The CREST Certified Consultant
certification is a professional certification
provided by the Council of Registered Ethical Security Testers (CREST)
CREST Certified Consultants are highly skilled professionals who are experienced in the understanding of potential vulnerabilities and their associated risks. They are able to use tools and techniques to identify and exploit vulnerabilities in target systems, and know what mitigation is possible. The practical exam and viva against the published syllabus ensure this is one of the highest certifications available within the security testing industry. This certification last for three years.
Ethical Security Testers
Security testers are known by several names, but probably the most widely know are that of Ethical Hacker
and Penetration Tester
. An Ethical Hacker is a trusted individual who is engaged by an organisation to undertake authorised attempts to penetrate networks, computer systems and applications. Such testing is often referred to as Penetration Testing
or Attack and Penetration testing. Cracking (unauthorised penetration testing) is illegal in most countries, and is a criminal offense in the UK under the Computer Misuse Act
An experienced security tester wishing to take the examination will need to be familiar with the published CREST syllabus and opt for either an infrastructure or application biased assessment, however the individual will require either a pass in the CREST BRE basic written exam, or must hold CEH
It is also worth noting that CHECK Team Leaders (CTL) have been granted equivalency until December 2007. Existing CTL may therefore obtain a grandfathered CREST Certification for a limited period, until such time as they pass a CREST assessment.
The exam and viva are administered by CREST. The practical takes the format of a technical assault course. Candidate's must be equipped with their own laptop and full testing toolkit. The candidate's ability to understand potential vulnerabilities and their associated risks, and to use tools and techniques to identify and exploit vulnerabilities in target systems is assessed.
What is CREST?
CREST (Council of Registered Ethical Security Testers)
is a professional body and trade association that has a mission to represent the information security testing industry and offer a provable level of assurance as to the competency of organisations and individuals within those organisations. It maintains and publishes a register of those accredited organisations and individuals who have met the CREST standard.
An individual holding the CREST Certified Consultant certification has proven their ability and understanding, giving confidence to those engaging their services. Furthermore, if the individual is employed by a CREST Member company, integrity is underwritten through that company's vetting obligations.