Re: Having to sign an NDA
Having taken CREST exams in the past, I can confirm that they don't check for your knowledge, instead its an exam on how quickly you can solve the CTF for 50 marks each. Never ever it has happened in my history of CTL work, a client has asked me to "break out of a locked environment" in 20 mins or they wont pay my day rate. Never at all.
Cheating / keeping cheat sheets is the result of this CTF exercise. If only they had tested the knowledge and understanding of the concepts owned by the consultant, there was no need to have these kind of short cuts. But CREST wanted to control the Infosec market in the UK. CTL work is not even worth the efforts that go into preparing for these exams.
CREST should first investigate themselves after all the bad publicity it has gained from this. Work into modifying the way they are testing the candidates. Will that happen? Of course not. They are already preparing new challenges which means new wave of cheat sheets in next couple of years.