Stratus Security Achieves CREST Accreditation, Validating High-Assurance Standards for Penetration Testing

Release date: 9 March 2026

Stratus Security, a Melbourne-based offensive security consultancy and technology developer, today announced it has received accreditation from CREST for Penetration Testing and Vulnerability Assessment.

This dual accreditation places Stratus Security among an elite group of Australian cyber security firms that have successfully audited their policies, procedures, and technical methodologies against CREST’s rigorous international standards. It validates the company’s ability to deliver high-assurance security testing for government, financial services, and critical infrastructure providers.

“Congratulations to Stratus Security on achieving CREST accreditation for Vulnerability Assessment (VA) and Penetration Testing. This is a strong endorsement of the teams and the commitment to robust business processes, data security, and testing methodologies,” said Nick Benson – CEO of CREST. “It also reflects the growing influence of CREST across Australasia and the increasing demand for highly-skilled penetration testing and vulnerability assessment services from trusted providers that can demonstrate internationally-recognised validation.” 

The accreditation comes as Stratus Security continues to expand its technical capabilities. Unlike automated vulnerability scanning services, Stratus Security focuses on adversary simulation and deep-dive manual penetration testing, supported by its own research and development of state-of-the-art security tools.

Colin Watson, Director of Stratus Security, said: “Achieving CREST accreditation for both Penetration Testing and Vulnerability Assessment is a validation of our ‘quality-over-quantity’ philosophy. In a market often saturated with automated, low-fidelity scans, this badge confirms that our manual, human-led testing methodologies meet the highest global benchmarks.

“We are now taking this same accredited rigour into our R&D. We are proud of our contributions to the offensive security community through our public tooling and open-source contributions. Our tools are used by the industry globally.”

The CREST accreditation verifies Stratus Security’s capabilities in:

• Penetration Testing: Simulating sophisticated cyber attacks to identify critical risks in networks, applications, and cloud environments.
• Vulnerability Assessment: Providing comprehensive, systematic identification and management of security weaknesses across enterprise infrastructure.

About Stratus Security: Stratus is a 100% Australian-owned and operated cyber security consultancy specializing in offensive security operations. The firm provides expert services in internal, external and web application penetration testing among many others. Uniquely, Stratus combines consulting with active software development, engineering state-of-the-art public security tools used by the wider industry. For more information, visit https://www.stratussecurity.com.

About CREST:

CREST is a global not-for-profit organisation dedicated to raising standards and building trust in the cybersecurity profession.

Established in the UK in 2006, CREST works with its international community of Member companies and practitioners to promote excellence, integrity and professional development across the cyber ecosystem. Through robust standards, accreditation frameworks and skills pathways, CREST helps organisations buy cybersecurity services with confidence and supports practitioners in developing trusted, globally-recognised careers.

Working closely with governments, regulators and industry stakeholders, CREST plays an active role in shaping policy, strengthening market confidence, and supporting the growth of a resilient, professional cybersecurity sector worldwide.

Media Contact: Colin Watson Director, Stratus Security [email protected]