Cresco Cybersecurity

Cresco Cybersecurity

Speciality: Penetration Testing and Red Teaming

Luxembourg 19 employees
Visit Website View on LinkedIn
[01] About

Cybersecurity company specializing in penetration testing, ethical hacking, and security assessments; 13 employees with 26.7% YoY growth; founded 2020; based in Brussels, Belgium; offers red team, blue team, phishing, awareness training, and security transformation services.

Cresco is your partner in cybersecurity. With our ethical hacking background, we replicate hacker's methods and conduct in depth assessments to have a realistic vision on the maturity of your security systems in order to set up an adequate security plan to protect your business. At Cresco we believe in long term collaborations. We are working together with leading IT companies, sharing our expertise in cybersecurity to make EU's IT landscape a safer place. We are fully committed to work transparently respecting data and information confidentiality, striving for process excellence and delivering the best possible service to our customers. To arm your company against cyber threats we developed a complete 360° approach that includes 4 recurrent steps: Assess,Protect, Educate & Monitor. 01 ASSESS To assess and evaluate the security of your systems, we simulate cyber-attacks to identify both vulnerabilities, as well as strengths, in order to have a full risk assessment report. 02 Protect Based on our report, we make recommendations, setup a security plan and put in place the necessary counter-measures to protect your business. 03 Educate Most security breaches are due to human error, through our program we want to equip your employees with the knowledge and skills to protect themselves against online crime. 04 Monitor A project has a beginning and end, but cybersecurity is a continuous process, we give ongoing support and emergency response were needed.
[02] Services
Cybersecurity Assessments
Penetration Testing
Red Teaming
Social Engineering
Expert Consultancy
Implementation Of Security Measures
Reporting And Action Plan
Phishing Simulations
IT Training
Awareness Training
Managed EDR
Point Of Expertise
Incident Response
[03] Certifications
CRTP

CRTP Certification Overview


Origin and Background


The Certified Red Team Professional (CRTP) certification was created by Pentester Academy (now part of INE Security), founded by Nikhil Mittal. Launched in the mid-2010s, the CRTP was developed to address the growing need for practical, hands-on training in Active Directory security and Windows domain exploitation. Unlike many theoretical cybersecurity certifications, CRTP was designed to provide security professionals with real-world attack simulation skills, focusing specifically on the techniques used by adversaries to compromise enterprise networks.


Industry Value and Importance


The CRTP is valued in the cybersecurity industry for its practical, lab-based approach to red team operations and Active Directory attacks. Employers recognize it as evidence that a professional can perform actual penetration testing techniques rather than simply understanding theoretical concepts. The certification is particularly respected for its focus on Windows enterprise environments, which remain the backbone of most corporate networks. For offensive security professionals, red teamers, and penetration testers, the CRTP demonstrates hands-on capability in privilege escalation, lateral movement, and domain compromise—skills that are directly applicable to real-world security assessments and are increasingly sought after as organizations prioritize proactive security testing.
CISM

CISM Certification: Origin


The Certified Information Security Manager (CISM) certification was created by ISACA (Information Systems Audit and Control Association) in 2003. ISACA developed CISM to address the growing need for a certification specifically focused on information security management and governance, rather than just technical security skills. The certification was designed to recognize professionals who design, manage, and oversee an enterprise's information security program, filling a gap between technical security certifications and the strategic, managerial aspects of cybersecurity.


Industry Value and Importance


CISM is highly valued in the cybersecurity industry because it demonstrates expertise in security risk management, governance, incident management, and program development from a management perspective. Many organizations, particularly large enterprises and government agencies, specifically seek CISM-certified professionals for leadership roles in information security. The certification is globally recognized and often commands higher salaries compared to non-certified peers. Its focus on aligning security practices with business objectives makes it particularly relevant for professionals aspiring to senior security management positions, including Chief Information Security Officer (CISO) roles.
ISO 27001 Lead Auditor

ISO 27001 Lead Auditor Certification


Origin


The ISO 27001 Lead Auditor certification stems from the ISO/IEC 27001 standard, which was published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, with its roots in the British Standard BS 7799. The certification was created to train professionals to audit information security management systems (ISMS) against the ISO 27001 standard. Various accredited training organizations worldwide offer this certification, following guidelines established by bodies like IRCA (International Register of Certificated Auditors) and other national accreditation organizations.


Industry Value


The ISO 27001 Lead Auditor certification is highly valued because it demonstrates an individual's expertise in conducting comprehensive information security audits and assessing organizational compliance with internationally recognized security standards. Organizations worldwide seek certified lead auditors to perform internal audits, prepare for external certification audits, and ensure their ISMS meets regulatory and customer requirements. The certification is particularly important for consulting firms, audit organizations, and enterprises managing sensitive data, as it provides assurance that security controls are properly implemented and maintained according to global best practices.
GPEN

The GPEN Certification: Origin


The GPEN (GIAC Penetration Tester) certification was created by the Global Information Assurance Certification (GIAC), an organization founded in 1999 as part of the SANS (SysAdmin, Audit, Network, and Security) Institute. GIAC developed the GPEN to validate the technical skills of cybersecurity professionals who perform penetration testing and ethical hacking. The certification was designed to ensure that practitioners possess both the theoretical knowledge and hands-on abilities needed to conduct proper security assessments and identify vulnerabilities in networks and systems.


Industry Value and Importance


The GPEN certification is highly valued in the cybersecurity industry because it demonstrates practical, real-world penetration testing skills rather than just theoretical knowledge. Employers recognize GPEN-certified professionals as capable of conducting thorough security assessments, understanding attack vectors, and properly documenting findings. The certification meets DoD 8570/8140 requirements for certain Information Assurance positions, making it particularly valuable for government contractors and federal positions. Its focus on hands-on methodology and current attack techniques makes GPEN holders sought after for offensive security roles, penetration testing teams, and security consulting positions.
[05] Notable Clients
  • GameStop
  • Basin Holdings
  • Life Sciences Industry (Orthofix)
  • FleetPride
  • Prayas (Energy Group)
  • First Bank Texas
  • Dallas Area Rapid Transit
  • Tactical Institute