CREST partnership with Offensive Security

OSCP Logo_larger

CREST signs new partnership with Offensive Security to improve the standards of information security

Leading UK and US penetration testing certification bodies join forces in global drive to professionalise cyber security sector

4 August 2015:   CREST, the UK-based, not-for-profit accreditation body that represents the technical information security industry, has announced a partnership with Offensive Security, one of the leading US cyber security training and certification bodies.  The new transatlantic relationship reflects a new era for certifying cyber security professionals across the globe to drive up levels of technical expertise in the fight against increasingly sophisticated criminal and state-sponsored cyber attacks.

Rowland Johnson, CREST International Development Executive, comments: “CREST already has a strong international presence including a Chapter in Australia, supporting governments, regulators, critical national infrastructure and the private sector buying community.  Through working with Offensive Security, we will be able to give businesses greater access to high quality technical skills and expertise around the world with the confidence and assurance provided by strong company accreditation and individual certification.”

Offensive Security training in the area of penetration testing is regarded as some of the strongest in the industry.  Coupled with its established certification programs, it provides a pool of expert candidates capable of demonstrating hands-on technical expertise. As part of the agreement, CREST will recognise the Offensive Security Certified Professional (OSCP) ethical hacking certification as equivalent to the CREST Registered Tester (CRT) exam for penetration testing.  As a result, OSCP Certified Professionals will have the option to be awarded CREST status and enable their employers to demonstrate strong technical capability within the penetration testing market.

“This partnership with CREST is a natural fit, as many information security certifications have traditionally been lacking in the ability to demonstrate real-world skills. Organizations need the confidence that when they engage in security testing services they are obtaining top-notch technical personal as well as ethical individuals they can trust with their most sensitive data.” said Mati Aharoni, founder of Offensive Security. “CREST company accreditation is only given to organizations that can demonstrate demanding standards. This is wonderful recognition for OSCP certified individuals and will bring great value to the US security sector while setting the bar for wider international adoption.”

The CREST exam includes stringent multiple choice, long-form and scenario based questions to assess candidates levels of knowledge.  This is accompanied by rigorous practical assessment that requires candidates to manually identify and exploit vulnerabilities in a series of real world scenarios in the CREST labs.  These require candidates to have a firm grasp of identifying vulnerabilities, misconfigurations and architectural weaknesses to be able to exploit multiples systems, files and data sources.

CREST is at Black Hat 2015 in Las Vegas on Booth IP15, International Pavilion in the Business Hall.

For more information on OSCP and CRT Equivalency go to: