EC-Council CEH badge

CREST and EC-Council Announce Equivalency for Penetration Testers

Fb Logo Uk Wheel Rgb 200Px
Thiago Earp
11 July, 2019

Two of the most dominant IT bodies in the world, CREST and EC-Council, have recently announced that they will unite and establish mutual equivalency for their professional qualifications.

Equivalency has been introduced between ECSA v10 and CPSA that focus on cyber security in its rawest form, and ECSA and CRT which teach penetration testing.

Equivalency between CREST and EC-Council certifications means that IT professionals will be able to gain two certifications through the effort of one course and exam. The two courses included in the scheme cover the same areas and are tested against the same criteria.

Ian Glover, President of CREST, said how the "formal agreement with EC-Council reflects the growing demand for skilled and experienced penetration testers" and was designed to help "establish a global ecosystem of certified professionals so that companies and organisations anywhere in the world have the confidence and trust in their purchasing and recruitment decisions.”

Which certifications are affected?

Direct equivalency has been introduced between the EC-Council Security Analyst (ECSA v10) qualification and the CREST Practitioner Security Analyst (CPSA) qualification - under the condition that it has been issued within the three years prior to application.
The reverse is also true -  EC-Council will grant the CPSA to those with ECSA.
Equivalency has also been introduced for the ECSA (Practical) and the CREST Registered Tester (CRT) certification.
How do you apply if you have one but not the other? You can submit an application for equivalency (including EC-Council ID for proof of certification) and will be asked to sign the CREST Code of Conduct for Qualified Individuals.
On signing this document, CREST equivalency will be granted from the date that the EC-Council certification was issued. Candidates are required to pay a £100 (or $150USD) administration fee which will cover the processing of their application.
Professionals seeking equivalency under any equivalency program will also have to adhere to the CREST Code of Ethics - in order to apply to sign for it, please email exambookings@crest-approved.org.

Why have CREST and EC-Council introduced equivalency?

As noted by Ian Glover, this significant change reflects the demand within the industry to create a framework for equivalent technical cyber security skills and qualifications. As the CREST and EC-Council certifications test against the same criteria, equivalency between the certifications is a sensible step in the right direction.
Equivalency between the two has been widely praised as it addresses the previous confusion around qualifications.
It also gives the buying community a much better idea of the level of skill and knowledge of cyber security professionals, allowing them to recruit and contract in a more informed and intelligent manner.

Who are CREST?

CREST is a not-for-profit accreditation and certification body that represents and supports the technical information security industry. The organisation produces internationally recognised certifications for penetration testing, cyber incident response and threat intelligence, to name a few.
CREST certified professionals take strict exams and the certification process is repeated every three years to demonstrate and ensure the highest levels of knowledge and skill.
As a frontrunner in the IT industry, gaining a CREST certification will open several doors for you, granting you the opportunity to share your knowledge and deliver good practice within the cyber security industry.

Who are EC-Council?

EC-Council is the world's largest certification body for Information Security professionals. With the launch of their chief program, Certified Ethical Hacker (CEH), the organisation has continued to lead businesses to the best certifications for penetration testing, ethical hacking and cyber security excellence.
The organisation offer several other popular certifications as well which are in fact seeing improvements being made to them later in the year, such as Certified Chief Information Security Officer (CCISO) and EC-Council Certified Security Analyst (ECSA).

Is it worth applying?

As two of the leading IT organisations in cyber security, getting certified in a CREST and EC-Council equivalency course would benefit you greatly and would massively increase your career prospects.
As an EC-Council Accredited Training Centre and Authorised Training Partner, Firebrand is readily equipped to provide you with official courseware, curriculum and instructors to help you get certified as the cyber security expert of your business.
Keep up-to-date and get certified, fast, with Firebrand.