I Took Part in Secret Meetings About Professionalising Cybersecurity
04 Jun 2025I swear by Almighty God that I will tell the truth, the whole truth, and nothing but the truth.
In 2022, I joined a working group organised by a US government body whose mission is to promote innovation and industrial competitiveness.
The goal of this working group was to brainstorm ways to improve the quality and availability of cybersecurity credentials.
According to records in my calendar, I attended as many as nine one-hour meetings between March and November 2022.
I now officially testify that many of these meetings included discussions about how this agency could become the peak body for cybersecurity credentials.
In those meetings were two cybersecurity vendors: myself representing MCSI and another leading vendor of cybersecurity certifications.
The discussions on this topic were divisive - mostly because I disagreed with the idea. I believed it would lead to less marketplace competition, prevent innovation, and allow key players to give preference to their certifications and degrees in a way that would cement the market.
The premise of those discussions was simple: there exist hundreds of cybersecurity certifications, many of which are - rightly or wrongly - considered low quality. Therefore, it was proposed that this government agency could help separate the “good” from the “bad.”
But does it really serve the industry and employers if vendors such as myself are also decision-makers the criteria for what is considered “good”? Does it serve the market if more established players create artificial barriers that prevent new, innovative solutions from entering the field?
Around the time our working group’s project came to an end, I received an email inviting me to a Google Meet - not hosted on the agency’s official conferencing platform. It was a closed, private meeting with four participants: one of the agency’s directors, the GM of a major certification vendor, a coordinator, and myself. The purpose of the meeting was for the director to hear the pros and cons of the agency going down the path of becoming the peak body for cyber certifications.
If all this wasn’t enough - no public record of these discussions ever existed. Our final report gives no indication that any of this took place.
I therefore testify, firsthand, that the rumours and the so-called conspiracy theories are true: secret meetings about professionalising the industry, or creating an occupational license, are taking place.
I could have gone along with it. I could have benefited financially over the long run. But I don’t want to win because I cornered the market and blocked others from competing. I want to win because I believe my platform and courses are superior. I want to wake up every day with a mission to improve.
Furthermore, professionalistion is not just about how to raise standards, but who gets to write the standards.
I saw firsthand how the fantasy of shaping an industry peak body seduced people — not through money, but through symbolic capital. The chance to say “I helped build this”, “I helped the government”, to gain a title, to be seen as a pillar of the field. This is the hidden desire that drives professionalisation - the dream of being someone.
Creating a peak body promises meaning and status, but in doing so, it stages a conversion: ambition becomes ideology, and the desire to serve mutates into a need to be recognised. The true danger is not corruption in the legal sense, but corruption of desire itself.
I deeply believe that many of the legacy certifications, degrees, and training organisations know that the value of their credentials is dropping. In some cases, their days may be numbered. Today, all the knowledge from theoretical certifications can be accessed for free using tools like ChatGPT. Employers have understood that competencies and attitude matter more than anything else. They want to hire people who can prove they can do the job. They don’t want workers who can only repeat textbook answers or only succeed in pre-scripted environments.
The cybersecurity training market is shifting. It will take time. But I’m confident that the future lies in open competition.
Let the best ideas win - but above all, let them compete honestly, in full daylight.