Oz ethical hackers to be set professional standards

Alastair MacGibbon appointed CEO of CREST Australia

Penetration testing, also known as "pentesting" or "ethical hacking", took a step away from its sometimes unruly reputation today with the establishment of an Australian branch of the Council of Registered Ethical Security Testers (CREST).

"CREST Australia will have the important role of establishing clear and agreed standards for cyber security testing," said attorney-general Nicola Roxon in a media statement.

"These standards will help the business sector be confident that the work conducted by IT professionals is completed with integrity, accountability and to agreed standards."

CREST Australia is affiliated with CREST Great Britain.

Individual members of that organisation must pass exams to validate their competence.

Currently CREST rates individuals as a CREST Registered Tester, or as one or both of two CREST Certified Tester qualifications, one for network testing and one for application testing.

Member companies must meet CREST's standards of management, integrity and accountability.

"By having this function performed by an Australian arm of a recognised body such as CREST, qualifications can be recognised internationally, promoting a recognised international standard," Roxon said.

While CREST Australia is an independent not-for-profit organisation it will "work closely with Government" — a fact reinforced by the media statement being tagged with an explanation of CERT Australia, Australia's official national computer emergency response team (CERT).

Alastair MacGibbon has been appointed as CREST Australia's first chief executive officer.

MacGibbon is well-known in the information security community. He was founding director of the Australian Federal Police's Australian High Tech Crime Centre, and director of trust and safety for eBay Australia & New Zealand.

He is currently director of the Centre of Internet Safety at the University of Canberra, as well as a consultant in the private sector through the Surete Group.

CREST is not the only certification body for penetration testers. Certifications are also offered by the Tiger Scheme, the SANS Institute and Offensive Security, amongst others.


CSO Announcement

Register Today. Hear from Rob Livingstone, Michael Barnes, Steve Quane and Dave Asprey amongst others on the Evolution, Trends, Solutions and the Future of Cloud Security, limited seats register today through CSO.


Join the CSO newsletter!

Error: Please check your email address.

More about Australian Federal PoliceCERT AustraliaeBayetworkFederal PoliceSANS InstituteUniversity of CanberraUniversity of Canberra

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stilgherrian

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts