Professionalisation (12)

Understand Before You Fix

The evidence is now on record, drawn directly from the government’ own grant. It confirms what many suspected: professionalisation raises costs, slows workforce growth, reduces competition, and increases barriers to entry. More importantly, it reveals what few are willing to say out loud - whoever wins the grant may be set up to fail. Read the summary. Read the study. See for yourself.

Continue reading →

I Took Part in Secret Meetings About Professionalising Cybersecurity

I swear by Almighty God that I will tell the truth, the whole truth, and nothing but the truth.

In 2022, I joined a working group organised by a US government body whose mission is to promote innovation and industrial competitiveness.

The goal of this working group was to brainstorm ways to improve the quality and availability of cybersecurity credentials.

According to records in my calendar, I attended as many as nine one-hour meetings between March and November 2022.

I now officially testify that many of these meetings included discussions about how this agency could become the peak body for cybersecurity credentials.

Continue reading →

The Spectre of Dual Roles

In this essay, I use open-source intelligence to highlight why it’s so important that the professionalisation grant is set up with well-defined boundaries that avoid the complications of dual roles.

Continue reading →

AustCyber Took Government Money to Professionalise Cyber. It Delivered Nothing.

AustCyber promised to professionalise cybersecurity, took public money, and delivered nothing. Now, the same actors return under a new banner, asking for more. This essay exposes the disavowed failure, the absence of accountability, and the quiet repackaging of a still-unproven idea.

Continue reading →

Words That Bind: How Professionalisation Speaks Us Into Silence

In this essay, I analyze selected texts on professionalisation to expose the power structures they sustain. My intent is twofold: to invite those shaping these bodies to reflect on how their language may silence or sideline others - and to equip those who feel excluded with a sharper lens to see how language itself can become a quiet instrument of control.

Continue reading →

Will professionalisation prevent the next Veronica Theriault?

Professionalisation should stand on its own merits — not on the illusion that it will prevent the next fraud. If we build professionalisation on that fantasy, we are not protecting businesses or consumers — we are deceiving ourselves.

Continue reading →

Listening Before Leaping: AISA's Cautionary Path on Professionalisation

Professionalisation was explored, revisited, and reconsidered. AISA’s journey reflects not opposition, but the careful weighing of complex questions over time.

Continue reading →

Would professionalisation have stopped the Hacker from Hell?

A man faked his way into cybersecurity leadership — not because the system lacked rules, but because no one cared to check his credentials. Professionalisation won’t fix that.

Continue reading →

Only 6 out of 220 recommended professionalisation to Home Affairs

When six organisations out of 220 steer government policy, the question is not whether professionalisation is necessary — but whether it is legitimate.

Continue reading →

The Spectres of Cybersecurity Professionalisation

Professionalisation is haunted by spectres: contradictory evidence, uncertain promises, unresolved concerns, lingering doubts, incomplete solutions, false closure, unseen exclusions, and past scandals.

This essay aims to call out these spectres so they can be examined in themselves but more importantly so that their influence on how we’re approaching professionalisation can be properly examined.

We do not summon the spectres, and even if we choose to ignore them, they still exist.

Continue reading →

Professionalisation as the Profane Made Sacred

The cybersecurity industry is being overtaken by a push for professionalisation. Its proponents justify this push as a necessary step to better protect the public, businesses, and consumers. But a closer look reveals an ideology that elevates certain values, devalues others, and even excludes some values altogether.

What is the cost of this devaluation, and who pays the price? To answer this, we will look to a case study of the UK’s cybersecurity professionalisation scheme, specifically the UK Cyber Security Council Competence & Commitment (UK CSC SPC). We’ll refer to UK CSC as “the Council,” as that’s how its creators describe themselves.

My end goal is to encourage reflection and questioning throughout the industry. By thinking critically about professionalisation, we can reflect on our ethical responsibilities toward those who are devalued or excluded – and decide whether change is necessary.

Continue reading →

Who decides who is a cyber professional and why trust them?

Professionalisation is both the mechanism that enforces an economic model and the ideology that justifies it. In this essay, I set out to analyse the Grant Opportunity Guidelines published by the Australian Government and ask dangerous questions.

Continue reading →