The problem with regulating possession of specific kinds of software is that they are entirely a product of the mind. You need specific precursor materials to create explosives and controlled substances, but anybody can imagine and create a good system administration tool.
There should never be a legal concept of an "authorized" information security person. It's about like defining a concept of an "authorized" painter or musician, since all are talents that can be developed in isolation.
There should never be a legal concept of an "authorized" information security person. It's about like defining a concept of an "authorized" painter or musician, since all are talents that can be developed in isolation.