back to article CREST: We are investigating NCC Group certification cheat sheet scandal – and not with NCC personnel

British infosec accreditation body CREST has changed some of its exams after cheat sheets containing exam answers and practical walkthroughs were posted on GitHub in a repo that NCC Group confirmed included its own documents. In an email to all CREST members sent on the afternoon of 12 August, the certification body assured …

  1. A Non e-mouse Silver badge

    People are being taught to pass the exams rather than learn the subject?

    I'm shocked.

  2. Anonymous Coward
    Anonymous Coward


    "We understand that a group of CREST assessors is running the investigation and that none of those people work for NCC"

    So there goes any independence....the entire industry knows any company who has a CREST Assessor has the info they need to pass the exam. As they have all done the same thing as NCC, but just not been caught how on earth can it be an independent investigation?

    Independent would mean people who are NOT CREST assessors and never have been…

    1. Anonymous Coward
      Anonymous Coward

      Re: Independent??

      How would an independent person who doesn't know the content of the exams and how they work know what was and wasn't a breach of the exam policy? It's CREST's rules that have been broken - they can investigate that (provided it's not people from the company under investigation).

      1. Anonymous Coward
        Anonymous Coward

        Re: Independent??

        Easy there are loads of independent people who have sat the exams multiple times, who aren’t assessors because they’ve never been invited into the boys club (or not had the right sponsor) any number of them could easily do an assessment as to whether there has been a breach of the exam rules.

        CREST is made up of a number of different “groups” - the executive, the assessors and the subcommittees. Out of them the subcommittees are newest and least tainted of all the groups. They would be a good place to start.

        The assessors are incredibly tainted for a start a lot of them are NCC or ex-NCC.

        There are now over 200 CREST companies with qualified staff, it would be easy to find independent people if CREST wanted to.

      2. Anonymous Coward
        Anonymous Coward

        Re: Independent??

        I concur, they (all assessors) are all in on it. Having been someone that's worked with different assessors in the past. They all know the content of the exams, all have unrestricted access to rigs and answers and would straight away recognise the content that has been released.

        Actually the content is a shortcut, as small questions lead up to those big answers. But one your admin or root the smaller questions become a lot easier due to permission restrictions.

        This is all a corrupt farce.

    2. Anonymous Coward
      Anonymous Coward

      Re: Independent??

      Agreed. An independent investigation should be precisely that. A genuinely independent auditor is needed to avoid any accusations of cover-up and 'old boys network' cronyism.

      I've had my suspicions about this type of cheating for years, so now we know it really goes on. The money we wasted on exam after exam because we weren't in the old boys club doesn't bear thinking about.

      I'm so happy to be out of this game now.

  3. sitta_europea

    I once went to view a flat on the south bank. The guy selling it was a lecturer at a local college which will have to remain nameless.

    We got chatting about his students. He was evidently disenchanted with everything about his job and was leaving it for another career.

    So he didn't mind getting a few things off his chest. One of them was marking exam papers for his students.

    Most of the students were from, shall we say, the Middle East. By and large they were the children of very well-heeled parents, many of them minor royalty.

    This guy had very recently marked some exam papers, and had awarded marks like 25% and 30% because the students were clearly pretty useless.

    His supervisor had cast an eye over his work, and was horrified.

    "You can't do that, this guy is a prince!" and "That girl is the daughter of the ambassador!" and ''Give them no less than 90%."

    Our guy refused.

    They agreed to part ways.

    This was in 1976, but if you think anything has changed since then I urge you to wake up.

    1. Kabukiwookie Silver badge

      Anyone who believes this drivel about 'western' democracies being a 'meritocracy' is either a dupe or is part of the group who wants you to believe it's one (and needs to keep repeating it to themselves constantly).

      Does it help to have skills? Definitely, will you being more skilled than the CEO's offspring bring you further in life than said offspring? No chance in hell.

      Idiocracy in real life. And people are wondering why the planet is such an ffing mess.

  4. Ashto5

    And the link is ?

    Can someone post the link

    You know just for transparency

    1. Anonymous Coward
      Anonymous Coward

      Re: And the link is ?

      This can't be the CISO. This is worse than the original leak.

  5. Anonymous Coward
    Anonymous Coward


    Here is the latest link, from a Reddit article.

  6. gerdesj Silver badge


    I was CREST accredited. I just did the exam and passed.

    So, I am a single data point that shows that the material is already in the public domain and counts as general knowledge.

    I didn't bother renewing. I put it up there with MSCE (int al), VMware thingie and CCNA: nearly worthless. I've done all of those and when they are presented to me as sole evidence for knowledge and experience quietly shuffle the CV down the stack. I am being a little unfair but those are memory tests not experience or even knowledge. My first check for the value of a quali. is to see if anyone is offering "boot camps". If they are it is discounted.

    I studied for three years how to build bridges, dams and roads etc. I am an IT consultant with a qualification that blows most of IT industry qualis out of the water. I learned how to think like an Engineer. (I also know way too much about concrete and some of my DIY jobs are a bit bigger than your average!)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like