Kirkian Computing

Tag: CREST

  • My first 50 certifications

    I did my first (vocational) IT exam in 1999. This was after an annual appraisal from my (then) manager, who said “I’ve spoken to lots of people, and they’re all very impressed with your work. However, there’s no way for me to quantify your performance, so you don’t get a pay rise.” Based on that, I decided that it would be useful to have some objective evidence of my abilities from a neutral 3rd party, so I took the Visual Basic 5.0 exam and became a Microsoft Certified Professional.

    Fast forward to 2023: I’ve now passed 41 exams and earned 50 certifications. In all honesty, this process has been a bit haphazard; I’ve picked certifications based on what looked interesting at the time, or what related to a skill I’d been using at work, rather than having a clear roadmap of where I wanted my career to go. I’ve also sometimes leant towards the Pokémon approach of “gotta collect them all!” So, I think it’s time to look back and review which of these were worthwhile, and which I’d recommend to other people.

    NB I’m not including my university degrees in this list, because they’re academic rather than vocational. I’m also not including the European Computer Driving License (ECDL), because that’s aimed at end users rather than IT professionals.

    (more…)

  • CREST Practitioner Security Analyst (CPSA)

    In May 2022, I took the CREST Practitioner Security Analyst exam. This is a multiple choice theory test, which is a pre-requisite to become a CREST Registered Penetration Tester (CRT); the basic idea is to do a theory test and a practical test, similar to getting a driving licence.

    There are various organisations offering training courses. However, I used self-study, and this was a tricky exam to prepare for. With most vocational exams, there are study guides and/or Udemy courses available, but that’s not the case here. CREST publish a general reading list, but those books don’t cover everything you need and some of the content is beyond the scope of the exam. This seems to be deliberate, based on the examination FAQs:
    “Unlike some areas of academia, CREST exams are usually vocational; they are not designed to be achievable by a candidate whose sole focus is passing them through isolated study. They are designed to measure an individual’s capability to operate within the industry and identify those who can demonstrate the skills required.”

    I’m bound by the NDA (like all exams I take), but I’ll try to offer some advice here to help people prepare and judge when they’re ready to take the exam. Each exam attempt costs £275 (+VAT), so it would be a shame to waste your first attempt just to get an idea of what’s involved.

    In brief, it took me about 2 weeks to prepare for this exam (in the evenings after work), but that was building on various other exams, training courses, and work experience. It’s described as “entry level”, but I’d say that this is a bit more difficult than PenTest+ (which in turn was more difficult than Security+). Conversely, I found this a lot easier than the OSCP.

    (more…)