August 7, 2020

Last Updated on January 13, 2024

If you’re building a career in a technical cybersecurity role, you know how hard it can be to demonstrate your skills and competence to hiring organizations or their customers. Yes, there are certifications available… but are they recognized and respected enough to really help you stand out?

Increasingly, CREST certification is viewed as the worldwide, industry-leading “gold standard” to validate technical cybersecurity skills and competence.

Already well-known in Europe, Asia-Pacific and elsewhere around the globe, CREST (an acronym for Certified Registry of Ethical Security Testers) is now rapidly gaining mindshare in the US as well.

What is CREST and how do their efforts benefit technical cybersecurity practitioners—as well as service provider companies and their clients?

On a recent episode of The Virtual CISO Podcast we got the answers straight from CREST’s President and co-founder, Ian Glover. Asking the questions, as ever, was Pivot Point Security’s CISO and Managing Partner, John Verry.
UK-based CREST is an international nonprofit that represents and supports the technical information security market. They offer globally respected professional certifications for individuals and accreditations for organizations providing pen testing, incident response threat intelligence and Security Operations Center (SOC) services.
“From the buyer’s perspective, what we’re trying to do is make them an educated buyer,” Ian describes. “So to provide them initially with an indication that the organizations that are accredited by CREST and the people that are used are certified, I think provides an awful lot of confidence… I also think if things go wrong, the codes of conduct and the fact they are enforceable is really important.”

“These are professional services and therefore should be operating as a profession,” Ian continues.


“The benefit for the individuals who hold their certifications is there is a proper career pathway: you enter as a practitioner and you come out certified and then there’s certain specializations.”
“I think that career pathway is really important,” Ian asserts. “It helps organizations to understand somebody’s CV. But also helps the buying community to understand what they’re buying and at what level. And it helps the individuals to orchestrate their career pathway to make sure it’s moving in the right direction.”
CREST’s three-level certification model is more demanding than perhaps any other credential in the field. But with any career investment, the question is always… Is it worth the effort?
Besides structuring a progressive career path, CREST certification offers additional benefits for professionals:

  • A CREST certification is the most respected credential in the industry
  • CREST certification is increasingly mandated for those hiring or buying services, especially in regulated industries
  • CREST professional membership provides excellent opportunities to further your career through networking and information sharing

Is CREST certification a good move for your career? We cannot tell you its right for you but if you perform (or aspire to perform) technical information security services, listening to this podcast episode with Ian Glover is a must.
To hear the complete episode, and peruse all our podcast content, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.

When your network goes through a penetration test

it’s a little like taking a journey on The Oregon Trail… Think of your network as an eager adventurer looking to prove its prowess and demonstrate to its administrators that it can “securely” traverse the treacherous terrain of today’s threat landscape.
Download our Penetration Test Trail now!