That actually makes a lot of sense. I was considering ITSEC for a long time but decided not to go there because of the inherent risk of being blamed, arrested, accused of hacking when literally being hired to do a legit pentest job for someone else. Even with overt contracting and so on, the way laws are written right now, you still have a lot of grey areas for pen testers who are working as white hats and are authorized to do their job with the target.