SpecterOps
Speciality: Identity and Active Directory Penetration Testing
Cybersecurity company specializing in adversary tradecraft, identity attack path management, and penetration testing; 196 employees with 87.5% YoY growth; founded 2017; headquartered in Alexandria, Virginia, USA; $108.5M in funding; known for BloodHound and active attack path management services.
CREST Cybersecurity Certification
Origin
CREST (Council of Registered Ethical Security Testers) was established in 2006 in the United Kingdom by a group of cybersecurity professionals and industry representatives. It was created to address the growing need for standardized, recognized qualifications in penetration testing and cybersecurity services. The organization emerged from concerns about the quality and professionalism of security testing services, aiming to provide a framework that would certify both individual practitioners and the companies that employ them.
Industry Value
CREST certifications are highly valued in the cybersecurity industry because they demonstrate a practitioner's technical competence and adherence to professional ethical standards. Many government agencies, financial institutions, and large corporations specifically require CREST-certified professionals when procuring penetration testing or security assessment services. The certification provides assurance to employers and clients that certified individuals have been independently verified to possess the necessary skills and knowledge, and that they follow established codes of conduct. This makes CREST credentials particularly important for cybersecurity professionals working in regulated industries or seeking to work with organizations that have stringent security requirements.
SOC 2 Type II Certification
Origin
SOC 2 (Service Organization Control 2) was developed by the American Institute of Certified Public Accountants (AICPA) in 2011 as part of their Service Organization Control reporting framework. It was created to address the growing need for standardized security and privacy assurance as more organizations began storing data in the cloud and relying on third-party service providers. The certification was designed to evaluate how well service organizations manage customer data based on five "Trust Services Criteria": security, availability, processing integrity, confidentiality, and privacy. Type II specifically requires organizations to demonstrate these controls over a minimum period of time (typically 3-12 months), rather than just at a single point in time.
Industry Value
SOC 2 Type II certification is highly valued because it provides independent verification that a company has implemented and maintained robust security controls over an extended period. For service providers, achieving this certification demonstrates credibility and commitment to data protection, often becoming a competitive differentiator and a prerequisite for winning enterprise clients. Many organizations, particularly in healthcare, finance, and technology sectors, require their vendors to be SOC 2 Type II compliant before sharing sensitive data or establishing business relationships. The certification gives customers confidence that their service providers have been audited by qualified third parties and meet industry-recognized standards for protecting information assets.
- Microsoft
- Cisco
- Woodside Energy
- HEMA
- Info-Tech Research Group
- Acabes Jordan