New Partnership to Improve the Standards of Information Security

By   ISBuzz Team
Writer , Information Security Buzz | Aug 06, 2015 06:30 pm PST

standards of information securityLeading UK and US penetration testing certification bodies join forces in global drive to professionalise cyber security sector

CREST, the UK-based, not-for-profit accreditation body that represents the technical information security industry, has announced a partnership with Offensive Security, one of the leading US cyber security training and certification bodies.  The new transatlantic relationship reflects a new era for certifying cyber security professionals across the globe to drive up levels of technical expertise in the fight against increasingly sophisticated criminal and state-sponsored cyber attacks.

Rowland Johnson, CREST International Development Executive, comments: “CREST already has a strong international presence including a Chapter in Australia, supporting governments, regulators, critical national infrastructure and the private sector buying community.  Through working with Offensive Security, we will be able to give businesses greater access to high quality technical skills and expertise around the world with the confidence and assurance provided by strong company accreditation and individual certification.”

Offensive Security training in the area of penetration testing is regarded as some of the strongest in the industry.  Coupled with its established certification programs, it provides a pool of expert candidates capable of demonstrating hands-on technical expertise. As part of the agreement, CREST will recognise the Offensive Security Certified Professional (OSCP) ethical hacking certification as equivalent to the CREST Registered Tester (CRT) exam for penetration testing.  As a result, OSCP Certified Professionals will have the option to be awarded CREST status and enable their employers to demonstrate strong technical capability within the penetration testing market.

“This partnership with CREST is a natural fit, as many information security certifications have traditionally been lacking in the ability to demonstrate real-world skills. Organizations need the confidence that when they engage in security testing services they are obtaining top-notch technical personal as well as ethical individuals they can trust with their most sensitive data.” said Mati Aharoni, founder of Offensive Security. “CREST company accreditation is only given to organizations that can demonstrate demanding standards. This is wonderful recognition for OSCP certified individuals and will bring great value to the US security sector while setting the bar for wider international adoption.”

The CREST exam includes stringent multiple choice, long-form and scenario based questions to assess candidates levels of knowledge.  This is accompanied by rigorous practical assessment that requires candidates to manually identify and exploit vulnerabilities in a series of real world scenarios in the CREST labs.  These require candidates to have a firm grasp of identifying vulnerabilities, misconfigurations and architectural weaknesses to be able to exploit multiples systems, files and data sources.


CREST is a not-for-profit accreditation body that represents the technical information security industry. As part of this, CREST provides internationally recognised certifications for organisations and individuals providing penetration testing, cyber incident response and security architecture services. Member companies undergo a rigorous assessment and certification process that looks at methodologies, legal and regulatory standards, staff vetting and data handling. CREST qualified individuals have passed challenging professional level examinations that demonstrate their knowledge, skill and competence.  Company assessments and individual qualifications are underpinned by a strict and enforceable code of conduct.

All CREST examinations and processes have been reviewed and approved by CESG, the Information Security arm of GCHQ, the UK Government Communications Headquarters. CREST has member companies in a number of countries and a formally established Chapter in Australia.

About Offensive Security

Founded in 2007, Offensive Security was born out of the belief that the only way to achieve sound defensive security is through an offensive approach. The team is made up of security professionals with extensive experience of attacking systems to see how they respond. They share this information through trainings, free tools and publications. With the motto “Try Harder,” the Company’s trainings and certifications are well-respected and considered amongst the most rigorous available, creating a model adopted across the industry. In addition, the Exploit Database, Metasploit Unleashed and BackTrack Linux community projects are highly-regarded and used by security teams in governmental and commercial organizations across the world.