Regions icon
Membership icon
Certification icon

Dubai Cyber Force standard

CyberForce Logo

We have signed an agreement with the Dubai Electronic Security Center (DESC) to deliver a new standard that will give our members and qualified individuals greater access to the market in Dubai.

The full details of the standard are being finalised and will be communicated in the coming months. It will initially focus on penetration testing and incident response services, and through CREST, requires registration with DESC, to be eligible to work for the Dubai government. To register, individuals must hold a valid CREST professional certification or work for a CREST accredited member.

For more information, see the FAQs below.

To read the DESC press release on the agreement, see here.

How to express your interest

For individuals

If you are interested in taking a CREST exam as part of the Dubai Cyber Force standard, please email [email protected]. You will be entered into a prize draw to win free vouchers for CREST practitioner level Penetration Testing or Incident Response exams, available at a Pearson Vue test centre in Dubai.

For CREST member companies

Email [email protected]

For organisations interested in becoming a CREST member

Email [email protected]

For Dubai Government agencies interested in understanding more about the standard 

Contact DESC at [email protected]

Dubai Cyber Force standard FAQs

What is the Dubai Cyber Force standard?

The Dubai Cyber Force standard will be used to signpost skilled and competent individuals and companies that are able to deliver Penetration Testing and Incident Response services to the government in Dubai. The standard is part of the delivery of the Dubai Cyber Security Strategy (DCSS) with the vision of placing Dubai among the most secure cities electronically in the world.

Why is the Dubai Cyber Force standard required?

There are huge amounts of variability in the services being delivered by Penetration Testing and Incident Response service providers globally.  Methodologies vary, breadth, depth and quality of assessment varies and the underlying skills and competencies of the individuals delivering services can vary significantly.  Penetration Testing and Incident Response services are highly technical, and both the language, findings and recommendations can be confusing to buyers of services.

This standard sets a high, internationally recognised standard for delivery of cyber services to Dubai government. It uses a standards-based approach, to deliver increased quality, improved technical skills, and greater consistency across the cyber security sector. This is essential to have confidence that Dubai’s critical information infrastructure (CII) is well protected. By defining a series of requirements for service providers and the professionals that deliver these services, the Cyber Force standard will deliver more consistent outcomes for the delivery of cyber services in Dubai.

What are the requirements to become registered?

Individuals must be either CREST qualified or work for a CREST member company that is accredited to the Penetration Testing or Incident Response disciplines. For information please email [email protected]


How will I know if a cyber service provider is a part of the standard?

Buyers of penetration testing and incident response services in Dubai will be able to identify CREST member organisations with Dubai Cyber Force registered individuals via the CREST website once the standard has opened for registrations.

Are there geographical restrictions for those delivering services under the standard?

No, individuals (and the employers) may be located remotely or in Dubai. However, building a domestic eco-system of skilled cyber service professionals and companies is strategically important so local presence will be well regarded.

How do I find out more information about CREST exams and make a booking?

Please visit the Certifications section of the CREST website for more information about booking a CREST exam (please note that where an exam needs to be taken at a ‘CREST Exam Centre’, further information will be shared in due course regarding when this will be available in Dubai).

How do I apply for the chance to win a free CREST exam?

CREST is offering a limited amount of free exams to a randomly selected set of individuals who express interest in taking a practitioner level Penetration Testing or Incident Response exam. The exam will be available at a Pearson Vue test centre in Dubai only. Email [email protected] the chance to win.

I represent a CREST member company, how do I find out more information about this standard?

Please contact [email protected] for more information.

I am interested in becoming a CREST member company, how do I find out more information about joining?

Please contact [email protected] to enquire.

I represent a Dubai government agency, how do I find out more information?

Please contact DESC at [email protected] for more information.

When is the standard being launched?

The Dubai Cyber Force standard was launched at GISEC 2023 (March 14-16) with further details about how to register to follow in Q2 2023.

When will more details be available?

The details of the standard will be published in Q2 2023.

Will the standard be mandatory?

The standard will become mandatory at the end of Q4 2023.  Individuals are encouraged to enrol in the standard as soon as possible to ensure that they are able to meet this timescale.

How does this standard fit in with Dubai’s Cyber Security Strategy (DCSS)?

A key domain of the DCSS is creating a Cyber Smart Society – achieving awareness, skills and capabilities to manage cyber security risks for Dubai’s public and private sectors, and individuals, including:

  • Capacity – Availability of knowledgeable, experienced and trained personnel specialised in cyber security for public and private sector organizations.
  • Capability – Raising the skills of cyber security experts.

A key guiding principle and domain of the DCSS is National and International collaboration:

  • Establishment of international collaboration – setting standards that are internationally recognised and enable Dubai to build a cyber eco-system that aligns with the best globally.
  • Collaboration between organisations forming part of the Critical Information Infrastructure (CII) and establishment of partnerships with public and private sectors – connecting the public sector to the private cyber services sector through collaboration with global standard setters.
  • Establishment of cyber security legislation and regulations – the implementation of regulations that drive capacity, capability and consistency aligned with international standards.