Around 2008, Stephen Allan Olsen was broke, unemployed, and living in a community house. His CV was unimpressive: no IT certifications, and a criminal record for stealing $13,000 from a local hotel.

Desperation breeds creativity. Olsen forged a police clearance and faked IT certifications, allegedly downloading sample images and pasting his name onto them. This crude forgery was enough to land him the role of IT Security Manager at Racing & Wagering WA (RWWA).

According to sources familiar with the case, Olsen billed himself on his CV as “The Hacker from Hell” — a kind of self-awarded badge of honour to brag about his cybersecurity skills. Before his crimes surfaced, he was highly rated by his employer, recommended for several pay rises, and even considered by one staff member to be the best IT security manager RWWA ever had.

His downfall came not from routine checks or industry gatekeeping, but from his own overreach: he was jailed for 18 months after framing a colleague to secure his six-figure salary.

When I first learned of Olsen’s story, I wondered: would professionalisation have stopped him?

It didn’t take long to realise that Olsen’s story is not an argument for professionalisation, but a warning against its hollow promises.

First, RWWA’s HR department never checked his credentials. Nor, it seems, did any recruiter. Even in 2008, major certification bodies offered simple online verification tools — a certificate reference code, a database, a click. No one bothered.

A register is only as useful as the people who choose to consult it. If HR departments won’t validate credentials today, what fantasy suggests they’ll religiously cross-check a register of accredited professionals?

Second, if Olsen’s version of events holds any truth, the cost of legitimate certification may have helped lock him out of the market in the first place. When qualifications are prohibitively expensive, some will always find cheaper ways to meet expectations — including fraud.

Professionalisation risks erecting yet another financial barrier to entry — one that incentivises the very behaviour it claims to eliminate.

Third, even today, Olsen would not be stopped from re-entering the cybersecurity market. He could become a bug bounty hunter. Offer cybersecurity services overseas. Professionalisation cannot fully close the market; it only raises costs for those who try to enter it via professionalisation’s pathways.

Olsen’s story reminds me of a scene in the excellent Netflix documentary on Bernie Madoff. Called before the SEC in New York, Madoff handed over account numbers that could have instantly exposed his fraud. Except no one checked.

They had the truth in their hands — and they didn’t check.

The proponents of professionalisation promise to cleanse the industry of charlatans. But Olsen’s case — like Madoff’s — shows the real problem is not lack of regulation.

It is human laziness, bureaucratic incompetence, and blind faith in processes that no one actually enforces.

I wonder what the professionalisers will say when they realise employers and businesses aren’t even using the tools they so proudly built.

Or much worse: when they realise that professionalisation has not driven out the charlatans — it has enabled a new breed: chartered charlatans.

Particularly the type that will want to climb onto the board of the professionalisation body to advance their own interests under the banner of “standards”, “ethics” and “protecting businesses.”

Professionalisation may yet give us a more orderly industry — but if it also gives power to those who never earned it, then we will have traded chaos for capture, and called it progress.

Sources:

• Court finds man guilty of hotel funds theft, ABC News, 26 March 2004

• Corruption trial starts, ABC News, 29 Sep 2009

• Former RWWA manager convicted, The West Australian, 23 October 2009

• IT Manager jailed for fabricating evidence against colleague, ABC News, 14 January 2010