Get more info about setting up a new chapter in your area.
CREST has been trusted by the Australian Government to accredit companies and certify individuals who provide information security services since 2012. We have been particularly active in Australasia since re-establishing the chapter in 2019.
The Chapter is committed to the Australasian market and work closely with our members, the buying community and government to ensure cyber resilience, particularly in regulated industries.
Our members participate in a wide range of technical projects, focus groups and broader research within the international CREST community, placing them at the forefront of knowledge and capability to solve the many complex information security issues faced by organisations.
The inaugural CRESTCon Australia was held in April 2021 followed by a second in April 2022. Both events were very successful and we are planning another CRESTCon for 2023.
The Chapter is represented and managed by the Australasia Council. The Chair of the Australasia Council, Nigel Phair, also sits on our International Council.
The Australasia Council exists to build capability, capacity, consistency and community in the industry working with governments, regulators, buyers and suppliers in the region and abroad. These goals help to enhance cyber resiliency and open up markets for our member companies in Australasia and offer opportunities for qualified individuals.
We offer our full range of disciplines to the Australasian market:
• Penetration Testing
• Incident Response
• Threat Intelligence
• Security Operations Centres
Please note that the formal relationship between CREST International and CREST ANZ ended at the end of April 2019 and for the avoidance of doubt, CREST ANZ have no rights to the CREST International suite of company accreditations or individual certifications. CREST ANZ has not adopted our Accreditation Standards and therefore CREST ANZ membership alone is not recognised by CREST International as being equivalent.
Members of the Australasia Council were elected in December 2021. They will serve for three years at which point, to ensure continuity, half will retire by rotation by mutual agreement and be eligible for re-election for a further three-year term if they wish. The other half will retire by rotation the following year. Nigel Phair, the Australasia Council Chair, is a co-opted and independent member of the council as permitted in the Australasia Council Terms of Reference.
The serving Australasia Council Members are listed below in alphabetical order. Hold your cursor over each for more information.
[Portfolio: Incident Response and Industry Advisory Group]
Chathura is a Director in Cyber and Forensic practice of KPMG Australia and a highly technical cyber security practitioner with more than 15 years’ experience. He is a CREST Certified Tester and Assessor.
Chathura has extensive experience in managing and leading complex red and purple team assessments, penetration testing and cyber incident response engagements. He has worked with clients across the state and federal government, power and energy, technology, engineering, retail, education, telecommunication and financial services sectors.
Regional Director of Professional Services (APJ) for NCC Group
[Portfolio: Training and Accreditation]
Edward is a security consultant with more than 12 years’ experience in information security industry and 17 years’ experience in the IT industry. As the director of Mercury, one of Australia’s few remaining independent security firms, he has conducted or overseen the delivery of 600 security assessment activities and incident responses in the past seven years. His professional highlights include lecturing at the Australian Defence Force Academy, being rated in the top 200 bug bounty hunters in 2015 and running an awesome team of security professionals.
[Portfolio: Intelligence-led Testing]
Ed is a senior manager at Accenture responsible for the offensive security capability in Australia and New Zealand. He has more than 15 years’ professional experience in information security spanning multiple domains and disciplines. He believes security should be realistic and pragmatic, a fine balance between risk and control, and a beautiful collaboration of people, process and technology.
Coming from a technical background, Ed has extensive hands-on experience, blended with exceptional client consulting and team leadership skills. In previous roles, Ed has led security teams in major finance and government institutions, providing security advice and consultancy services to some of the highest profile and most complex IT projects across Australia.
[Portfolio: Security Operations Centres]
Sanam is highly experienced cyber security professional with proven experience in design, consulting, architecture, risk and governance supporting large scale telecom and enterprise network. He has a strong interest in topics such as cyber security strategy, GRC, Zero Trust, OT/IoT, cloud computing, artificial intelligence.
He believes that cyber security is not about tools and technology but understanding the business risk, cyber strategy and to effectively use people and process to mature organisations by providing clear road map to enhance cyber security. He has strong skills in liaising with various business and IT stakeholders to understand their requirements and translate those into efficient solutions.
[Portfolio: Penetration Testing]
Yuri leads the Advanced Security Centre (ASC) at EY, the largest attack and penetration testing team in Australia spread across multiple geographies, focusing primarily on the financial services industry in Sydney. He is passionate about offensive security and the cyber security challenges faced by clients.
With more than 15 years’ experience in the field and managing high performing teams, Yuri’s purpose and drive is to build the careers of cyber security professionals eager to solve the most challenging problems, and to have fun doing it. He is committed to building sustainable teams. As a strong advocate for diversity and inclusion, Yuri is committed to driving change in the cyber security industry and creating a safe and welcoming environment for everyone in the workplace.
Nigel is Director, UNSW Canberra Cyber. He is an influential analyst on the intersection of technology, crime and society. Nigel has published three acclaimed books on the international impact of cybercrime, is a regular media commentator and provides executive and board advice on strategy, risk and governance of technology.
In a 21-year career with the Australian Federal Police, he achieved the rank of Detective Superintendent and headed up investigations at the Australian High Tech Crime Centre for four years. He is founder and managing director of a technology start-up company and has chaired a number of not-for-profit organisations.
Joshua is an experienced technical director, working with organisations across a range of industries, including critical infrastructure, health, finance, energy, government, tertiary education, and more. He is passionate about the security community, business operations, technical leadership, and process improvement. He has served as a board member for non-for-profit organisations and helped enable business transformation through cyber security.
Joshua has established and actively runs the IoT and SCADA Hackers Australia group, as well as the BSides Brisbane conference. Through these avenues he actively fosters the cyber security industry and helps break down barriers to new entrants. Joshua has extensive experience in operational technology and critical infrastructure, penetration testing, IoT, red teaming, and more.
[Portfolio: Penetration Testing]
Jack is the Principal Security Consultant at Triskele Labs Global Pty Ltd. He has a wealth of experience in the cyber security industry in Australia, coming from a background in both the public and private sectors. Before committing his expertise to Triskele Labs, he worked in the Vulnerability Management and Research team at the Australian Taxation Office, as well as the Security Engineering and Development team at the Department of Defence.
Since joining Triskele Labs, Jack has led the offensive team and grown this capability from the ground up, starting from just a few people to one of the largest boutique teams in Australia. This has included growth, diversification and maturity of penetration testing, red teaming, intelligence-led testing and adversary simulation. He has also assisted in standing up the Triskele Labs Security Operations Centre capability within Australia.
Jack now looks to measurably contribute to CREST activities in the Australasian region, to assist us in continuing to supply high quality security accreditation and certification programs.
[Portfolio: Training and Academia]
David is an Executive Director of CyberCX’s Security Testing and Assurance practice. He has been involved in the penetration testing industry for more than 20 years. David is a CREST Assessor and has been involved with us since 2013 when he participated in the technical establishment committee for our presence in Australia. David’s aim is that we continue to provide the buying community with dependable assurance of the skills and experience of people and organisations providing penetration testing services.