systems, vulnerabilities and misconfigurations in the organization’s internet facing assets and leaked credentials found on the dark web or any Pastebin repository.
- Support for malicious domain and email reporting and takedown.
- Website Security Posture Assessment – domains registered by constituents are assessed for key security configurations and they receive recommendations from CIRT-BS on how to improve their security.
- Specialized technical training – training sessions delivered by CIRT-BS and international partners on a broad spectrum of topics.
- Tabletop exercises (TTX) – custom-designed incident response exercises that help organizations evaluate their readiness and identify gaps by testing their response plans.
- Digital Forensics & Incident Response (DFIR) – CIRT-BS offers digital forensic analysis, including evidence collection, intrusion investigation, malware assessment, and delivery of a comprehensive DFIR report.
In return for this, though, the organizations must give up a lot of information that they normally wouldn’t. Even the initial sign-up process requires details that make threat detection easier. One of the services, currently in beta-testing, is to deploy preconfigured T-Pot “honeypot” sensors to the organizations.
All of this information gathering can make some larger organizations nervous. Generally, cybersecurity advice is to not let people into your systems to poke around. But that’s what CIRT-BS are asking to do, and this is where the team hit their main barrier.
Challenges
Trust is the ultimate intangible that every cybersecurity practitioner needs to be able to build and have and show. The lack of trust can trip-up even the most successful or promising projects.
Real challenge for national CSIRT projects in any country, especially with newer teams, because the trust isn’t with the team, it’s with the government.
Given the type of organizations the CIRT-BS team are looking to work with – telecommunication companies, critical infrastructure, internet service providers and so on – the trust thresholds are very high. Now, CIRT-BS are not regulators or law enforcement, but for many organizations, they see anyone in the government as the same.
There is no easy fix for this. When we worked with CIRT-BS in 2025 as part of the A4 initiative, we joined some Cyber Reef stakeholder meetings in the hope that adding a bit of an international operational perspective from FIRST could help bolster the case and lend a bit of credibility. These engagements did help move the needle, but plenty more time, effort, and face-to-face meetings were needed to get things across the line.
And even after all that you can still hit some speed bumps.
“They thought we were scammers,” recalls Emilio Smith from CIRT-BS, “like we were trying to get into their systems and because of that they didn’t want our help.”
“Trust building was definitely the hardest part, but not the only lesson for us.”
In some ways the team was a victim of their early success. Cyber Reef is about to get an official launch, but the initial work was going so well until the team realized they were scaling up at the expense of quality. And as onboarding is the toughest and most time-consuming part of Cyber Reef, expanding quickly slows things down.
Managing the service expectations, prioritizing organizations to target and services to offer has allowed Cyber Reef to become viable despite the constraints of capacity and resources. In part this is why the CIRT-BS are doing a restructure before the launch, to ensure they are offering the best product.
This has a feedback loop with trust. The more you can deliver on what you promised the more the organizations trust you.
Lessons
Emilio says that if they were doing this again from scratch there would be small changes he would make to the creation process, including planning exactly what services to offer and how to provision them and setting long-term goals then figuring out what paths lead to those goals.
“We worked with CERT Jersey and borrowed from their Cyber Shield service to create our initial blueprint for Cyber Reef with our own twist. The team from Jersey provided us with all the help we needed to understand how to offer these services. But we didn’t have a lot of previous examples of how this would work within the Bahamian community, so after the work we’ve done now, I think we’d be in a better place if we had to restart today.”
Emilio says the team also learned that when you don’t have the answer, lean on your community for help. This includes international as well as local communities.
“Even if it’s just one person, that insight can make a difference.”
The team are confident Cyber Reef will help The Bahamas and increase cybersecurity resilience. They’ve already had success with the initial phase: identifying misconfigured systems and assets that were open to the internet, creating threat intelligence sharing processes, and training organizations to increase their capability.
Most importantly, Cyber Reef has prevented incidents. Which, by all standards, is what cybersecurity is about.
Whenever we’ve spoken to the Bahamas team it’s mentioned how a reef is a great metaphor for cybersecurity. It protects an ecosystem, allows good things through, keeping bad things out. But it also takes a long time to build and there are a lot of interconnected parts that need to be worked on. The Bahamas CIRT has done a fantastic job and we hope to hear more from them after the official launch.
