Login to profile

About us

CREST has been trusted by the Australian Government to accredit companies and certify individuals who provide information security services since 2012. We have been particularly active in Australasia since re-establishing the region in 2019.

CREST Australasia is committed to the Australasian market and work closely with our members, the buying community and government to ensure cyber resilience, particularly in regulated industries.

Our members participate in a wide range of technical projects, focus groups and broader research within the international CREST community, placing them at the forefront of knowledge and capability to solve the many complex information security issues faced by organisations.

The inaugural CRESTCon Australia was held in April 2021, followed by a second in April 2022, and a third in September 2023. We are busy planning for another successful CRESTCon for 2024.

CREST Australasia is represented and managed by the Australasia Council. The Chair of the Australasia Council, Nigel Phair, also sits on our International Council.

The Australasia Council exists to build capability, capacity, consistency and community in the industry working with governments, regulators, buyers and suppliers in the region and abroad. These goals help to enhance cyber resiliency and open up markets for our member companies in Australasia and offer opportunities for qualified individuals.

We offer our full range of disciplines to the Australasian market:

• Penetration Testing
• Incident Response
• Threat Intelligence
• Security Operations Centres

 

Please note that the formal relationship between CREST International and CREST ANZ ended at the end of April 2019 and for the avoidance of doubt, CREST ANZ have no rights to the CREST International suite of company accreditations or individual certifications. CREST ANZ has not adopted our Accreditation Standards and therefore CREST ANZ membership alone is not recognised by CREST International as being equivalent.

Australasia Council

Members of the Australasia Council were elected in December 2021. They will serve for three years at which point, to ensure continuity, half will retire by rotation by mutual agreement and be eligible for re-election for a further three-year term if they wish. The other half will retire by rotation the following year. Nigel Phair, the Australasia Council Chair, is a co-opted and independent member of the council as permitted in the Australasia Council Terms of Reference.

The serving Australasia Council Members are listed below in alphabetical order. Hold your cursor over each for more information.

Chathura Abeydeera

KPMG

[Portfolio: Cyber Leaders’ Forum]

Chathura is a Director in Cyber and Forensic practice of KPMG Australia and a highly technical cyber security practitioner with more than 15 years’ experience. He is a CREST Certified Tester and Assessor.

Chathura has extensive experience in managing and leading complex red and purple team assessments, penetration testing and cyber incident response engagements. He has worked with clients across the state and federal government, power and energy, technology, engineering, retail, education, telecommunication and financial services sectors.

Kristofer Bergamaschi

CyberCX

Kristofer is a Director and the Regional Lead for the Security Testing and Assurance Practice of CyberCX within South Australia and the Northern Territory.

He is an experienced security consultant with a strong passion for helping clients identify and understand the risk posed to their information assets. His deep skill set allows him to identify systematic issues as well as individual vulnerabilities, provide pragmatic and business-focussed recommendations and communicate these to all members of the business.

Kristofer’s extensive experience in the information security sector includes a wide range of clients, including health, defence, government, utilities and finance. He takes a pragmatic and holistic approach to security and is able to assess both technical and governance controls that secure information assets.  Kristofer has deep experience in SCADA and Industrial Control System (ICS) environments and has conducted many in depth security reviews for organisations in industry sectors such as water, oil, gas, electricity, transport, and manufacturing. His threat driven approach to security equips him with a unique skillset to identify security gaps governance and technical controls within highly sensitive environments.

Tim Dillon

NCC Group

Regional Director of Professional Services (APJ) for NCC Group

Matthew Dobinson

The Missing Link

Matt is a highly skilled cybersecurity professional specializing in penetration testing and security consulting. As the Head of Security Consulting at The Missing Link, he leads a dedicated team of security consultants, delivering comprehensive security services across industries such as finance, healthcare, technology, and government.

With a strong technical background and a CREST certification, Matt has been instrumental in advancing cybersecurity practices through involvement with the CREST board, where he helps shape and refine industry standards to address the complex challenges faced by today’s cybersecurity professionals.

Matt is passionate about contributing to the InfoSec community, regularly participating in industry events, developing new tools and methodologies, and fostering continuous learning within the team. By leveraging expertise and leadership, Matt is committed to empowering organizations and professionals alike, ensuring robust security postures and a safer digital world for everyone.

Ray Dussan

AMARU

Co-Optee
Ray Dussan is the CEO of Swise, a cybersecurity AI company, and AMARU, a professional cybersecurity consulting company. Swise and AMARU work together to provide comprehensive cybersecurity solutions and services.

As the CEO, Ray leads the strategic direction and operations of both Swise and AMARU. He has extensive experience in the cybersecurity industry and is passionate about helping organizations strengthen their security posture through the use of advanced AI and consulting expertise.

Under Ray’s leadership, Swise has developed a powerful cybersecurity AI assistant named Swise AI, which is designed to work alongside cybersecurity professionals to simplify security tasks and enhance protection. AMARU, on the other hand, provides specialized cybersecurity consulting services to help clients assess, implement, and maintain robust security measures – AMARU is on a mission to take down cybercrime.

Ray is committed to driving innovation in the cybersecurity space and empowering organizations to stay ahead of evolving threats. His expertise and vision have been instrumental in positioning Swise and AMARU as trusted partners in the fight against cyber-attacks.

Edward Farrell

Mercury Information Security Services

[Portfolio: Training and Accreditation]

Edward is a security consultant with more than 12 years’ experience in information security industry and 17 years’ experience in the IT industry. As the director of Mercury, one of Australia’s few remaining independent security firms, he has conducted or overseen the delivery of 600 security assessment activities and incident responses in the past seven years. His professional highlights include lecturing at the Australian Defence Force Academy, being rated in the top 200 bug bounty hunters in 2015 and running an awesome team of security professionals.

Dan Kennedy

Mandiant

[Co-Optee.  Portfolio: Threat Intelligence]

Dan is a Security Analyst for Google/Mandiant and a member of its Advanced Practices team. Where he researches, analyses and attributes a diverse range of threats observed from emerging events, incident-response investigations or security operations environments globally. Dan’s career spans over a decade of technical security assessment experience where he holds a Master of Arts Degree in Intelligence Analysis. And also co-hosts Google’s Threat Attribution Conference (RooCon) in Australia. Dans career highlight has been exposing adversaries in the early stages of their intrusions and notifying victims at lightning speed and reach.

Edward Li

Accenture

[Portfolio: Intelligence-led Testing]

Ed is a senior manager at Accenture responsible for the offensive security capability in Australia and New Zealand. He has more than 15 years’ professional experience in information security spanning multiple domains and disciplines. He believes security should be realistic and pragmatic, a fine balance between risk and control, and a beautiful collaboration of people, process and technology.

Coming from a technical background, Ed has extensive hands-on experience, blended with exceptional client consulting and team leadership skills. In previous roles, Ed has led security teams in major finance and government institutions, providing security advice and consultancy services to some of the highest profile and most complex IT projects across Australia.

Yuri Melo

EY

Yuri leads the Advanced Security Centre (ASC) at EY, the largest attack and penetration testing team in Australia spread across multiple geographies, focusing primarily on the financial services industry in Sydney. He is passionate about offensive security and the cyber security challenges faced by clients.

With more than 15 years’ experience in the field and managing high performing teams, Yuri’s purpose and drive is to build the careers of cyber security professionals eager to solve the most challenging problems, and to have fun doing it. He is committed to building sustainable teams. As a strong advocate for diversity and inclusion, Yuri is committed to driving change in the cyber security industry and creating a safe and welcoming environment for everyone in the workplace.

Jamie O’Reilly

Dvuln

Jamieson (Jamie) is the founder and offensive security lead at Sydney-based security company Dvuln. Holding multiple high-level security clearances, over the last decade he has collaborated with international enterprise and government organisations including Adobe, Riot Games, Firefox, General Motors and more to evolve the way these organisations approach cybersecurity.

A leader in the OWASP community, Jamie leads key initiatives such as the OWASP DevSecOps Verification Standard (DSOVS) and the OWASP Penetration Test Report Standard (PTRS), which are used by organisations around the world to improve their cybersecurity practices.

In addition to his industry contributions, Jamie is dedicated to shaping the future of cybersecurity. He has lectured at various institutes, including Macquarie University Sydney, the University of Technology Sydney, and the Korean Internet & Security Agency, as part of the ASEAN Cyber Shield Project, sharing his expertise and guiding the next generation of cybersecurity professionals.

Nigel Phair

Chair

Nigel is Director, UNSW Canberra Cyber. He is an influential analyst on the intersection of technology, crime and society. Nigel has published three acclaimed books on the international impact of cybercrime, is a regular media commentator and provides executive and board advice on strategy, risk and governance of technology.

In a 21-year career with the Australian Federal Police, he achieved the rank of Detective Superintendent and headed up investigations at the Australian High Tech Crime Centre for four years. He is founder and managing director of a technology start-up company and has chaired a number of not-for-profit organisations.

Joshua Riesenweber

Division5 Pty Ltd

[Portfolio: Research]

Joshua is an experienced technical director, working with organisations across a range of industries, including critical infrastructure, health, finance, energy, government, tertiary education, and more. He is passionate about the security community, business operations, technical leadership, and process improvement. He has served as a board member for non-for-profit organisations and helped enable business transformation through cyber security.

Joshua has established and actively runs the IoT and SCADA Hackers Australia group, as well as the BSides Brisbane conference. Through these avenues he actively fosters the cyber security industry and helps break down barriers to new entrants. Joshua has extensive experience in operational technology and critical infrastructure, penetration testing, IoT, red teaming, and more.

Jack Rutherford

Triskele Labs Global Pty Ltd

[Portfolio: Incident Response]

Jack is the Principal Security Consultant at Triskele Labs Global Pty Ltd. He has a wealth of experience in the cyber security industry in Australia, coming from a background in both the public and private sectors. Before committing his expertise to Triskele Labs, he worked in the Vulnerability Management and Research team at the Australian Taxation Office, as well as the Security Engineering and Development team at the Department of Defence.

Since joining Triskele Labs, Jack has led the offensive team and grown this capability from the ground up, starting from just a few people to one of the largest boutique teams in Australia. This has included growth, diversification and maturity of penetration testing, red teaming, intelligence-led testing and adversary simulation. He has also assisted in standing up the Triskele Labs Security Operations Centre capability within Australia.

Jack now looks to measurably contribute to CREST activities in the Australasian region, to assist us in continuing to supply high quality security accreditation and certification programs.

Renae Schilg

Tesserent

Co-Optee
Renae is an Offensive and Application Security Specialist with over 10 years experience. Currently, she is the Offensive Security Managing Consultant at Tesserent, where she performs, manages and leads the suite of offensive security services. Renae’s experience spans many industries, including banking, financial services, education, technology, retail and health amongst others.

Renae is committed to great outcomes for all stakeholders, believing that a technical report is only as good as the communication is clear for all. Her leadership approach prioritises team empowerment and professional growth through empathy and resiliency.

Renae is particularly committed to building diverse and inclusive teams within cyber security, actively mentoring and teaching essential cyber skills to women and other underrepresented groups.

Focus Groups

CREST Focus Groups help us to continually monitor best practice in Penetration Testing, Threat Intelligence, Incident Response, Intelligence-Led Testing and SOC. To see the relevant Focus Groups for Australasia, please visit our Focus Groups page.