IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Flux result d03b55e1 6c54 4f0b 9894 0ce4412e1d60
#
Data Protection
#
Network Security
#
Application Security

White Rook Cyber wins CREST accreditation for testing

Fri, 24th Apr 2026 (Today)
Author image
By Shannon Williams, News Editor

White Rook Cyber has received CREST accreditation for penetration testing, placing the Australian cybersecurity firm among a small group of domestic providers to hold the international standard.

The credential is issued by CREST, a not-for-profit body that assesses cybersecurity service providers. Its review covers testing methods, quality assurance, data handling controls, and the qualifications and conduct of individual testers.

For White Rook Cyber, the accreditation strengthens its position in sectors where third-party verification is often required for procurement and risk management. The company works with defence organisations, government agencies, critical infrastructure operators, and financial institutions.

The development comes as cybersecurity spending and scrutiny rise across Australia's defence and public sector supply chains. The federal government's National Defence Strategy outlined spending of AUD $15-21 billion on cyber capabilities and AUD $27-38 billion across cyber and space, increasing focus on the providers used by defence and related contractors.

In that environment, accreditations such as CREST have become more relevant for companies operating under formal security frameworks, including the Defence Industry Security Program, the Information Security Manual, the Essential Eight, and ISO 27001-aligned controls.

Accreditation Standard

CREST accreditation is used in several markets, including Australia, the UK, and parts of Asia-Pacific, as an external benchmark for penetration testing providers. It is intended to assure clients that a supplier has met defined requirements for governance, service delivery, and technical practice.

The accreditation applies to White Rook Cyber's penetration testing services. Its broader work includes red teaming, adversary simulation, security assessments, and security operations centre services.

William Ulyate, National Cyber Security Director at White Rook Cyber, said the accreditation was significant for both the firm and its clients.

"This accreditation is an important milestone for our team and for the clients who entrust us with some of the most sensitive testing in the country. It provides our defence, government and industry partners with the confidence that our capabilities have been measured against the same international standard used by leading security firms around the world," Ulyate said.

The Australian-based company focuses on organisations operating in highly regulated or sensitive environments. These include defence primes, utilities, energy providers, and financial services groups, where supplier due diligence is often tied to formal compliance checks and contractual requirements.

Defence Focus

Demand for specialist testing services has risen as more organisations seek to assess the security of networks, applications, and connected systems. In defence and critical infrastructure, that demand is also linked to a broader push to improve resilience across supply chains and externally managed services.

Australian firms have sought to position themselves as local providers for customers that prefer sensitive work to be handled domestically. That preference has been reinforced by broader policy support for sovereign industrial and technology capacity in defence and adjacent sectors.

CREST Chief Executive Officer Nick Benson said White Rook Cyber had met the body's entry requirements for members in the region.

"We are pleased to welcome White Rook Cyber as a CREST-accredited Member company in the Australasia Region. Gaining accreditation for its penetration testing services demonstrates the high standards we look for in our member organisations and their services, helping build a strong global cyber community that supports a safer digital world for all," Benson said.

White Rook Cyber described the accreditation as independent assurance that testing work is conducted using quality-assured methods and that data encountered during engagements is managed under strict controls. It said the standard also indicates that testers hold recognised qualifications and follow a code of conduct.

That matters for buyers of cybersecurity services, especially procurement teams that must document supplier selection and monitor risks after contracts are awarded. In some cases, accredited status can help narrow shortlists for work involving sensitive systems or regulated data.

White Rook Cyber said recent growth had been driven by demand for offensive security services from defence, critical infrastructure, and financial services clients. It did not disclose revenue or customer numbers.

Alex Niazov, General Manager at White Rook Cyber, said the firm viewed the accreditation as a benchmark rather than an endpoint.

"Accreditation is not the finish line - it's a benchmark that reflects where we stand and a commitment to keep raising the bar. We will continue to invest in our people, our research, and our testing capabilities to ensure our clients stay ahead of the adversaries they face," Niazov said.

Related stories
Coach Logic wins Australia & Ireland contracts for SAM
Queensland study finds ideological bias in AI moderation
Getac launches rugged G140 Copilot+ tablet in Australia
Granicus names seven digital government award winners
DTEX warns Telegram & WhatsApp AI agents risk exfiltration

Top stories

OpenAI rolls out GPT-5.5 with coding & research gains
EDB pitches intelligence per watt for AI data layer
GapMaps appoints Peter Holmes as Chief Executive Officer
Komodor to host AI SRE summit on ops & reliability
ClickHouse deepens Google Cloud tie-up with four updates