Security Testing Comes of AgeEthical Testers Eye Expansion into New Global Markets
Not only does CREST test the security of an organizations' systems and processes, but it also validates the skills and competencies of the information security staff. CREST also works with industry groups and government organizations to address broader issues related to information assurance.
Up to now, CREST has been UK-centric, but today is strategizing to grow throughout Europe, Asia and North America. "In a very short period of time, we've grown from nothing to being a sort of de facto standard," Glover says.
In an interview about CREST and security testing, Glover discusses:
- The evolution of security testing;
- Today's top threats, and how CREST is evolving to tackle them;
- Advice to anyone seeking a career in security testing.
Glover has 34 years experience in information technology and has specialised in professional services for the last 28 years.
CREST is a not for profit organization. It was established to help develop professionalism within the information technology security testing community and provide a development path for individual testers. The Register is used by private sector organizations to gain a level of assurance that the security testers are competent and that the organizations they work for have appropriate processes and controls in place. The CREST qualifications have been assessed and are recognised by the UK government. The qualifications are a mandatory requirement for individuals carry out penetration testing work on government system. Ian is currently running a project to develop a set of professional network forensics qualifications with the support of the UK Centre for the Protection of National Infrastructure Industry. All the CREST qualifications have been evaluated by NBISE (National Bureau of Information Security Examiners) in the USA and a strategy for their implementation is being planned.