.svg "2024_Full_Logo_Full_Color_SVG (1)"){kind=logo}
Cybersecurity is no longer a monolithic topic – if it ever was. Specialization matters. Organizations don’t hire generalists or “my brother-in-law’s buddy who says he knows about security.” Similarly, organization’s aren’t going to engage with a fly-by-night security firm when their company’s safety is on the line. You want expertise in relevant knowledge domains from true subject matter experts who can demonstrate their know-how.
But how do you identify how well someone knows a subject? That’s a challenge, especially when hiring external experts because you lack in-house knowledge. You can ask questions about their background, but will you understand the answers?
Beyond the disambiguation of corporate boasting (“We’re the leading vendor!”), every provider has strengths and weaknesses. You may interview someone who knows one area in depth but has never encountered another aspect. An individual may have plenty of hands-on experience in malware analysis or intrusion detection, for example, but they’ve never been called upon to perform penetration testing. If you need pentesting, you want pentesting expertise!
Learn More: What is a Penetration Test and Why is it Important?
Why Accreditation Matters
Accreditations are trustworthy references, and CREST is no different. To grant an accreditation, an external organization uses practical, dispassionate tests to judge an individual’s or company’s knowledge about a particular subject. That advantage applies to many fields, with accreditations available for fields extending from human resources to payroll accounting. It certainly applies to IT specialties and cybersecurity, where accreditations can ascertain an organization’s competence in technology operating procedures and standards.
Accreditations (in IT or otherwise) address a range of skills and expertise. Most standards bodies offer both entry-level certifications (think: high school graduate) and guru-level certifications (in college terms, that could be a Bachelor’s or Master’s degree in the topic).
This assures hiring organizations that the candidate or service provider meets the primary criteria for a broad scope of relevant skills. It also confirms that the certified individual or accredited company has the knowledge, skills, and competence to provide the best services for this need.
What CREST Accreditation means
The Council of Registered Ethical Security Testers (CREST) accreditation is a recognized standard for companies and individuals working in cybersecurity, specifically in penetration testing, incident response, and threat intelligence. The international not-for-profit accreditation and certification body ensures that organizations and professionals meet rigorous skills, knowledge, and service quality standards.
CREST requires member companies to conform to its Codes of Conduct and Ethics and Complaints and Resolution Measures. It also builds trust by confirming that accredited companies have documented policies, processes, and competencies. This includes a complaints and resolution process (though we hope we never give you reason to discover this last bit personally).
Beyond CREST accreditation, Secure Ideas specializes in penetration testing services, with well over a decade experience in the field. As an industry leader, Secure Ideas is deeply committed to advancing the security industry through involvement in numerous open-source projects and active participation in major conferences and training events. Its expertise has been recognized by prominent media outlets, and company executives have served as expert witnesses, and presented to the U.S. Senate on cybersecurity matters. Secure Ideas boasts a highly qualified team with several industry certifications, including CISSP, OSCP, GWAPT, GPEN, GCIA, GCIH, GCFA, GAWN, CEH, and CISM. Its consultants are also members of professional organizations such as OWASP, ISSA, and Infragard.
Are you ready to learn more about services from Secure Ideas? Schedule a consultation call to learn more.