Who's Who in Australian IT security

Patrick Gray offers a guide to the most important players on the Australian IT security scene, starting with penetration testers.

The phrase "Australia punches above its weight" is usually uttered by visiting American politicians as insincere flattery in the hope of making a good impression.

Even visiting technology executives are keen to point out Australia makes a meaningful contribution to innovation in technology, despite its small population, and they never seem to resist announcing they've acquired a taste for Vegemite and Tim Tams.

While Australia has clearly reached world domination status in the fierce battles for spread and chocolate biscuit supremacy, can the same be said for the state of our information security industry?

Is Australian security technology an acquired taste like Vegemite, or a universally adored nugget of deliciousness like the Tim Tam?

Penetration testers

In days past, large companies had a tendency to engaged the services of large accounting firms like Ernst & Young and PWC to conduct technical audits and penetration tests on production servers. Today, however, there's widespread recognition that some of the best technical penetration services can often be found among smaller, boutique firms.

Within Australia, there are several firms offering such services. Security-Assessment.com, Pure Hacking, Sense of Security, and Assurance.com.au among them.

These are small companies, with some only employing a few consultants, and unlike other areas of the IT business they all seem to play nicely together. Principals from all of those companies are prone to saying things like "oh, we like those guys" when hearing mention of their competitors.

In short, the Australian enterprise is well served by penetration testers and specialist technical consultants. And despite Security-Assessment.com relying on a few Kiwis, most of the labour in these organisations is home grown. The number of American penetration testers working in Australia seems reassuringly low.

Next: The vendors

Read more on Security policy and user awareness