3 minute read

The evolution of CREST

NIGEL PHAIR

By Nigel Phair, Chair, Australasian Council, at CREST International

CREST—an international not-for-profit, membership body representing the global cybersecurity industry— has been active in Australia for over 10 years and continues to advance to meet the demands of both buyers and suppliers of cybersecurity services.

CREST International started life in 2006 in the UK and has come a long way. It is now truly international with chapters run by democratically elected councils in Southeast Asia, the Americas, Australasia, the European Union and the United Kingdom.

CREST established a presence in Australia 10 years ago as CREST Australia. It was created with funding and support from the Commonwealth Government to provide assurance to organisations seeking cybersecurity consulting services. It focused initially on penetration testing.

However the Australian chapter is now CREST Australasia. CREST Australia has become CREST Australia New Zealand, and has no connection with CREST International. It has not adopted the CREST accreditation standards and CREST ANZ membership does not confer membership of CREST International.

CREST International now has five focus areas: vulnerability assessment, penetration testing, incident response, threat intelligence and security operations centres.

ACCREDITATION OF INDIVIDUALS

Individuals involved in the scoping, delivery and signoff of a CREST International accredited service can now register with CREST. There are two parts to this process.

1) An individual provides basic information that allows CREST to identify them as a unique entity. As part of this process the individual will be sent the CREST code of conduct to read and electronically sign. The application is reviewed and the individual is issued a CREST ID.

2) An individual provides additional information about skills, training, examinations and experience.

CREST is seeking a better understanding of individual competencies as they relate to each accredited CREST member organisation.

This information will be used to more effectively present skilled and competent teams to the buying community, governments and regulators.

CONNECTING BUYERS WITH SELLERS

The CREST International website has a significant focus on connecting buyers of cybersecurity services

with CREST member companies. The website puts members, the buying community and professionals seeking CREST certification centre stage with clear signposting on the home page and throughout.

A core function of the site is to turn buyers’ engagement with the website into sales leads for members. CREST has developed a new buyer-focused Find a Supplier journey that takes organisations, many of whom may be unsure what cybersecurity services they need, through a series of straightforward questions designed to generate meaningful results from the member database.

CREST continues to add to the Find a Supplier journey to improve its functionality for the buyers using it and to capture information about the buying community that can be aggregated and shared with members to inform their business development strategies.

New contact and callback functions on each member page allow potential clients to contact members directly and these leads will be logged in members’ dashboards.

MEMBER DASHBOARDS

For the first time members can log into the website with usernames and passwords. CREST members can edit details about their organisation including contacts, overall description, logos and banner images. They can also post links to content such as events and job vacancies hosted on their own websites using the careers and events tabs.

JOB LISTINGS

Members who link from their pages on the CREST website to job vacancies posted on their own websites will enjoy an additional benefit. CREST will collate the jobs to which members link and present them on its website in a way that allows qualified individuals to browse those vacancies.

TRAINING AND EDUCATION

CREST has signed agreements with Immersive Labs and Hack the Box to provide free access for member companies. Immersive Labs will provide labs aligned to the examination framework, and CREST-accredited organisations will have free access to entry-level labs.

These are exciting times for CREST. The changes to accreditation, the website and branding are the outcome of considerable member engagement. In Australia we run an annual CRESTCon event along with smaller member engagements. Exams are moving online making them more accessible and obtainable. There is a lot to do, and we welcome support to help create a secure digital world for all by quality assuring our members and delivering professional certifications to the cybersecurity industry.

For more information visit www.crest-approved.org

www.linkedin.com/in/nigelphair

This article is from: