Australia will be home to the world's first IT Global Information Assurance Certification (GIAC) Security Expert (GSE) in Compliance and Audits after a local information systems manager completes the final leg of the gruelling course in September.
Only 11 people from Spain, the United Kingdom and the United States have completed the Las Vegas-based SANS Institute GSE exam since its inception in 2003. To complete the strict criteria, an applicant must complete four SANS certifications and achieve a "gold" status in two of them.
Craig Wright, information systems manager at accounting firm BDO Kendalls, will be the first in the world to attain the audit certification and the first Australian ever to sit the security exams.
SANS certifications are highly regarded in the security industry, particularly for its "hands-on" approach to training, according to Wright.
"It is a very tough exam which requires 36 hours of testing with evaluations covering hands-on, written and multi-guest presentations," he said.
A firm believer in certifications and standards to increase industry professionalism, Wright said any provider that engages in FUD (fear, uncertainty and doubt) to sell products should be ostracized and excluded.
"The proliferation of FUD damages everything in the long run; it is a self-destructive tool," he added.
In fact, Wright believes the biggest IT threat to the enterprise has nothing to do with technology and is all about lack of education and awareness.
Wright's certification formally validates his skills in systems penetration testing, Web applications security, PCI DSS (Payment Card Industry Data Security Standard) reviews, and other areas which lack skilled workers.
"It is set apart from courses like the MCSE (Microsoft Certified Systems Engineer) because it assesses your ability to use skills from the [two gold SANS Institute] courses which means you can't memorize notes before the exam and forget it afterwards," he said.
Wright has completed a whopping 18 SANS Institute courses, including prerequisite GIAC certifications in Systems and Network Auditor (GSNA), Payment Card Industry (GPCI), Security Policy and Awareness (GSPA) and ISO 17799 security and auditing (G7799).
After 20 years in the IT industry, most notably in the IT security and research fields, Wright has some memorable tales to tell although he will only comment on those that have been openly reported in the media.
For example back in the late 1990s, Wright's IT crew managed to take down the News Limited's entire national photo-imaging server after removing cables from incorrectly named ports.
He also recalls a semi-permanent ad-hoc fix for the Courier Mail newspaper's old fax machine, which was raised by a forklift to allow the fax to keep operating while the floors were being laminated.
And the biggest inhibitor to a successful IT shop? Wright says it is the disconnect between IT and business.
A disconnect he attributes to a lack of financial understanding by IT.