Australian group wants all pen testers certified - AusCERT agrees
An Australian not-for-profit group, CREST Australia, wants to identify skilled penetration testers with the CREST (Council of Registered Security Testers) certification, founded in Britain in early 2008.
Formed several years ago through informal conversations within the security industry, CREST Australia is now proposing that testers go through a gruelling 'hacking test' to be certified in addition to possibly paying thousands for the privilege to do so. In return, CREST Australia promises to promote certified professionals to the country’s largest and wealthiest corporations as the best in the business.
The board of CREST have pitched the certification to CERT Australia, the information security arm within the Federal Attorney-General’s Department, which has offered to bankroll the initiative. The department did not return repeat phone calls and emails to discuss its support of CREST Australia and the value of the monetary contribution is unknown.
Interestingly, here in Malaysia, the Government is also working on a similar Computing Professionals Bill aimed at regulating Malaysian information technology and security professionals - The proposal which calls for the formation of a national body tasked with registering and certifying all ICT professionals would make certification mandatory for anyone working on projects deemed to be of critical national importance. Needless to say, the proposal has not gone down well, with many law makers and members from the Malaysian IT sector, calling it Orweillian.