CREST Training & Examination Guide
Your comprehensive guide to CREST certifications, examination pathways, and what it takes to become a recognised cybersecurity professional.
What is CREST?
CREST provides globally recognised professional-level certifications for individuals in penetration testing, cyber incident response, and threat intelligence.
A common misconception is that CREST delivers training. In actuality, CREST creates examinations and syllabi, leveraging a community of expert associates to ensure industry standards are upheld.
CREST Accredited Training Providers (CATPs) like arcX take those exam syllabi and build approved training courses around them. Both the instructor and the course must be validated by CREST before granting approval.
As a CREST-approved training provider, we maintain comprehensive insurances and ensure all course material and instructors meet CREST's exacting standards.
Certification Levels
CREST offers three progressive certification levels, each representing increasing competence and responsibility. Choose your path based on your experience and career goals.
Practitioner
Entry-level professional exams aimed at individuals with around 2,500 hours (two years) of relevant and frequent experience. Competent to conduct routine assignments under supervision in a structured environment.
Registered
Demonstrating commitment as an information security tester. Typically requires at least 6,000 hours (three years or more) of relevant and frequent experience. Competent to work independently without supervision and with limited sign-off.
Certified
Setting the benchmark for senior professionals. Aimed at individuals with approximately 10,000 hours (five to six years) of relevant and frequent experience. Competent to run and sign off major projects.
Three Core Disciplines
CREST certifications span three critical cybersecurity disciplines, each addressing distinct aspects of modern cyber defence and offensive security operations.
Threat Intelligence
Cyber Threat Intelligence (CTI) professionals collect, analyse, and interpret data about current and emerging cyber threats. They transform raw threat data into actionable intelligence that informs defensive strategies, enabling organisations to anticipate attacks before they occur. CTI analysts bridge the gap between technical security operations and strategic business decision-making, providing context and priority to security teams.
3 examinations available
Penetration Testing
Penetration testers simulate real-world cyber attacks to identify vulnerabilities in systems, networks, and applications before malicious actors can exploit them. Through ethical hacking techniques, they assess security controls, test defensive measures, and provide detailed remediation guidance. This proactive approach to security helps organisations strengthen their defences and maintain compliance with industry standards.
6 examinations available
Incident Response
Incident response professionals are the first line of defence when security breaches occur. They rapidly investigate cyber incidents, contain threats, preserve forensic evidence, and coordinate recovery efforts. Their work involves analysing attack patterns, identifying root causes, and implementing measures to prevent recurrence. Effective incident response minimises damage, reduces downtime, and ensures organisations can quickly return to normal operations.
3 examinations available
Complete Examination Catalogue
Browse all 12 CREST examinations across three disciplines and three certification levels.
| Exam Name | Discipline | Level |
|---|---|---|
| CREST Practitioner Threat Intelligence Analyst (CPTIA) | Threat Intelligence | Practitioner |
| CREST Registered Threat Intelligence Analyst (CRTIA) | Threat Intelligence | Registered |
| CREST Certified Threat Intelligence Manager (CCTIM) | Threat Intelligence | Certified |
| CREST Practitioner Security Analyst (CPSA) | Penetration Testing | Practitioner |
| CREST Registered Penetration Tester (CRT) | Penetration Testing | Registered |
| CREST Certified Tester - Infrastructure (CCT INF) | Penetration Testing | Certified |
| CREST Certified Tester - Application (CCT APP) | Penetration Testing | Certified |
| CREST Certified Red Team Specialist (CCRTS) | Penetration Testing | Certified |
| CREST Certified Red Team Manager (CCRTM) | Penetration Testing | Certified |
| CREST Practitioner Intrusion Analyst (CPIA) | Incident Response | Practitioner |
| CREST Registered Intrusion Analyst (CRIA) | Incident Response | Registered |
| CREST Certified Incident Manager (CCIM) | Incident Response | Certified |
Start Your CREST Journey With arcX
Join thousands of professionals who have advanced their careers with our CREST-accredited training courses.