CREST International


CREST was established in 2006 initially in the UK. It is managed by an Executive of nine senior industrialists, two of whom represent the CREST assessors. At an operational level, responsibility is divided into the following areas: Governance, standards and operations, marketing and communications, finance and HR & remuneration. CREST holds a Register of Interests for the Executive which is reviewed at each quarterly meeting in order to maintain the integrity of the group.

Management Team


Chairman of CREST Executive
Mark Turner, Director, NCC Group PLC
Mark Turner - Head and ShouldersMark is a Director at NCC Group with responsibility for Operations, Management, Direction and Development of the Security Consultancy. Mark is passionate about developing the UK IT Security industry and making it the most professional and highest regarded in the world. As such, he is a founder and Director of BSides Manchester InfoSec Conference and is keen to continue his contribution to the security community through his position within CREST. Mark has been CREST Chairman since June 2016 with the aim of leading CREST through its most interesting times as it expands globally. He believes this global expansion will provide many opportunities to all CREST members and improved cyber and information security and collaboration across the world.
Contact: [email protected]

Stuart Criddle, Principal Consultant, NCC Group (Assessors’ Representative)
HeadShot_BlankStuart is one of the two Assessors’ representatives on the CREST Executive and leads on the technical delivery aspects of CREST examinations. Stuart is a Principal CLAS Consultant at NCC Group responsible for leading CLAS consultancy projects such as RMADS production and also has a key role in leading many PCI QSA assignments. He works as part of the main consultancy and testing team on both infrastructure and application assignments and has a long history of working with central government and police clients.
Contact: [email protected]

John Fitzpatrick, Managing Director, MWR Infosecurity LtdJohn-Fitzpatrick-225x300
John joined MWR in 2006 as an intern and progressed through the ranks and was appointed Managing Director in 2015. His experience includes CHECK Team Leader engagements and has worked with some of the largest organisations globally across multiple industry sectors. He has also contributed research, tooling and security advice to industry and is a frequent speaker at security conferences.
Contact: [email protected]

Rowland Johnson, Managing Director, Nettitude Ltd (Internationalisation and HR)
Rowland JohnsonRowland is CEO of Nettitude group, an intelligence led cyber security consultancy that operates across EMEA and North America. He has strong leadership skills and a comprehensive understanding of cyber security and risk management. Rowland has experience in growing and scaling a business and has experience in running an international organisation. Rowland has responsibility for CREST Internationalisation and is actively engaged with key international stakeholders across all of CREST’s operating regions.
Rowland also sits on the board of CREST International and in this role co-ordinates many strategic and operational initiatives across CREST chapters.
Contact: [email protected]

Stuart Morgan, Principal Consultant, MWR Infosecurity Ltd (Assessors’ Representative)Stuart-Morgan-225x300
Stuart has been an Assessor for CREST for a number of years and was elected by his peers to the Executive in June 2017. His aim is to ensure that CREST exams remain the best in the world.
Contact: [email protected]

Lawrence Munro, EMEA Regional Director, SpiderLabs at Trustwave (Academia & Training)
Lawrence-MunroSpiderLabs at Trustwave is one of the world’s largest security assessment services units.Lawrence has close ties to the US, Singapore and Australia and speaks regularly with regulating bodies and financial institutions globally. He has a strong academic background and works closely with a number of UK Universities; he has also run graduate programmes within penetration testing consultancies for the last five years.He is also a Director for B-Sides London.
Contact: [email protected]


Alex Church, Chief Technical Officer, Context Information SecurityHeadShot_Blank
Alex helped to found Context Information Security in 1998. He was a CHECK Team Leader for a number of years before taking on responsibility for all technical and operational aspects of Context’s business, including technical strategy, service definition, operational efficiency, recruitment and delivery. He developed Context’s incident response services and their research division which specialises in reverse engineering and vulnerability research. He remains close to the technical side of the industry and is able to provide strategic guidance on technical developments and the future requirements within the UK Cyber arena, both from a government and private sector perspective.Alex has been involved with CREST since its inception, chaired the first Technical Committee and led the team that developed the original CREST examinations; he has also helped to develop the existing assessments and create new ones.
Contact: [email protected]

Greg Jones, Director, F-Secure Digital Assurance Consulting LtdHeadShot_Blank
Greg has over 20 years of commercial experience spanning development, network and system design/architecture, operations, IT and technical security assessments and testing. He specialises in Security assessment, secure system design and “unravelling messes”.
Contact: [email protected]

Oliver Church, Director, Orpheus Cyber LtdHeadShot_Blank
Oliver is CEO of Orpheus, a specialist Cyber Threat Intelligence company. He is responsible for Cyber Threat Intelligence on the CREST Executive and is a passionate believer in the importance of intelligence-led security. Oliver has previously established successful cyber security teams and capabilities at major global organisations and has a wide range of risk management and security experience, developed working for a diverse range of large and small organisations over the last 17 years. An expert in cyber risk management and cyber resilience testing, Oliver has been involved in developing intelligence-led cyber resilience frameworks, working with Regulators to do so, and has extensive experience leading cyber threat intelligence teams to conduct the testing itself. Oliver’s cyber security expertise is built on a foundation as a qualified lawyer, which enables him to add the legal perspective to the management of cyber risks. Oliver is a CREST Certified Cyber Threat Intelligence Manager (CCTIM), an Assessor of the CCTIM exam and a Solicitor of the Supreme Court of England and Wales.


Paul Midian, Chief Information Security Officer, Dixons Carphone PLCHeadShot_Blank
Paul is an accomplished information and cyber security practitioner with over 20 years ‘experience; he is Chief Information Security Officer at Dixons Carphone plc.Previously, Paul was a director in the Cyber Security practice at PwC leading large scale information and cyber security improvement and transformation programmes. Prior to his role at PwC, Paul was a director at Information Risk Management Plc . During his tenure revenue increased by over 75% and the company won the Secure Computing ‘Information Security Consultancy of the Year 2013′ award. Prior to working at IRM he was Head of Security Testing at Siemens Enterprise Communications (formerly Insight Consulting).Paul is a member of the BCS and of ISACA. He has been involved in the CREST organisation since its inception.
Contact: [email protected]

Ken Munro, Senior Partner, Pen Test Partners LLP (Marketing)ken-munro
Ken has over 15 years in the industry, in both Sales and Technology, and has experience of running security companies of all sizes. He specialises in engagement with the press and journalists in the promotion of the Information Security industry and security best practice in general. Ken’s role on the Executive is that of Marketing and Communications.
Contact: [email protected]

CREST Permanent Staff

Ian Glover, PresidentHeadShot_Blank
Ian has worked in the IT industry for the last 40 years and has been working in information security for the last 36 years – and has enjoyed nearly every minute of it. As President of CREST he has taken it to a position of influence in the technical security industry and has been instrumental in many major industry initiatives. These include the award winning Cyber Essentials scheme, which assesses basic levels of cyber hygiene; and the CREST, Bank of England and Government project to develop the STAR and CBEST Schemes that are designed to provide higher levels of assurance for critical parts of the UK financial services and other parts of the critical national infrastructure. He also helped to develop and implement the UK Government CIR (Cyber Incident Response) and CREST Cyber Security Incident Response (CSIR) schemes.

Internationally he is working with governments and regulators to establish or develop CREST chapters in Singapore, Hong Kong, Malaysia, Australia and the USA. He is also supporting member companies in many other regions. Prior to representing CREST, Ian was one of the founders of Insight Consulting, a leading specialist information security consultancy. The business was purchased by Siemens. He then sat on the Board of Siemens Communications. Prior to establishing Insight Consulting has worked for the MoD, Treasury (CCTA) and Ernst and Young.
Contact: [email protected]

Elaine Luck, Operations ManagerEAL_2
Elaine has worked at Board level in industry for over 30 years, predominantly for the leading trade association in the defence and public security sectors but latterly in the facilities environment. Her roles have included company secretary, business and operations management, membership management, event organisation and personnel management. Within CREST she is responsible to the Executive for all aspects of day to day operations and also for CREST’s Cyber Essentials engagement.
Contact: [email protected]

Adriana Costa-McFadden, Company Membership Administratoradriana photo v2
Prior to joining CREST, Adriana was a Software Engineer at Nortel Networks. Within CREST, she is responsible for membership applications, renewals and overall support to members.
Contact: [email protected]

Sally Fitzmaurice, Examinations AdministratorSally-Fitzmaurice-2-274x300
Sally has extensive high-level experience in administration and a strong background in customer engagement and time management. Within CREST she is responsible for managing all aspects of the examination booking process.
Contact: [email protected]

Samantha Alexander, Service AccreditorSamAlexander
Sam is an experienced auditor in Information Security, Business Continuity and Quality. She has particular experience of ISO27001 and information security having been consultant helping clients with the implementation and operation of new management systems effectively into their business. Supporting clients to maintain their certifications to relevant standards, as well as reviews carrying out reviews, updates and restructuring of management systems for a wide range of sectors. Within CREST she supports the company membership accreditation function, carrying out reviews on company applications and all supporting documentation.
Contact: [email protected]

Stephen Child, IT Systems ManagerS-Child
Stephen is a very experienced IT professional with over 10 years experience working in IT infrastructure. He has supreme technical knowledge of software such as Azure, V-Centre and Windows. He is also CISSP, CCNA and CCNP qualified. Within CREST he has responsibility for all aspects of examination infrastructure maintenance as well as back office development, maintenance and support.
Contact: [email protected]