09 Sep 2019

Leading cyber security certification bodies CREST and EC-Council have announced mutual equivalency for their professional entry-point technical qualifications.  This significant initiative reflects the need to create an industry framework for equivalent technical cyber security qualifications measured against the same criteria to replicate the approach in other professions.

The announcement helps to address the confusion around qualifications, providing clear development credentialed pathways and access to professional careers.  This gives the buying community a much better idea of the level of skill, knowledge and competence of the individuals, allowing them to recruit and contract in a more informed and intelligent manner. Both CREST and EC-Council qualifications are recognised globally and have been formally reviewed by governments and regulators.

The direct equivalency relates to the EC-Council Security Analyst (ECSA v10) qualification with the CREST Practitioner Security Analyst (CPSA) qualification. In addition, equivalency can also be granted for the for ECSA (Practical) with the CREST Registered Tester (CRT) certification, provided that the candidate already holds a valid CREST CPSA qualification.  The requirement that a Code of Conduct is signed remains an important part of the process ensuring ethical practices within the industry.  Re-examination and Continuous Professional Development are required to retain the qualifications to ensure currency.

“This formal agreement with EC-Council reflects the growing demand for skilled and experienced penetration testers and helps to establish a global ecosystem of certified professionals so that companies and organisations anywhere in the world have the confidence and trust in their purchasing and recruitment decisions” said Ian Glover, president of CREST.

“This collaboration offers major benefits for current CREST and EC-Council professionals certified via rigorous hands-on exams that are proctored and is a testament of the high-quality exams provided by both organizations. Building professional, well-defined career pathways will encourage more high-quality entrants to the industry, to create a larger pool of certified and trusted professionals.  It also  presents greater international job opportunities for penetration testers globally,” added Jay Bavisi, President of EC-Council Group.




CREST is a not-for-profit accreditation and certification body that represents and supports the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast-changing technical security environments the certification process is repeated every three years.

CREST is governed by an elected Executive of experienced security professionals who also promote and develop awareness, ethics and standards within the cyber security industry. CREST supports its members and the wider information security industry by creating collaborative research material. This provides a strong voice for the industry, opportunities to share knowledge and delivers good practice guidance to the wider community.

For more information about CREST, please see


About EC-Council:

EC-Council has been the world’s leading information security certification body since the launch of their flagship program, Certified Ethical Hacker (CEH), which created the ethical hacking industry in 2002. Since the launch of CEH, EC-Council has added industry-leading programs to their portfolio to cover all aspects of information security including EC-Council Certified Security Analyst (ECSA), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (CCISO), among others. EC-Council Foundation, the non-profit branch of EC-Council, created Global CyberLympics, the world’s first global hacking competition. EC-Council Foundation also hosts a suite of conferences across the US and around the world including Hacker Halted, Global CISO Forum, TakeDownCon, and CISO Summit.

For more information about EC-Council, please see




Our cookies and those of third parties help us to improve our online services. If you agree, please continue to browse our site. To make it even easier for you to navigate, click ACCEPT ALL. If you choose to continue without clicking ACCEPT ALL or if you close this banner you are not allowing the use of cookies except those necessary for the site to function. To find out more about how cookies are used on the website, please check out our cookie policy. For more information about cookies and their functions please read our F.A.Q. section

Manage options