CREST is a not for profit organisation that serves the needs of a technical information security marketplace that requires the services of a regulated professional services industry.

CREST represents the technical information security industry by:

  • offering a demonstrable level of assurance of processes and procedures of member organisations
  • validating the competence of their technical security staff
  • providing guidance, standards and opportunities to share and enhance knowledge
  • providing technical security staff recognised professional qualifications and those entering or progressing in the industry with support with on-going professional development

CREST provides organisations wishing to buy penetration testing services with confidence that the work will be carried out by qualified individuals with up to date knowledge, skill and competence of the latest vulnerabilities and techniques used by real attackers.

Our Mission

CREST’s mission is to build high quality capability, capacity and consistency within the global technical cyber security sector.

In collaboration with industry and governments, CREST has built a meaningful framework for measuring the capability of cyber security companies and their workforce. This approach, supports governments, regulators and buyers in identifying capable suppliers that can deliver high quality technical security services.

CREST is focused on professionalizing the technical cyber security market whilst driving quality and standards of the organizations that operate within it. This helps to mature countries domestic cyber security capability whilst allowing for international opportunities and consistency. It also provides greater levels of assurance that the depth and breadth of skills in a country are aligned to the needs of the buying community.


CREST is focused on developing the capability of technical cyber security organizations. Through building a framework of accreditation and certification programs, CREST provides a meaningful structure for organizations to measure themselves against. CREST has defined career pathways, which supports individuals develop and demonstrate their skills and capabilities back to the organizations that depend on their capability.


Many organizations recognize the challenge in identifying skilled and experienced cyber security professionals within the market. CREST recognizes these issues and consequently is working with academic institutions in building their undergraduate and postgraduate programs to better align with the needs of industry. Although CREST does not provide training itself, it works with training partners to actively encourage new individuals in to this highly dynamic and challenging industry.


With increasing workforce mobility and relatively free flowing trade agreements so the opportunity for organizations to deliver services on a global basis grows. Governments, Regulators and Buyers need to identify common frameworks that span across country and regions. These frameworks need to be meaningful, and they need to cover requirements for the organizations that deliver the services as well as their staff that deliver professional and managed services. CREST is the only framework that combines both the accreditation of companies and the certification of individuals. Through our code of conduct, we are able to ensure that CREST approved organizations deliver a consistent service to the market, and that their employees have been certified as being technically competent with sufficient legal and regulatory knowledge to deliver services in their region of practice.


CREST has a history of working with likeminded cyber security organizations and bodies to support the maturity of this rapidly growing industry. We formally recognize other technical cyber security certification, and grant equivalency to some of our certification programs. Similarly, we have worked with overseas governments to build CREST frameworks that are aligned to some of the local domestic needs of their markets. So long as the integrity of our vision is maintained, and we are able to build capability, capacity and consistency within the market, CREST practices an open and transparent approach that is designed to support the growth and development of this sector

Latest News

CREST Examination Validity Update

Due to the global Coronavirus (COVID-19) outbreak, CREST has temporarily closed its Examination Centres in the UK, USA and Australia. Because of this, any Certifications that are due to expire between 18 March 2020 and until 31st August 2020 will be extended by 6 months.  This also aligns with the UK NCSC policy. This extension […]


Custom text goes here