Information About CREST

CREST provide globally recognised professional level certifications for individuals providing the following services:

  • Penetration Testing
  • Cyber Incident Response
  • Threat Intelligence
  • Security Operations Centre (SOC) services

CREST do not offer training courses, they create exams and the syllabus for those exams, leveraging a community of expert associates. By leveraging this community, CREST can remain neutral and uphold the standards of the cyber security training industry. CREST training providers take the CREST exam syllabus and build CREST approved training courses around them. It is common to see non-CREST approved training providers attempting to build training courses using these syllabi. However, many of these providers are not CREST approved and use instructors who lack the relevant CREST qualifications, as a result many who take these courses go on to fail the exam as the instructor lacks the prerequisite knowledge to build such training courses. As a CREST approved training provider, both the instructor and the course must be validated by CREST. A key requirement of CREST before granting approval to a training provider, is to ensure sufficient insurances are in place, and that all course material and instructors meet their exacting standards.

CREST Certification Levels

CREST certifications are broken down into the following levels:


Competent to conduct routine assignments under supervision in structured environment. Practitioner level is widely considered 'entry-level' but shouldn't be mistaken as being easy. Practitioner level exams require hard-work and dedication to pass and it is recommended that you undertake an accredited training course in preparation for the exam. In nearly all cases, CREST has a requirement that an individual must take the Practitioner level exam in a pathway before moving on to the Registered level.


Competent to work independently without supervision and with limited sign-off. Registered level is considered as the go-to certification for competent professionals wishing to formalise their experience and capability.


Competent to run and sign off major projects. Certified level is aimed at very knowledgeable management and experienced technical professionals. These are the highest level certifications CREST provide and they are not to be taken lightly.

CREST Certifications

The below table lists all available CREST certifications:

(Click to sort Ascending)
Skill Level
(Click to sort Ascending)
Certification Name
(Click to sort Ascending)
Short Name
(Click to sort Ascending)
Penetration TestingPractitioner CREST Practitioner Security Analyst CPSA
Penetration TestingRegistered CREST Registered Security Analyst CRSA
Penetration TestingCertified CREST Certified Infrastructure Tester CCINF
Penetration TestingCertified CREST Certified Web Application Tester CCAPT
Penetration TestingCertified CREST Certified Simulated Attack Specialist CCSAS
Penetration TestingCertified CREST Certified Simulated Attack Manager CCSAM
Threat IntelligencePractitionerCREST Practitioner Threat Intelligence AnalystCPTIA
Threat IntelligenceRegistered CREST Registered Threat Intelligence Analyst CRTIA
Threat IntelligenceCertified CREST Certified Threat Intelligence Manager CCTIM
Incident ResponsePractitioner CREST Practitioner Intrusion Analyst CPIA
Incident ResponseRegistered CREST Registered Intrusion Analyst CRIA
Incident ResponseCertified CREST Certified Incident Manager CCIM
Incident ResponseCertified CREST Certified Network Intrusion Analyst CCNIA
Incident ResponseCertified CREST Certified Host Intrusion Analyst CCHIA
Incident ResponseCertified CREST Certified Malware Reverse Engineer CCMRE

*Take a look at which CREST certifications align to the NCSC CHECK Status Scheme.

CREST and arcX

All arcX training courses are aligned to a CREST examination and go above and beyond the knowledge required to pass. arcX training courses involve extensive testing, with access to browser-based virtual labs to consolidate understanding.

CREST use Pearson Vue test centres and their own centres to ensure examinations are proctored correctly and in line with their standards. We highly recommend checking where your local Pearson Vue testing centre is in your country.

To book a CREST exam that can be taken in a Pearson Vue centre, go to the Pearson Vue website and navigate to the ‘For Test-Takers’ section. Here you will be able to search for CREST and find your examination listed. If you haven’t already done so, you will be asked to create an account to proceed with your booking.

CREST Accredited Training Courses

Take a look at our current CREST accredited offering:

In-development (Register interest):

We will continue to add to our CREST training course offering, so we would recommend checking back regularly or contact us regarding courses currently unavailable.

Frequently Asked Questions

Commonly asked questions relating to CREST

What is CREST?
How do I verify a CREST Certification?
Are CREST exams easy?
Can I take CREST exams online?