Skip to content

What is CREST Certification?

CREST is the Council of Registered Security Testers. CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market.

CREST logo with star accreditation

CREST offer certifications under various domains. This includes Penetration Testing, Red Teaming, Simulated Attacks. They also offer certification for ‘blue team’ or defensive operations such as certifying Security Operations Centre (SOC) services.

What is a CREST registered tester?

The benefit of becoming a CREST Registered Tester (CRT) or any of the other CREST exams such as the CREST Certified Testing (CCT) is that you demonstrate you have met the high bar that CREST sets for certifications of you as an individual. Whereas company CREST member accredits and certifies the company, the exams such as CRT and CCT certify the individual.

Crest certification benefits

The key benefits of becoming a CREST accredited member company are:

  • Independent, verifiable third party assessment of your security testing business
  • Increased speed of engagement with client procurement processes
  • Enhanced client confidence
  • International credibility
  • Presence on the CREST Service Selection Platform
  • Access to industry-leading guidance, standards and opportunities to share and enhance knowledge
  • Structured professional development
  • Discounts from CREST partners in training and recruitment
  • The inside track on new opportunities and developments in technical information assurance
  • Two places at the annual CREST technical conference, the UK’s leading conference devoted to technical security assessment
  • Invitation-only events run for CREST member companies

Because CREST requires a rigorous assessment of member companies’ business processes, data security and security testing methodologies, CREST member companies have a demonstrable level of assurance that their information security methodologies are able to provide their clients with a robust assessment of their information security posture.

If you like this blog post, find more content in our Glossary.