October 8, 2020

Last Updated on January 16, 2024

If you’re a technical cybersecurity practitionerthere are a number of certification courses out there to give you some credentials.

But how well respected is a given course? How do various courses compare? What program is best for your personal career path?

In Europe, Asia-Pacific and other markets—and increasingly in the US—CREST certification is considered the “gold standard” to validate technical cybersecurity skills. CREST (an acronym for Certified Registry of Ethical Security Testers) is UK-based nonprofit that offers professional certifications for individuals and accreditations for companies that provide pen testing, incident response threat intelligence and Security Operations Center (SOC) services.
To unpack all that CREST is doing to support the technical cybersecurity industry, we invited Ian Glover, CREST’s President and co-founder, to be our guest on a recent episode of The Virtual CISO Podcast.
Host John VerryPivot Point Security’s CISO and Managing Partner, asks Ian why CREST chose to develop its own certification program for practitioners.
“CREST has been around for twelve years,” Ian states. “At the time there wasn’t really very much else apart from some of the courses from SANS, and then some of the things from EC-Council, particularly CEH [their Certified Ethical Hacker certification]. But I think over that period of time, if you take, for example, EC-Council, then they’ve got their ECSA [EC-Council Certified Security Analyst]. That qualification is significantly above a CEH.

Ian continues: “The ECSA was based on the syllabus that we developed for our practitioner level examination, and we have an international mutual agreement between ourselves and them in terms of that. And then if you look at the next step up, they’ve got their Licensed Penetration Tester. So what they’re doing is they’re combining training with the certification, which we think is a good plan. CREST doesn’t run training because we are a certification body in the individual space. But we are trying to build those relationships, so it’s clear to organizations and individuals what those qualifications mean.”

If you look at Offensive Security, then the primary two Offensive Security qualifications we really like,” Ian adds. “And again, we have a relationship with them where we do a recognition.
So what we’re trying to do is to work with the major industry providers to provide clarity in the marketplace, career pathways for individuals, and to make sure the buying community is tying those things together, by understanding what they’re buying,” emphasizes Ian.
If you’re a technical cybersecurity professional, or someone who hires them, you don’t want to miss this podcast episode featuring Ian Glover.
To hear thfull episode and get access to all our many other episodes, you can subscribe to The Virtual CISO Podcast here.
If you prefer not to use Apple Podcasts, you will find all our episodes here.