Only 6 out of 220 recommended professionalisation to Home Affairs

27 Apr 2025

When six organisations out of 220 steer government policy, the question is not whether professionalisation is necessary — but whether it is legitimate.

In February 2023, the Department of Home Affairs invited the cybersecurity industry’s views on Australia’s future. It received 330 submissions, with 220 made public.

Among the questions asked:

“What more can the Australian Government do to support Australia’s cyber security workforce through education, immigration, and accreditation?”

This gave every respondent the opportunity to recommend professionalisation.

After searching all public submissions, I found just six that explicitly did:

• AustCyber page 38
• Australian Computer Society (ACS) page 2
• Australian Information Industry Association (AIIA) page 19
• CyberCX page 22
• Engineers Australia page 14
• KordaMentha (Tony Vizza) page 14

Six out of 220.

For many, myself included, it is impossible to see this list without immediately recognising the risk of vested interests capturing the industry.

I will therefore outline, as directly and professionally as possible, concerns that have been voiced by many:

• ACS, AIIA, and Engineers Australia do not represent the cybersecurity industry. Their support for professionalisation raises a simple question: are they motivated by the creation of new income streams?

• Tony Vizza, formerly paid by (ISC)² to promote its certifications, explicitly proposes using (ISC)² certifications as the “fast track” to Chartered titles.

• AustCyber does not represent cybersecurity professionals. Unlike AISA, it has no obligation to consult a membership of 13,000 individuals and defend their views. In fact, AustCyber attempted to create an accreditation scheme by handpicking nine organisations — including ACS, IAAI, KordaMentha, ISACA, and ISC2 — to “co-design” it by invitation only while claiming to represent the industry.

Thus, the question must be asked:

Has Home Affairs really decided to professionalise an entire industry based on the recommendations of these six organisations?

It is important to acknowledge that open-source intelligence reveals only part of the story. If I have overlooked or misinterpreted a submission, I welcome correction and further evidence.

Through private conversations with Ash Bell, Siobhan O’Sullivan, Jason Murrell, and Tony Vizza, I have come to understand that each holds sincere convictions that professionalisation is both beneficial and necessary.

While I remain skeptical, I believe these views deserve a fair and rigorous examination. I therefore invite each of them — individually — to join me for a long-form podcast discussion.

Anyone else wishing to contribute is also welcome to reach out. In these conversations, I commit to challenging arguments thoroughly, but always professionally.

I welcome all points of view and want to hear all the stories — especially those that have not yet been told.