Building on seven years of CREST accreditation, Synack deepens its commitment to independently verified security talent by adding two new CREST certifications to the SRT Pathways program
REDWOOD CITY, Calif., June 04, 2026 (GLOBE NEWSWIRE) -- Synack, the AI + human penetration testing platform, is expanding its longstanding partnership with the Council of Registered Ethical Security Testers (CREST), an international not-for-profit organization that sets the standard for technical security testing. The expansion adds two new CREST certifications to the Synack Red Team (SRT) Pathways program, giving CREST-certified security researchers a direct route to join the SRT and giving enterprise customers additional assurance that the researchers behind their engagements hold independently verified credentials.
Synack has been a CREST Accredited Member Company for Penetration Testing since 2019, a designation that requires annual renewals and triennial full audits of the company's methodology, data security handling, and technical operations. This expansion deepens that relationship by extending CREST's independent standard to the individual researcher layer.
Now, the SRT Pathways program recognizes two additional CREST certifications:
- CREST Certified Tester Infrastructure (CCT INF) - mapping to host and infrastructure assessments
- CREST Certified Tester Application (CCT APP) - mapping to web application testing
They join the CREST Registered Penetration Tester (CRT), which has been recognized in SRT Pathways since the program launched. Researchers who hold any of these credentials receive expedited onboarding consideration and a reliable path for greater earning potential.
The SRT is one of the most selective communities in offensive security. Fewer than 10% of applicants are accepted, with each researcher passing background checks, technical assessments, skills validation, and an ongoing performance review before touching a customer environment. CREST certifications sit alongside that as a second, independent benchmark, one that is increasingly meaningful for organizations operating under frameworks like DORA, NIS2, and TIBER-EU, where vendor credentialing is becoming part of procurement diligence. As a multinational company with customers and researchers spanning the globe, Synack recognizes that CREST carries particular weight in EMEA markets, where enterprise security teams and organizations in highly regulated industries treat it as a baseline expectation rather than a differentiator.
"A pentest is only as strong as the researchers running it," said Ryan Rutan, Sr. Director of Community at Synack. "Expanding the CREST certifications recognized on SRT Pathways adds a third-party stamp to the rigor our customers already count on from the Synack Red Team. And for CREST-certified researchers, it creates a clear, structured path to put those credentials to work on real engagements."
"CREST has genuinely helped me out in my career, especially when working in the MEA and EU markets where it's basically expected," said SRT member Nikhil K. "It makes it easier for recruiters to shortlist the right people since CREST is widely recognised and trusted. It's considered a gold standard in pentesting, so having it adds credibility and makes it easier to get through initial screening and land better opportunities."
"Our partnership with Synack gives CREST-Certified penetration testers a direct path into one of the most selective research communities in the world," said Michael Keen, Senior Product Manager - Workforce Development at CREST. "That's good for researchers building careers in offensive security, it's good for maintaining high standards to advance testing methodologies, and it's good for the organisations that rely on independently credentialed talent to protect their most critical environments."
CREST-certified researchers interested in joining the SRT can learn more and apply at synack.com/red-team/pathways. Enterprise customers looking to understand what CREST accreditation means for their engagements can visit synack.com.
About CREST
CREST is a global not-for-profit organisation dedicated to raising standards and building trust in the cybersecurity profession. Established in 2006, CREST works with its international community of Member companies and practitioners to promote excellence, integrity and professional development across the cyber ecosystem. Through robust standards, accreditation frameworks and skills pathways, CREST helps organisations buy cybersecurity services with confidence and supports practitioners in developing trusted, globally-recognised careers.
Working closely with governments, regulators and industry stakeholders, CREST plays an active role in shaping policy, strengthening market confidence and supporting the growth of a resilient, professional cybersecurity sector worldwide. For more information, visit www.crest-approved.org
About Synack
Synack delivers continuous pentesting through its Human + AI platform for continuous security validation. Sara AI Pentesting, powered by the Synack Autonomous Red Agent, combines agentic AI with the Synack Red Team-the world's most rigorously vetted community of security researchers-to help organizations proactively reduce risk, stay compliant, and stay ahead of evolving cyber threats. Sara handles reconnaissance, attack surface mapping, and initial exploit validation at scale, while human experts validate real-world exploitability and provide the creativity and judgement automation cannot replicate. Founded by former NSA operatives, Synack has enabled nearly 10 million hours of security testing to protect critical assets, from global financial systems to U.S. Defense Department networks. Synack was recognized by both G2 and GigaOm as a Leader in Penetration Testing and PTaaS. Synack also received Global InfoSec Awards for Market Leader in AI-Powered Cybersecurity and Trailblazer in PTaaS. Learn more at synack.com.
Media Contact
Katy Nally
Senior Content Marketing Manager
cnally@synack.com
