CREST is a certification body that recognises and assesses the skill, knowledge and competence of the individual. In order to pass the CREST examinations a candidate will require more than classroom-based theory; they will require experience in the practical application of tools, techniques and research.
As such, it would be inappropriate for CREST to formally endorse training courses as this may provide the impression that attendance on a course can lead to a qualification being awarded. CREST does, however, recognise the need for professional development programmes that include attendance on training courses. To this end, CREST reviews training courses against the CREST syllabus and the National Occupational Standards; these assessments provide a clear and objective view of the course content and the level at which specific subject areas are being taught. You will find a list of the CREST Accredited training courses here. Should the course provider wish, the training course review will be taken by e-Skills (now known as The Tech Partnership) to be included within their wider portfolio.
CREST has worked very closely with The Tech Partnership, the skills arm of the Information Economy Council (IEC), in the development of a set of National Occupational Standards (NOS) describing the role and requirements of a penetration tester. Further occupational standards are in the process of being developed for intrusion analysis and security architecture roles.
This structured approach to objective and learning outcomes will allow an individual to assess their current level of knowledge and skill against the each of the CREST syllabus area and the National Occupational Standards for the role. Where there are gaps, the types of course that are available can be considered by a candidate. The CREST Accredited courses have been reviewed in detail by very experienced CREST assessors providing a much greater level of confidence in the quality of the courses. This approach also allows employers to develop professional development pathways for their staff and where appropriate take advantage of government backed training schemes. It also allows training course providers a structure to develop courses in areas where there is a real need.
Finally, CREST works closely with The Institute of Information Security Professionals (IISP) in the delivery of a number of key projects within the area of Information Assurance, and in particular as part of a consortium delivering CESG Certified Professional (CCP) accreditation through CESG (further details here). A number of courses have been independently reviewed by the IISP as part of their accredited training scheme programme; they are predominantly focussed on Information Assurance and Cyber Awareness and can be found here.