When it comes to information security, Singapore is a world leader. The tiny Asian nation punches well above its weight, topping lists like the International Telecommunication Unionâs Global Cybersecurity Index.
But if a draft bill comes to fruition, itâll be the first country to license ethical hackers, forcing anyone doing investigative work (penetration testers, basically) to pay (and study) up. The same is also true for anyone working in computer forensics.
Anyone working without a license will quickly find themselves in hot water, with a potential maximum penalty of two years in jail and up to S$50,000 ($36,000) in fines. According to Quartzâs Joon Ian Wong, this is âin line with the countryâs reputation for extreme orderliness.â Given he used to live there, Iâll take his word for it.
You could argue that licensing will weed out low-talent âskidsâ from the marketplace. And given that manicurists and plumbers have to get licensed, isnât it only right that the same standard applies to ethical hackers?
The đ of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
Perhaps. Itâs a reasonable argument, but itâs one I thoroughly disagree with. Itâs hard to see how licensing hackers can be good for the Singaporean information security industry.
Compared to other industries, a disproportionate number of hackers have limited formal education. These people found their way through self-motivated study, and an innate sense of curiosity, which is essential for a career in information security. Some of the best, most talented ethical hackers Iâve ever met were high-school drop outs.
Put simply, many of these people donât perform well in academic environments.
Ultimately, this push towards formalizing the information security industry through licensing wrongly conflates talent with certification. And, as anyone who has ever attended a Security BSides conference will tell you, this is utterly bogus.
Furthermore, if obtaining a license is anywhere near as time-consuming and expensive as gaining an industry certification like CISSP or CEH, it will be disastrous for independent professionals and small companies.
Not only will they have to pay literally thousands for the piece of paper, but theyâll spend hours preparing for, and taking tests. This is time that could be spent earning money by doing client work.
Dumb. Dumb. Just so incredibly dumb.
Get the TNW newsletter
Get the most important tech news in your inbox each week.