Security News > 2021 > June > CREST president Ian Glover to retire after 13 years – but where's the transparency, bossman?

Sources whispered of Glover's departure to The Register ahead of a mass mailout today to members of the organisation, which oversees some industry-recognised penetration testing exams and certifications in the UK. "My retirement is something I have been planning for some time and, while I leave with a heavy heart, I am confident CREST will continue to move forward in the hands of an excellent team," said the man himself in a canned statement emailed round CREST member organisations, following his 13 years at the helm.

A major CREST backer, pentesting firm NCC Group, had been creating cheat-sheets and walkthroughs for CREST certification exams.

Numerous ex-NCC sources told The Register of an internal culture where exam candidates were shown marked copies of past papers, in apparent breach of CREST's non-disclosure agreement.

Unlike school exams where past papers are freely circulated, CREST was supposed to rigidly control all of its exam materials to prevent their public disclosure at any stage.

"Rob Dartnall, chairman of CREST, said in a congratulatory statement today:"On behalf of the CREST Executive I would like to thank Ian for everything he has done for CREST members and the cyber security industry.

While the creation of CREST and the setting-up of its certification schemes were a big move towards professionalisation and standardisation for the UK infosec industry, Glover's stewardship of CREST through the fallout of the exam scandal has prompted grassroots infosec folk to express anger at what some of them see as the body's lack of public candour as well as perceived conflicts of interest with NCC Group.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/18/crest_president_ian_glover_retires/