E.1.2. Communication–Electronics Security Group CHECK
CHECK is a British accreditation run by GCHQ's Communication–Electronics Security Group (CESG), the information assurance department of the government. Its focus is solely on computer and network penetration testing. I mention it here as you are likely to hear a lot about it if you work for the public sector in the United Kingdom.
In theory, central government departments are required to use CHECK providers for penetration testing work but as CESG has no executive power to demand this, they use who they like. On the other hand, most penetration testing outfits in the United Kingdom now have CHECK status as the hardest part of getting it is paying the fee (which increases out of all reason every year).
To become a CHECK consultant (or CHECK team leader) you have to:
Be employed by a CHECK Provider – There's a list on the CESG website: http://www.cesg.gov.uk/finda/check/index.cfm.
Hold SC level clearance – If you don't have SC clearance, GCHQ will sponsor you.
Pass the CHECK Assault Course – The Assault Course is a practical hacking test. Despite CESG's claims that only elite penetration testers pass (a consistent claim of 50% make the grade), their own curriculum details the very limited testing experience you need to possess: http://www.cesg.gov.uk/productsservices/iacs/check/media/assaultcoursenotes.pdf.
To continue to hold the accreditation, you must take the Assault Course every three years but don't expect it to change much. ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.