Cyber Security Certifications (CISSP, CREST/CHECK)
Advanced cyber security credentials: CISSP for security leadership, CREST/CHECK for UK penetration testing.
ISC2 / CREST
What it is
This entry covers the advanced cyber security certifications that carry weight with UK employers, beyond the entry-level CompTIA Security+ covered elsewhere. Two matter most. CISSP (Certified Information Systems Security Professional), run by ISC2, is the gold standard for senior, management-level security roles. CREST certifications, backed by the UK's NCSC, are the ones penetration testers need to work on serious UK contracts.
Who it suits
This suits people already working in IT or security who want to specialise and climb. It is not a beginner's first step. If you want to test systems for weaknesses (penetration testing), aim at the CREST ladder. If you want to lead security teams or advise on risk, aim at CISSP. Both assume you already have solid technical grounding and fluent English.
How you qualify
- CISSP: pass a demanding exam covering eight security domains. You then need 5 years of relevant work experience. If you do not have it yet, you become an Associate of ISC2 and have up to six years to earn it.
- CREST: start with CPSA (Practitioner Security Analyst, a multiple-choice exam), then take CRT (Registered Penetration Tester), which includes a practical hands-on assessment.
- CHECK: to do government penetration testing, you work for a CHECK-approved company, hold the right CREST certificate, and pass security vetting.
Cost and how long it takes
The CISSP exam is about £607, plus a yearly maintenance fee of roughly £105 (or about £40 while you are an Associate). Good training can add over £1,000. CREST CPSA is £275 and CRT is £600, both before VAT, and Certified-level exams run to £1,600 per part. Realistically, reaching a first professional credential with training takes one to three years and can cost well over £2,000 in total.
The English you need
Be honest with yourself here. Cyber security demands strong, fluent English, level 4 or above. The exams are dense, you must write clear reports for clients, and CHECK vetting and interviews are conducted in English. If your English is still developing, this is not a realistic near-term goal. Build your English and general IT skills first, then return to it.
The honest reality
Here is the key warning. Many training providers heavily market CEH (Certified Ethical Hacker) as the route into penetration testing. In the UK, employers and government value CREST and NCSC CHECK far more than CEH. CEH alone rarely opens doors to UK pentest contracts. Do not spend thousands on a certificate that will not get you hired here. Research which certificate the jobs you want actually ask for, and target that.
What you can earn
Cyber security pays well once you are established. Penetration testers in the UK typically start around £30k–40k and experienced testers reach £55k+. CISSP holders often earn £65k and above, with London and finance paying more. These are estimates from UK job boards, not guarantees, and you reach them only after real experience.
Your next step
Pick your track based on the job you want. For pentesting, look at the CREST CPSA syllabus and honestly assess your technical skills. For a leadership path, study the CISSP domains and check whether your experience counts. Above all, verify what your target employers ask for before spending money, and confirm current fees on the ISC2 and CREST official sites.
Related certifications
CompTIA (A+ / Network+ / Security+)
Vendor-neutral, self-study IT certs. A+ is the classic helpdesk entry.
- Time
- A few months
- Cost
- £600–1000
- English
- Conversational
Cloud Certifications (AWS / Azure)
High demand, remote-friendly, and the most non-native-friendly IT entry.
- Time
- A few months
- Cost
- £80–400
- English
- Conversational
Cisco CCNA
The standard entry certification for networking careers.
- Time
- A few months
- Cost
- £230–300
- English
- Conversational
BCS, The Chartered Institute for IT
The UK's professional body for IT: foundation certificates plus chartered status (CITP, RITTech).
- Time
- 3 weeks – 2 years
- Cost
- £200–900
- English
- Conversational
Which UK career suits you?
Find my path