Login to profile

About us

CREST has been trusted by the Australian Government to accredit companies and certify individuals who provide information security services since 2012. We have been particularly active in Australasia since re-establishing the region in 2019.

CREST Australasia is committed to the Australasian market and work closely with our members, the buying community and government to ensure cyber resilience, particularly in regulated industries.

Our members participate in a wide range of technical projects, focus groups and broader research within the international CREST community, placing them at the forefront of knowledge and capability to solve the many complex information security issues faced by organisations.

The inaugural CRESTCon Australia was held in April 2021, followed by a second in April 2022, and a third in September 2023. We are busy planning for another successful CRESTCon for 2024.

CREST Australasia is represented and managed by the Australasia Council. The Chair of the Australasia Council, Nigel Phair, also sits on our International Council.

The Australasia Council exists to build capability, capacity, consistency and community in the industry working with governments, regulators, buyers and suppliers in the region and abroad. These goals help to enhance cyber resiliency and open up markets for our member companies in Australasia and offer opportunities for qualified individuals.

We offer our full range of disciplines to the Australasian market:

• Penetration Testing
• Incident Response
• Threat Intelligence
• Security Operations Centres

 

Please note that the formal relationship between CREST International and CREST ANZ ended at the end of April 2019 and for the avoidance of doubt, CREST ANZ have no rights to the CREST International suite of company accreditations or individual certifications. CREST ANZ has not adopted our Accreditation Standards and therefore CREST ANZ membership alone is not recognised by CREST International as being equivalent.

Australasia Council

Members of the Australasia Council were elected in December 2021. They will serve for three years at which point, to ensure continuity, half will retire by rotation by mutual agreement and be eligible for re-election for a further three-year term if they wish. The other half will retire by rotation the following year. Nigel Phair, the Australasia Council Chair, is a co-opted and independent member of the council as permitted in the Australasia Council Terms of Reference.

The serving Australasia Council Members are listed below in alphabetical order. Hold your cursor over each for more information.

Chatura Abeydeera

KPMG

[Portfolio: Incident Response and Industry Advisory Group]

Chathura is a Director in Cyber and Forensic practice of KPMG Australia and a highly technical cyber security practitioner with more than 15 years’ experience. He is a CREST Certified Tester and Assessor.

Chathura has extensive experience in managing and leading complex red and purple team assessments, penetration testing and cyber incident response engagements. He has worked with clients across the state and federal government, power and energy, technology, engineering, retail, education, telecommunication and financial services sectors.

Kristofer Bergamaschi

CyberCX

Kristofer is a Director and the Regional Lead for the Security Testing and Assurance Practice of CyberCX within South Australia and the Northern Territory.

He is an experienced security consultant with a strong passion for helping clients identify and understand the risk posed to their information assets. His deep skill set allows him to identify systematic issues as well as individual vulnerabilities, provide pragmatic and business-focussed recommendations and communicate these to all members of the business.

Kristofer’s extensive experience in the information security sector includes a wide range of clients, including health, defence, government, utilities and finance. He takes a pragmatic and holistic approach to security and is able to assess both technical and governance controls that secure information assets.  Kristofer has deep experience in SCADA and Industrial Control System (ICS) environments and has conducted many in depth security reviews for organisations in industry sectors such as water, oil, gas, electricity, transport, and manufacturing. His threat driven approach to security equips him with a unique skillset to identify security gaps governance and technical controls within highly sensitive environments.

Tim Dillon

NCC Group

Regional Director of Professional Services (APJ) for NCC Group

Edward Farrell

Mercury Information Security Services

[Portfolio: Training and Accreditation]

Edward is a security consultant with more than 12 years’ experience in information security industry and 17 years’ experience in the IT industry. As the director of Mercury, one of Australia’s few remaining independent security firms, he has conducted or overseen the delivery of 600 security assessment activities and incident responses in the past seven years. His professional highlights include lecturing at the Australian Defence Force Academy, being rated in the top 200 bug bounty hunters in 2015 and running an awesome team of security professionals.

Israel Huaccho

[Portfolio: SOC]

Seasoned Cyber Security and IT Professional with over 15 years of experience safeguarding organisations against evolving digital threats. I’ve developed a solid technical and business background and an in-depth understanding of cybersecurity management practices. I have successfully designed and implemented robust security strategies to protect sensitive data and mitigate risks. I lead cross-functional teams, fostering a security awareness and compliance culture with a strong focus on technology management, cyber risk management, regulatory compliance, and cyber security strategies. I enjoy keeping current with the latest cyber threats and best practices and applying my knowledge and expertise in helping organisations across diverse industries.

Edward Li

Accenture

[Portfolio: Intelligence-led Testing]

Ed is a senior manager at Accenture responsible for the offensive security capability in Australia and New Zealand. He has more than 15 years’ professional experience in information security spanning multiple domains and disciplines. He believes security should be realistic and pragmatic, a fine balance between risk and control, and a beautiful collaboration of people, process and technology.

Coming from a technical background, Ed has extensive hands-on experience, blended with exceptional client consulting and team leadership skills. In previous roles, Ed has led security teams in major finance and government institutions, providing security advice and consultancy services to some of the highest profile and most complex IT projects across Australia.

Yuri Melo

EY

[Portfolio: Penetration Testing]

Yuri leads the Advanced Security Centre (ASC) at EY, the largest attack and penetration testing team in Australia spread across multiple geographies, focusing primarily on the financial services industry in Sydney. He is passionate about offensive security and the cyber security challenges faced by clients.

With more than 15 years’ experience in the field and managing high performing teams, Yuri’s purpose and drive is to build the careers of cyber security professionals eager to solve the most challenging problems, and to have fun doing it. He is committed to building sustainable teams. As a strong advocate for diversity and inclusion, Yuri is committed to driving change in the cyber security industry and creating a safe and welcoming environment for everyone in the workplace.

Nigel Phair

Chair

Nigel is Director, UNSW Canberra Cyber. He is an influential analyst on the intersection of technology, crime and society. Nigel has published three acclaimed books on the international impact of cybercrime, is a regular media commentator and provides executive and board advice on strategy, risk and governance of technology.

In a 21-year career with the Australian Federal Police, he achieved the rank of Detective Superintendent and headed up investigations at the Australian High Tech Crime Centre for four years. He is founder and managing director of a technology start-up company and has chaired a number of not-for-profit organisations.

Joshua Riesenweber

Division5 Pty Ltd

[Portfolio: Research]

Joshua is an experienced technical director, working with organisations across a range of industries, including critical infrastructure, health, finance, energy, government, tertiary education, and more. He is passionate about the security community, business operations, technical leadership, and process improvement. He has served as a board member for non-for-profit organisations and helped enable business transformation through cyber security.

Joshua has established and actively runs the IoT and SCADA Hackers Australia group, as well as the BSides Brisbane conference. Through these avenues he actively fosters the cyber security industry and helps break down barriers to new entrants. Joshua has extensive experience in operational technology and critical infrastructure, penetration testing, IoT, red teaming, and more.

Jack Rutherford

Triskele Labs Global Pty Ltd

[Portfolio: Penetration Testing]

Jack is the Principal Security Consultant at Triskele Labs Global Pty Ltd. He has a wealth of experience in the cyber security industry in Australia, coming from a background in both the public and private sectors. Before committing his expertise to Triskele Labs, he worked in the Vulnerability Management and Research team at the Australian Taxation Office, as well as the Security Engineering and Development team at the Department of Defence.

Since joining Triskele Labs, Jack has led the offensive team and grown this capability from the ground up, starting from just a few people to one of the largest boutique teams in Australia. This has included growth, diversification and maturity of penetration testing, red teaming, intelligence-led testing and adversary simulation. He has also assisted in standing up the Triskele Labs Security Operations Centre capability within Australia.

Jack now looks to measurably contribute to CREST activities in the Australasian region, to assist us in continuing to supply high quality security accreditation and certification programs.

Focus Groups

CREST Focus Groups help us to continually monitor best practice in Penetration Testing, Threat Intelligence, Incident Response, Intelligence-Led Testing and SOC. To see the relevant Focus Groups for Australasia, please visit our Focus Groups page.