Regions icon
Membership icon
Certification icon

About us

We were established in the UK in 2006 making this our founding chapter.

We have grown and developed significantly in the UK over the years, adding members and expanding the range of professional certifications and services we are able to offer.

In the UK, we work closely with regulatory bodies such as the National Cyber Security Centre, part of GCHQ, the UK’s Government Communications Headquarters. The IT Health Check Service, or CHECK, was developed to enhance the availability and quality of the penetration testing services that are provided to Government.

We work with the NCSC to provide a set of penetration testing examinations that underpin the CHECK scheme in the UK. All our examinations used to assess individuals as part of CHECK are reviewed and approved by GCHQ, NCSC.

CREST UK works alongside many other governmental and regulatory organisations including: the Bank of England; the Financial Conduct Authority; Civil Aviation Authority; Ofcom; the Cabinet Office; the Department for Digital, Culture, Media & Sport and the UK Centre for the Protection of the National Infrastructure to support frameworks and standards in cyber security for government and key national infrastructures.

We are part of a consortium with CIISec and Royal Holloway College to provide examinations for Security Architects under the NCSC Certified Professional Scheme. The introduction of this exam is having a significant impact on the technical security industry and its moves towards professionalisation.

Over time, interest in the success of our UK activities has grown in other regions that are keen to build on our experience in building capability, capacity, consistency and community in the cyber security industry. We have been able to support the setting up of chapters around the world and to work with governments, regulators, buyers and suppliers to develop and support internationally recognised schemes.

Our experience in the UK and, increasingly, in other global regions is helping to enhance cyber resilience around the world and to open up markets for our member companies and opportunities for CREST qualified individuals.

The UK chapter is managed and represented by an elected UK Council. Council Chair, Rob Dartnall, also sits on our International Council.

We offer a full range of disciplines in the UK market:

• Penetration Testing
• Incident Response
• Threat Intelligence
• Security Operations Centres

UK Council Members

CREST UK is managed by a Council of nine senior industrialists, two of whom represent the CREST assessors. The UK is our founding chapter and, prior to December 2021, the UK Council was known as the GB Executive. The Council meets for four formal meetings a year plus, traditionally, two strategy days and other occasional meetings. All positions on the Council are for a period of three years and at that point the incumbents compulsorily retire and are eligible for re-election for a further three-year term. No member of the Council who has been elected by the membership at an AGM holds office as a member of the Council for more than six consecutive years; at that point they must stand down for a period of one year.

The serving UK Council Members are listed below in alphabetical order. Hold your cursor over each for more information.

Dave Allan

CYSIAM (Co-opted member)

Dave joined the British Army as a Royal Signals Operator and served for 10 years, with the latter half of his career focussed on counter terrorism support to HMG overseas. He then joined the Foreign and Commonwealth office in a variety of IT/Security related roles and finished his civil service career as Head of International Cyber Capacity Building. In 2019, Dave co-founded CYSIAM as the CTO and in 2021, moved into the Managing Director role.

CYSIAM works in strategic partnership with public and private sector clients who understand, and are serious about mitigating, the risks that cyber incidents pose to their critical systems and data.

Oliver Church

Director, Orpheus Cyber Ltd

Oliver is CEO of Orpheus, a specialist Cyber Threat Intelligence company. He is responsible for Cyber Threat Intelligence on the UK Council and is a passionate believer in the importance of intelligence-led security. Oliver has previously established successful cyber security teams and capabilities at major global organisations and has a wide range of risk management and security experience, developed working for a diverse range of large and small organisations over the last 17 years.

An expert in cyber risk management and cyber resilience testing, Oliver has been involved in developing intelligence-led cyber resilience frameworks, working with regulators to do so, and has extensive experience leading cyber threat intelligence teams to conduct the testing itself. Oliver’s cyber security expertise is built on a foundation as a qualified lawyer, which enables him to add the legal perspective to the management of cyber risks. Oliver is a CREST Certified Cyber Threat Intelligence Manager (CCTIM), an Assessor of the TI examinations and a Solicitor of the Supreme Court of England and Wales.

Simon Clow

Associate Director, Context Information Security Ltd

Simon is responsible for the technical delivery of complex assurance engagements to regulators and a variety of public and private sector clients. He has designed various testing methodologies used by the company and was involved in the development of the CBEST framework. He is a Fellow of CREST and an Assessor and is keen to ensure we deliver ‘best of breed’ examinations and that our industry-wide reputation is maintained and enhanced globally.

Stuart Criddle

Cyber Director, PwC

Stuart is one of the two Assessors’ representatives on the UK Council and leads on the technical delivery aspects of our examinations. Stuart is Director, UK Ethical Hacking at PwC and is responsible for leading CLAS consultancy projects such as RMADS production and also has a key role in leading many PCI QSA assignments. He works as part of the main consultancy and testing team on both infrastructure and application assignments and has a long history of working with central government and police clients.

Rob Dartnall

(Chair), CEO and Director of Intelligence, Security Alliance Ltd

Rob is the CEO and Director of Intelligence for Security Alliance Ltd, a Cyber Threat Intelligence company. From a military intelligence background, Rob transitioned his intelligence tradecraft into the cyber domain where he is an advocate of ‘Intelligence Preparation of the Cyber Environment’.

Rob’s primary work has been designing intelligence-led resiliency programs, developing intelligence capability, creating intelligence sharing frameworks and initiatives and providing intelligence led consulting engagements. Rob holds the CREST Certified Threat Intelligence Manager qualification, is a CREST TI Assessor and sits of the CTIPs Sub- Committee.

Rob was formally elected as Chair of what was then the GB Executive on 3 March 2021.

Contact: [email protected]

Ian Lovering

Technical Lead, DXC Technology (Assessors’ Representative)

Ian has 20 years’ experience in the IT industry latterly as technical lead for DXC managing CHECK, STAR and GBEST penetration testing and long-term vulnerability scanning implementations. He has also been responsible for secure architecture reviews and secure code reviews covering multiple industries including finance, public sector, telecoms, and oil and gas. Ian has been a CREST Assessor since 2015 and is currently running the our exam development group creating our next generation exams.

Rodrigo Marcos Alvarez

Chief Executive Officer, SECFORCE Ltd

Rod is the CEO of SECFORCE Ltd, a penetration testing and red teaming consultancy. Rod also contributes to the security community by leading an OWASP chapter, mainly driven by the goal of increasing security awareness and providing an opportunity for individuals to acquire technical offensive security skills.

With 20 years’ experience in offensive security, Rod has a strong technical background. Even though he still enjoys getting involved in the technical aspect of security and getting his hands dirty in “low level” stuff, Rod’s professional goals are around creating a rewarding and inspiring work environment, helping solve customer challenges and make this world a safer place – One IP address at a time.

Brian McGlone

European Leader – Cyber Security Testing, IBM UK

Brian has a wealth of experience in the Security Assessment and Audit fields. He has worked in America, Africa, and a variety of countries across Europe. His work includes security assessments for all sectors. His current role covers business development of all forms of security testing, managing security testing programs, delivery of security testing, coaching/management, mentoring, and being a thought leader as part of the X-Force Red global team management team.

Brian is keen to help CREST and the industry move further forward in its objectives to make it successful for all. Whether this is people starting security careers or companies looking to ensure they are aware of their security and vulnerability profiles, through using the services provided by our member companies.

Paul Midian

CISO, EasyJet (Co-opted member and Chair of Senior Advisory Panel)

Paul is an accomplished information and cyber security practitioner with over 20 years’ experience. He is Chief Information Security Officer at EasyJet. Previously, Paul was CISO at Dixons Carphone and a director in the Cyber Security practice at PwC leading large scale information and cyber security improvement and transformation programmes.

Prior to his role at PwC, Paul was a director at Information Risk Management Plc . During his tenure revenue increased by over 75% and the company won the Secure Computing ‘Information Security Consultancy of the Year 2013′ award. Prior to working at IRM he was Head of Security Testing at Siemens Enterprise Communications (formerly Insight Consulting). Paul is a member of the BCS and of ISACA. He has been involved in our organisation since its inception.

Stuart Morgan

Principal Consultant, F-Secure (Assessors’ Representative)

Stuart has been a CREST Assessor for a number of years and was elected by his peers to the then GB Executive in June 2017. His aim is to ensure that our exams remain the best in the world.

Boglarka Ronto

Director of Operations, Commissum Associates Ltd

Boglarka is Director of Operations at Commissum (Eurofins Cyber Security UK), with a background in penetration testing and UNIX systems administration. In her role she relays a lifelong passion for the security industry, supporting a variety of businesses, both large and small on their journey to a more mature security posture. Boglarka works with young people to help them find a fulfilling career in one of the many areas of cyber security, focusing on challenges associated with niche requirements such as testing mainframes.

Ben Turner

Global Head of Advisory Services, Nettitude

Ben is the Global Head of Nettitude’s Advisory Services’ and has over a decade’s experience in the cyber security sector. During this time he has worked with a huge client base ranging from UK Government, Banking Sector (Including Central Banks) and many well-known private sector organisations worldwide. Ben specialises in intelligence-led simulations (STAR) and infrastructure testing but has a wide variety of knowledge in many areas, including training, tool development and incident response. Not only has he delivered in-depth technical assurance services, but has excellent communications skills that span a wide range of audiences including technical, business management and senior leadership.

Ben was formally elected to the UK Council at the Annual AGM 14 June 2022.

Martin Walsham

Principal Consultant at AMR Cyber Security

Martin is an industry recognised cyber security expert with the business gravitas and presence to lead and deliver at large programme level.

Martin has excellent stakeholder relationships with industry and regulators and has been directly involved in shaping the maturity of the cyber security eco system both on a National and International basis through memberships of working groups, research, the development of new schemes and standards, and through his previous work on the former Executive Board for CREST.

Martin has excellent skills in risk management, security architecture, policy development and security leadership. He is highly proficient in accreditation and in developing information security management systems.

Martin has extensive experience of developing trusted assurance models for hardware and software systems and leading the evaluation of hardware and software systems under trusted assurance scheme models.

Martin has a pragmatic, mature consultative engagement approach. He is committed to providing quality business focused service. His levels of focus and commitment are evident in his unblemished track record for delivery