Brian Sims

CREST launches practical certification for penetration testing

CREST – THE not-for-profit accreditation and certification body representing the technical information security industry – has launched the first of four new practical penetration testing certifications designed to be delivered via selected Pearson Vue Test Centres around the world.

The all-new CREST Registered Security Analyst (CRSA) certification will provide CREST members, CREST-qualified individuals and the wider industry with flexible and global access to this practical penetration testing examination.CRSA is a new registered-level practical penetration testing certification. It boasts a slightly broader scope than the CREST Registered Penetration Tester (CRT) and includes desktop breakout assessments and a larger web application component. The CRSA will now run in parallel with the CRT.

The UK’s National Cyber Security Centre (NCSC) has confirmed that the CRSA certification will be recognised alongside the CRT for technical entry for CHECK Team Member. This applies to all CRSA certifications awarded, wherever in the world candidates may be taking the examination. The existing CREST Practitioner Security Analyst (CPSA) certification, which is already a prerequisite for the CRT, is also a prerequisite for the new CRSA examination.

It’s worth noting that a CPSA qualification attained via equivalency cannot be used as the prerequisite for booking the CRSA examination.The CRSA is available to book through Pearson Vue at this URL:

Practical certifications The CRSA is the first in a suite of new practical certifications being developed by CREST. The others, which have not yet been recognised by the NCSC, are:

*CREST Certified Security Consultant (Red Team) – CCSC RED

*CREST Certified Security Consultant (Networks) – CCSC NET

*CREST Certified Security Consultant (Web) – CCSC WEB

“The examinations for all four new practical penetration testing certifications have been designed to be delivered entirely through Pearson Vue Centres,” said Ian Glover, president of CREST International. “This opens up the opportunity to individuals working in the cyber security industry to gain the access needed to certify with CREST wherever they reside in the world.”For their part, Pearson Vue Centres offer a distraction-free secure testing environment with continuous candidate surveillance. There are a number of mandatory security measures at all Test Centres to ensure the integrity of the examinations and the safety of the candidates.

*For full details on the CRSA visit


CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and Security Operations Centre-focused services.

CREST member companies undergo regular and stringent assessment, while CREST-certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in what is a fast-changing technical security environment, the certification process is repeated every three years.CREST is governed by an elected executive of experienced security professionals who also promote and develop awareness, ethics and standards within the cyber security industry.

The organisation supports its members – and, indeed, the wider information security industry – by creating collaborative research material. This provides a strong voice for the industry and opportunities to share knowledge, while also delivering good practice guidance to the wider business community.

Company Info

Security Matters

Western Business Media
Dorset House
64 High Street
East Grinstead
RH19 3DE