The evidence is now on record, drawn directly from the government’ own grant. It confirms what many suspected: professionalisation raises costs, slows workforce growth, reduces competition, and increases barriers to entry. More importantly, it reveals what few are willing to say out loud - whoever wins the grant may be set up to fail. Read the summary. Read the study. See for yourself.
I swear by Almighty God that I will tell the truth, the whole truth, and nothing but the truth.
In 2022, I joined a working group organised by a US government body whose mission is to promote innovation and industrial competitiveness.
The goal of this working group was to brainstorm ways to improve the quality and availability of cybersecurity credentials.
According to records in my calendar, I attended as many as nine one-hour meetings between March and November 2022.
I now officially testify that many of these meetings included discussions about how this agency could become the peak body for cybersecurity credentials.
In this essay, I use open-source intelligence to highlight why it’s so important that the professionalisation grant is set up with well-defined boundaries that avoid the complications of dual roles.
AustCyber promised to professionalise cybersecurity, took public money, and delivered nothing. Now, the same actors return under a new banner, asking for more. This essay exposes the disavowed failure, the absence of accountability, and the quiet repackaging of a still-unproven idea.
In this essay, I analyze selected texts on professionalisation to expose the power structures they sustain. My intent is twofold: to invite those shaping these bodies to reflect on how their language may silence or sideline others - and to equip those who feel excluded with a sharper lens to see how language itself can become a quiet instrument of control.
Professionalisation should stand on its own merits — not on the illusion that it will prevent the next fraud. If we build professionalisation on that fantasy, we are not protecting businesses or consumers — we are deceiving ourselves.
Professionalisation was explored, revisited, and reconsidered. AISA’s journey reflects not opposition, but the careful weighing of complex questions over time.
A man faked his way into cybersecurity leadership — not because the system lacked rules, but because no one cared to check his credentials. Professionalisation won’t fix that.
When six organisations out of 220 steer government policy, the question is not whether professionalisation is necessary — but whether it is legitimate.
Professionalisation is haunted by spectres: contradictory evidence, uncertain promises, unresolved concerns, lingering doubts, incomplete solutions, false closure, unseen exclusions, and past scandals.
This essay aims to call out these spectres so they can be examined in themselves but more importantly so that their influence on how we’re approaching professionalisation can be properly examined.
We do not summon the spectres, and even if we choose to ignore them, they still exist.
The cybersecurity industry is being overtaken by a push for professionalisation. Its proponents justify this push as a necessary step to better protect the public, businesses, and consumers. But a closer look reveals an ideology that elevates certain values, devalues others, and even excludes some values altogether.
What is the cost of this devaluation, and who pays the price? To answer this, we will look to a case study of the UK’s cybersecurity professionalisation scheme, specifically the UK Cyber Security Council Competence & Commitment (UK CSC SPC). We’ll refer to UK CSC as “the Council,” as that’s how its creators describe themselves.
My end goal is to encourage reflection and questioning throughout the industry. By thinking critically about professionalisation, we can reflect on our ethical responsibilities toward those who are devalued or excluded – and decide whether change is necessary.
Professionalisation is both the mechanism that enforces an economic model and the ideology that justifies it. In this essay, I set out to analyse the Grant Opportunity Guidelines published by the Australian Government and ask dangerous questions.