Tag Archives: CREST

News, Training

CREST and Immersive Labs announce partnership for developing technical cyber security skills

Partnership helps equip CREST members with cyber knowledge, skills and judgement ahead of certification

10 May 2022: CREST, the international not-for-profit cyber security accreditation and certification body is partnering with Immersive Labs, the Cyber Workforce Optimization Platform, to support CREST member professionals in developing their defensive and offensive security skills.

The Immersive Labs platform will provide access to hands-on simulations of threats and mitigation techniques, allowing those preparing for CREST examinations to exercise and improve capabilities in line with the certification framework.

“We are delighted to be working with Immersive Labs to offer members a powerful, real-time alternative for ongoing skills development,” said Rowland Johnson, president of CREST. “Immersive Labs will be providing labs that are aligned to our examination framework and CREST Accredited organisations will have free access to entry level labs. They will then have the option to gain access to a wider set of labs, at a reduced cost which will be aligned to our Registered and Certified level exams. This new partnership is not only providing our members with better access to training for CREST exams but we also hope it will build a greater sense of community.”

CREST will work with Immersive Labs to put a particular focus on incident response, mapping its online, on-demand content to the exam syllabus and delivering a number of bespoke learning pathways.

“Achieving a CREST certification is a high bar, with members benefitting from an in-depth understanding of complex technical skills. Our platform will enable this, letting the community get first-hand experience of offensive and defensive capabilities in an engaging way,” said James Hadley, CEO at Immersive Labs. “This shows CREST to be a forward-thinking certification provider dedicated to furthering the development of human cyber capabilities using innovative approaches.”

News, Training

CREST and Hack The Box partner for cyber security skills development

Hack The Box labs will provide study support for CREST exams and build a greater sense of global community

10 May 2022 CREST, the international not-for-profit cyber security accreditation and certification body is partnering with Hack The Box, a leading cybersecurity training and upskilling platform, to support CREST member professionals to develop their offensive security skills. The two organisations will provide test labs tailored towards individuals who are planning to take CREST penetration testing and red teaming examinations.

“Hack The Box will provide our members with an innovative and interactive approach to skills and competency development,” said Rowland Johnson, President of CREST. “The HTB Labs will be aligned to CREST’s internationally recognised examination framework, with labs of every level – from entry to advanced ones – being made available to the vast HTB and CREST communities. CREST Accredited organisations will have free access to entry level labs, with the option to gain access to a wider set of labs, at a reduced cost, as a result of this new partner relationship. This will not only provide better access to training for CREST exams but also helps to build a greater sense of community across our global membership.”

CREST is working with Hack The Box to map its current content against the CREST exams to create fully bespoke CREST labs, which will cover the following exams: CREST Practitioner Security Analyst (CPSA); CREST Registered Security Analyst (CRSA); CREST Registered Penetration Tester (CRT); CREST Certified Tester (CCT – Web and Infrastructure); CREST Certified Simulated Attack Specialist (CCSAS) and CREST Certified Simulated Attack Manager (CCSAM).

“We are looking forward to working closely with the CREST team and members to develop the CREST learning and skills development community,” said Nikos Fountas, Director of Operations at Hack The Box. “The labs will have content similar to that assessed in CREST exams but not the same and will be provided in HTB’s unrivalled gamified and fully intuitive platform. This means that using Hack The Box will help indicate if someone is at the right level to take and pass the exam but will not assess everything in the exam. Candidates will always need to join lots of previously unconnected dots and reach higher if they are going to pass the high-level CREST exams. This will be just the beginning of a long-term partnership, with more and exciting projects to be planned and announced soon.”

CEO & Founder Stories, News

CREST appoints Nick Benson as CEO

6 May 2022: CREST, the international not-for-profit accreditation and certification body for the cyber security industry, has appointed Nick Benson as its new Chief Executive Officer. He joins CREST from his position as Chief Operating Officer of ORX, the largest global trade association supporting operational risk management in financial services. Prior to that he held executive roles across the finance and risk management divisions at Nationwide Building Society, one of the UK’s largest retail financial services providers.

“I would like to welcome Nick to the global CREST community,” said Rowland Johnson, CREST president. “He has an impressive track record of building and leading teams through expansion and transformation and while at ORX led a programme of organisational change and delivered strong growth and enhanced service quality. It is a very challenging time for the cyber security industry in the face of a rapidly evolving threat landscape and Nick’s knowledge and experience will be pivotal in supporting CREST members and driving the next stages in CREST’s development.”

Benson began his career at KPMG in its IT advisory divisions in London and Sydney and he qualified as a Chartered Accountant (ICAS) in 2005. He also has a BA in accounting and finance from Exeter University.

As CEO, Benson will work closely with the senior management team alongside CREST President Rowland Johnson, who will focus on representing and growing the business internationally.

“CREST is respected across the international cyber security industry,” said Nick Benson. “I am delighted to have the opportunity to lead the CREST team at a time when it is about to surpass 300 members and is investing in new exams and accreditation on a global scale. This marks a new chapter in the CREST story, and I am very much looking forward to playing a part in it.”

Cybersecurity, Job Opportunities, Jobs, News, North of England

Cyber security company, Pentest People, seeks new talent following consecutive year of rapid growth

Additional clients and expansion of services sees 35% increase in headcount and search for new talent

Cybersecurity consultancy, Pentest People, is planning further expansion following its second consecutive year of rapid business growth, which saw revenues increasing by 65% and headcount increased by 35% over the past twelve months.

Organisations commission Pentest People’s cybersecurity experts to test their websites, applications and IT systems for any weaknesses that could allow cybercriminals to steal information, damage IT systems, or hold data to ransom. The company employs a number of CHECK team leaders, who have penetration testing qualifications and experience approved by the National Cyber Security Centre (NCSC).

The company, led by technical director, Gavin Watson, and sales director, Anthony Harvey, attributes its rapid growth to its continuous development of new threat assessment, consultancy, and remediation services, in response to increasing cybersecurity risks that affect organisations of all sizes.

“Over the past twelve months Pentest People has continued to grow its client base and expand its range of services, including the addition of cyber incident response, remote-working security assessments, dark web monitoring and zero-day exploit scanning, allowing us to detect, prevent, and remediate the most common cyber risks,” reports Gavin Watson.

Co-founder, Andrew Mason commented, “To support this expansion, we have increased our headcount by 35%, moved into a larger office at the Coach Works in Leeds, opened a second office close to GCHQ at Hub8 Cheltenham and launched an apprentice and graduate recruitment and training programme. We’ve hired thirteen women to join our team in the past year and we’re actively recruiting more female consultants.”

Pentest People now offers a broader range of on-site and online services to clients including:

  • Penetration Testing as a Service provided via the company’s Secure Portal
  • Ransomware defence assessment
  • Remote-working security assessment
  • Zero-day exploit response to alert clients to fresh vulnerabilities
  • Dark web monitoring to proactively search for evidence of stolen data
  • Social engineering assessment to identify where staff education is required
  • Phishing email assessment
  • Firewall ruleset reviews
  • VPN configuration assessment
  • Load testing to identify where third-party service and servers are impacting website user experience
  • Red Team assessment to proactively test organisations’ abilities to withstand targeted cyber attacks

Commenting on the company’s new service development, Gavin Watson, technical director, Pentest People added, “Our initial mission was to provide remote and on-site assessments to uncover vulnerabilities in systems, processes and employee practices that expose companies to cyber attacks. As Pentest People’s team has expanded, we’ve added rapid response services to help clients to fix critical issues resulting from newly discovered vulnerabilities and zero-day exploits. Within hours of any new exploits becoming public knowledge, our cyber security experts scan clients’ systems and provide remediation advice if they are found to be vulnerable.”

The company’s successes have not gone unnoticed and it was recently listed among the Leeds Tech Climbers of inspiring technology companies that are innovating to meet demand and are set for growth and it has been shortlisted for the Prolific North Tech Company of the Year award. Pentest People has also been invited to attend the UK Government’s CYBERUK 2022 event taking place at the International Conference Centre, in Newport, Wales, on 10th – 11th May.

About Pentest People:

Pentest People is a cybersecurity consultancy that provides Penetration Testing as a Service (PTaaS) to organisations in the public and private sectors. This innovative approach to security testing combines the benefits of a consultant-led penetration test, bolstered by continuous vulnerability testing delivered via its SecurePortal®, which provides a living threat monitoring system throughout the contract, rather than a vulnerability assessment taken at a single point in time.

Established by the cybersecurity experts who founded RandomStorm, which was acquired by Accumuli Security in 2014, itself acquired by NCC in 2015, Pentest People operates a growing team of talented consultants, to help leading organisations to manage cyber threats and minimise disruption.

Pentest People is a CREST- accredited company and a CHECK Service Provider for its Penetration Testing services and has attained NCSC Cyber Essentials and Cyber Essentials Plus, as well as earning a place on the G-Cloud 12 framework. Pentest People is also certificated to ISO:9001 and ISO:27001.

For more information, please visit https://www.pentestpeople.com

 

Appointments, News

CREST appoints Andy Woolhead as Global Head of Product

12 April 2022: CREST, the international not-for-profit accreditation and certification body for the cyber security industry, has appointed Andy Woolhead as Global Head of Product, responsible for CREST’s certification and candidate assessment strategy. He joins CREST from his role as Business Development Director at SANS where he worked closely with the UK Government, MOD and law enforcement. Prior to that he served for 24 years in the Royal Navy as Head of Information Warfare, responsible for the development of Naval cyber doctrine.

“It is my pleasure to welcome Andy to the CREST team,” said Rowland Johnson, President of CREST International. “He joins us at a pivotal and exciting time in our growth when we are about to surpass 300 members and this year we are investing more than ever in our exams to support our members and provide clear career paths. Andy’s breadth of knowledge of the cyber security industry and career development strategies will play a key role in CREST’s continued growth.”

The majority of Woolhead’s career in the Royal Navy was spent at sea in a variety of roles, including navigation, anti-submarine warfare and command. His final role took him into cyber where he was responsible for helping to develop the uniformed cyber profession across the MOD in terms of training, culture, infrastructure and supporting operational capability. He joined SANS after leaving the Royal Navy in 2017 to pursue a career in cyber security.

“I am very much looking forward to working with CREST members, the international councils and the whole CREST community to further develop the certification strategy,” said Woolhead. “It is essential that CREST delivers examinations that measure up-to-date skills, knowledge and competence and that provide candidates with a clear career path. We also need to do this globally, while ensuring the highest of standards are maintained.”