Security Testing Comes of Age

CREST Validates Practitioner's Skills
Five years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover."Since we've been established, we've already got pressure from a number of areas to cover things like wireless applications and network forensics, so in other words malware analysis, reverse engineering and those types of disciplines," Glover says.

Not only does CREST test the security of an organizations' systems and processes, but it also validates the skills and competencies of the information security staff. CREST also works with industry groups and government organizations to address broader issues related to information assurance.

Up to now, CREST has been UK-centric, but today is strategizing to grow throughout Europe, Asia and North America. "In a very short period of time, we've grown from nothing to being a sort of de facto standard," Glover says.

In an exclusive interview about CREST and security testing, Glover discusses:

  • The evolution of security testing;
  • Today's top threats, and how CREST is evolving to tackle them;
  • Advice to anyone seeking a career in security testing.

Glover has 34 years experience in information technology and has specialised in professional services for the last 28 years.

CREST is a not for profit organization. It was established to help develop professionalism within the information technology security testing community and provide a development path for individual testers. The Register is used by private sector organizations to gain a level of assurance that the security testers are competent and that the organizations they work for have appropriate processes and controls in place. The CREST qualifications have been assessed and are recognised by the UK government. The qualifications are a mandatory requirement for individuals carry out penetration testing work on government system. Ian is currently running a project to develop a set of professional network forensics qualifications with the support of the UK Centre for the Protection of National Infrastructure Industry. All the CREST qualifications have been evaluated by NBISE (National Bureau of Information Security Examiners) in the USA and a strategy for their implementation is being planned.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.