Ionize not only wants to lend their expertise to organisations when it’s required, but also to help develop the capabilities of clients and independent auditors through our training programs. We offer a range of programs including security awareness presentations and training, information on secure coding, while also being one of only two IRAP training organisations within Australia endorsed by the Australian Signals Directorate.


Ionize is proud to partner with the Australian Signals Directorate (ASD) in being one of only two endorsed Information Security Registered Assessors Program (IRAP) training providers in Australia. IRAP is an ASD initiative to provide high-quality information and communications technology (ICT) services to government in support of Australia’s security. If you are interested in undertaking our IRAP New Starter Training Course, please review the eligibility criteria and application process below:

IRAP New Starter Course Registration Process

Preliminary Self-Assessment Potential IRAP Applicants should conduct a self-assessment to ensure that basic knowledge requirements are sufficient prior to enrolling. ASD publish a short set of practice questions which are accessible here:

Step 1 – Gather Evidence IRAP Applicants will be eligible to undertake IRAP training and examination after evidence of the following is provided to ASD IRAP Management:

  • An active Australian Government sponsored security clearance (Baseline Vetting at minimum);
  • A current resume/CV outlining ICT and information security experience. IRAP membership requires:
    • Five (5) years of ICT experience; with
    • Two (2) years of information security experience.
    • This must include experience with applying the Australian Government Information Security Manual (ISM) and supporting publications on government systems.

  • Contact details of two current referees, who can attest to the applicants IT and/or auditing experience and competence;
  • Current evidence of one of the following qualifications:
    • CISSP certification; or
    • CISM certification; or
    • GSLC.
  • Current evidence of one of the following qualifications:
    • CISA certification;
    • PCI QSA certification;
    • CRISC certification; or
    • ISO27001 Lead Auditor certification; or
    • GSNA.

Step 2 – IRAP Application Form Ensure you have read the associated documentation suite under the IRAP Tool Kit on the ASD website, contact ASD and provide evidence of qualifications and experience through the online application:

Note: All applications must be submitted via this link only. Ionize and ASD will NOT accept direct email applications. ASD will assess all applications and if found suitable, will provide IRAP Applicants with an interim IRAP Application Number on presentation of appropriate evidence of an individual’s qualifications and experience.

Step 3 – Ionize IRAP Training Registration Contact Ionize, using the interim IRAP Application Number to book a scheduled placement for the IRAP New Starter Training Course at this address: In the first instance, please send an initial email to:     [email protected] Ionize will then verify your application, contact you with booking confirmation and provide further details.

Course Details

Course Location: The courses will be held in a classroom environment within the Canberra CBD. Full details will be provided in a course information pack upon registration. Course Schedule: The course schedule for 2018 is as follows:

  1. Intake 1/18:   Thursday 15 to Friday 16 February 2018;
  2. Intake 2/18:   Thursday 21 to Friday 22 June 2018;
  3. Intake 3/18:   Thursday 13 to Friday 14 September 2018; and
  4. Intake 4/18:   Thursday 6 to Friday 7 December 2018.

Course Costs:

  • Course costs for individuals will be $2,200 (GST included).
  • Group bookings or out of schedule requests for large groups may be directed to:     [email protected]
Frequently Asked Questions

What happens if I fail the course?

If an applicant does not obtain a pass mark of 80%, the applicant may reattempt the IRAP examination at no additional cost after waiting for a period of at least four (4) months. During this time, the applicant is expected to gain additional information security experience and knowledge, including the application of the ISM and supporting publications. If the applicant wishes to repeat the IRAP New Starter Training, they may do so only after this four (4) month wait period, but will be at full cost to the applicant, and subject to Training Provider approval 

Are there any ongoing training obligations?

  • Yes, the training obligations are as follows:
    • It is a requirement that all assessors maintain the certifications mandated for entry into the IRAP program.
    • All IRAP Assessors are required to complete mandatory online refresher training annually. These refreshers aim to provide assessors with updates on any changes in the ISM and other Australian Government information security policies.
    • IRAP Assessors who complete their training before the release of the ISM for that year will be required to complete the Refresher Training.

Will ASD representatives be present during the course?

  • Yes, there will be an ASD representative at all courses. ASD will also proctor the final examination.

If you have any further questions after reading the Policy and Procedures under the IRAP Tool Kit tab, please do not hesitate to seek further clarification from ASD. 

Contact Ionize
Ionize IRAP Training Ionize IRAP questions may be directed to:     [email protected]


Hundreds of thousands of dollars are spent each year on intrusion detection systems, anti-virus, security architecture designs, and multiple other systems, only for it to all to be undone by a user opening an attachment they shouldn’t have. The user will always be the weakest link in any security chain, and our security awareness training aims to make that link a lot stronger.
Ionize provides training which demonstrates to users live, up to date attacks and techniques used by our hackers to compromise organisations. This training helps non-technical users appreciate the reasons why it’s so important to take security seriously. We also offer phishing engagements where large scale social engineering campaigns are conducted, without any malicious payloads. These results are delivered to you which show who opened the emails, who clicked the links, and how your organisation would fare in a real attack.


Are you using inline queries or parameterised queries for your SQL statements? Are you escaping your input as it comes in before displaying it, or are you doing it recursively? Do you know what a TOCTOU race condition is? We’ve seen a great improvement in the emphasis on secure coding over recent years, but unfortunately as seen by breaches throughout the world mistakes are still being made. This doesn’t mean it’s the developers fault, some simply don’t have any time to learn about security nuances when the next sprint is due tomorrow.
Ionize tries to help in this area by providing a crash course in secure coding tailored to your organisation. Once we understand what languages and frameworks you commonly work in, we can tailor examples of common coding vulnerabilities along with teaching best practices to avoid them.

Want to find out more?


Open: Mon-Fri 9am - 5pm
Phone: (02) 6162 1783
Email: [email protected]
Address: Suite 2.01, 40 Cameron Ave


Ionize was established in 2008, and has been servicing clients both within Australia and overseas ever since. Our focus is on providing honest advice to our clients, maintaining the integrity of our work, while building and giving back to the information security community.