GB Management Team

CREST (GB)  is managed by an Executive of nine senior industrialists, two of whom represent the CREST assessors.  At an operational level, responsibility is divided into the following areas: Governance, standards and operations, marketing and communications, finance and HR & remuneration.  CREST holds a Register of Interests for the Executive which is reviewed at each quarterly meeting in order to maintain the integrity of the group. The CREST (GB) Articles of Association, which are supported by binding Bye-Laws, outline the criteria, process and activities of the CREST (GB) Executive and are sent to member companies’ primary points of contact in advance of every General Meeting each year.

The CREST (GB) Executive meet for six formal meetings a year plus, traditionally, two strategy days and other occasional meetings of the Executive group.   The Director of CREST (GB) is currently Ian Glover.  A second Director will be appointed shortly and jointly they primarily hold fiduciary responsibilities.

All positions on the Executive are for a period of three years and at that point the incumbents compulsorily retire and are eligible for re-election for a further three year term.  No member of the Executive who has been elected by the membership at an AGM holds office as a member of the Executive for more than six consecutive years; at that point they must stand down for a period of one year.

General Meetings are traditionally held in May each year.  If a member company would like to get involved and has opted for GB or EMEA membership, they should respond to the call for nominations, subject to the criteria set out in the Bye-Laws.

Rotation of CREST (GB) Executive members

To ensure that the CREST Executive maintains a healthy representation of the current information security industry, a proportion of the Executive, which may include the Directors, is refreshed every year. To achieve this, an election is held at the Annual General Meeting from amongst the CREST Member Company Representatives to fill these vacancies on the Executive.

The following criteria applies to retirement by rotation:
•   Members of the Executive who have been in office for three years or more either since their appointment or since their last re-appointment retire from office but are eligible to stand for re-election;
•   Any Directors or members of the Executive who have been appointed since the last annual general meeting under the provisions of specific clauses within CREST Articles of Association retire from office and are eligible to stand for election;
•   Any members of the Executive appointed since the last annual general meeting to fill a casual vacancy on the Executive shall retire and be eligible to stand for election if they wish to.

A vacancy on the Executive arising from a resignation is allocated to the first unelected candidate (the first reserve) from the election held at the Annual General Meeting last occurring and Members of the Executive appointed in this way serve for the same term as the individual that they are replacing.

As a permanent member of the CREST staff, Ian Glover’s position on the Executive does not rotate.

Assessor Representatives on the Executive
A similar process applies Assessors’ Representatives who represent the Assessors on the CREST Executive.  Two Assessor Representatives are selected from amongst the Assessors in place at the time of the election and their appointment is for a period of three years at which point they can either resign their position as an Assessor Representative on the Executive or put themselves forward to the Assessors’ group for re-election in that capacity.  The two Assessor Representatives share a single vote at meetings of the CREST Executive.


GB Management Team


Chairman of CREST (GB) Executive
Rob Dartnall, CEO and Director of Intelligence, Security Alliance LtdRob Dartnall
Rob is the CEO and Director of Intelligence for Security Alliance Ltd, a leading Cyber Threat Intelligence company.  From a Military Intelligence background, Rob transitioned his Intelligence tradecraft into the cyber domain where he is an advocate of ‘Intelligence Preparation of the Cyber Environment’.  Robs primary work has been designing Intelligence-led resiliency programs, developing intelligence capability, creating intelligence sharing frameworks and initiatives and providing Intelligence led consulting engagements.  Rob holds the CREST Certified Threat Intelligence Manager qualification, is a CREST TI Assessor and sits of the CTIPs Sub-Committee.

Rob was formally elected as Chair of the GB Executive on 3 March 2021.
Contact:  [email protected]

Stuart Criddle, Cyber Director, PwC
HeadShot_BlankStuart is one of the two Assessors’ representatives on the CREST Executive and leads on the technical delivery aspects of CREST examinations. Stuart is Director, UK Ethical Hacking at PwC and is responsible for leading CLAS consultancy projects such as RMADS production and also has a key role in leading many PCI QSA assignments. He works as part of the main consultancy and testing team on both infrastructure and application assignments and has a long history of working with central government and police clients.
Contact: [email protected]

Stuart Morgan, Principal Consultant, F-Secure Cyber Security Ltd (Assessors’ Representative)Stuart-Morgan-225x300
Stuart has been an Assessor for CREST for a number of years and was elected by his peers to the Executive in June 2017. His aim is to ensure that CREST exams remain the best in the world.
Contact: [email protected]

Ian Lovering, Technical Lead, DXC Technology (Assessors’ Representative)
HeadShot_Blank Ian has 20 years experience in the IT industry latterly as technical lead for DXC managing CHECK, STAR and GBEST penetration testing and long-term vulnerability scanning implementations.  He has also been responsible for secure architecture reviews and secure code reviews covering multiple industries including finance, public sector, telecoms, and oil and gas.  Ian has been a CREST Assessor since 2015 and is currently running the CREST exam development group creating the new Next Generation exams for CREST.
Contact:  [email protected]


Oliver Church, Director, Orpheus Cyber LtdHeadShot_Blank
Oliver is CEO of Orpheus, a specialist Cyber Threat Intelligence company. He is responsible for Cyber Threat Intelligence on the CREST Executive and is a passionate believer in the importance of intelligence-led security. Oliver has previously established successful cyber security teams and capabilities at major global organisations and has a wide range of risk management and security experience, developed working for a diverse range of large and small organisations over the last 17 years. An expert in cyber risk management and cyber resilience testing, Oliver has been involved in developing intelligence-led cyber resilience frameworks, working with Regulators to do so, and has extensive experience leading cyber threat intelligence teams to conduct the testing itself. Oliver’s cyber security expertise is built on a foundation as a qualified lawyer, which enables him to add the legal perspective to the management of cyber risks. Oliver is a CREST Certified Cyber Threat Intelligence Manager (CCTIM), an Assessor of the TI examinations and a Solicitor of the Supreme Court of England and Wales.
Contact:  [email protected]

HeadShot_BlankSimon Clow, Associate Director, Context Information Security Ltd
Simon is responsible for the technical delivery of complex assurance engagements to Regulators and a variety of public and private sector clients. He has designed various testing methodologies used by the company and was involved in the development of the CBEST framework. He is a Fellow of CREST and a CREST Assessor and is keen to ensure CREST delivers best of breed examinations and that its industry-wide reputation is maintained and enhanced globally.
Contact:  [email protected]

Rodrigo Marcos Alvarez, Chief Executive Officer, SECFORCE Ltdrodrigo-marcos
Rod is the CEO of SECFORCE Ltd, a leading penetration testing and red teaming consultancy.  Rod also contributes to the security community by leading an OWASP chapter, mainly driven by the goal of increasing security awareness and providing an opportunity for individuals to acquire technical offensive security skills.

With 20 years of experience in offensive security, Rod has a strong technical background.  Even though he still enjoys getting involved in the technical aspect of security and getting his hands dirty in “low level” stuff, Rod’s professional goals are around creating a rewarding and inspiring work environment, helping solve customer challenges and make this world a safer place – One IP address at a time.
Contact:  [email protected]

Brian McGlone, European Leader – Cyber Security Testing, IBM UKBrian McGlone_IBM
Brian has a wealth of experience in the Security Assessment and Audit fields, he has worked in America, Africa, and a variety of countries across Europe; his work includes security assessments for all sectors. His current role covers business development of all forms of security testing, managing security testing programs, delivery of security testing, coaching/management, mentoring, and being a thought leader as part of the X-Force Red global team management team. Brian is keen to help CREST and the industry move further forward in its objectives to make it successful for all. Whether this is people starting security careers or companies looking to ensure they are aware of their security and vulnerability profiles, through using the services provided by CREST member companies.
Contact:  [email protected]

Gemma Moore, Director, Cyberis LtdGemma Moore_small
Gemma has worked in technical assurance since 2004 and holds CREST qualifications in infrastructure, applications and simulated attack and is also a Fellow of CREST. Her experience encompasses team management and leadership, sales, business and financial performance management, and bespoke technical training. The commercial success and growth of the whole industry is important to her and she is keen to support the objectives of CREST for the good of the industry as a whole.
Contact:  [email protected] 

Boglarka Ronto, Director of Operations, Commissum Associates LtdBoglarka Ronto
Boglarka is Director of Operations at Commissum (Eurofins Cyber Security UK), with a background in penetration testing and UNIX systems administration. In her role she relays a lifelong passion for the security industry, supporting a variety of businesses, both large and small on their journey to a more mature security posture. Boglarka works with young people to help them find a fulfilling career in one of the many areas of cyber security, focusing on challenges associated with niche requirements such as testing mainframes.
Contact:  [email protected]


Paul Midian, Chief Information Security Officer, EasyJet (Chair of CREST Senior Advisory Panel)HeadShot_Blank
Paul is an accomplished information and cyber security practitioner with over 20 years ‘experience; he is Chief Information Security Officer at EasyJet.  Previously, Paul was CISO at Dixons Carphone and a director in the Cyber Security practice at PwC leading large scale information and cyber security improvement and transformation programmes. Prior to his role at PwC, Paul was a director at Information Risk Management Plc . During his tenure revenue increased by over 75% and the company won the Secure Computing ‘Information Security Consultancy of the Year 2013′ award. Prior to working at IRM he was Head of Security Testing at Siemens Enterprise Communications (formerly Insight Consulting).Paul is a member of the BCS and of ISACA. He has been involved in the CREST organisation since its inception.
Contact: [email protected]

CREST Permanent Staff

RJohnson_2021_VsmallRowland Johnson, President
Rowland is focused on driving initiatives to deliver increased engagement across the 250+ CREST members and all CREST qualified individual globally. He is responsible for working internationally with governments, regulators and other key industry stakeholders to build stronger technical cyber security ecosystem.

A former member of the CREST GB Executive, serving between 2014 and 2020, he has been a dedicated supporter of the organisation for many years. He was instrumental in CREST’s international growth, playing an integral role in the creation of CREST chapters in Singapore, USA and Hong Kong.

Rowland was a founding director of cyber security company Nettitude and oversaw its acquisition by Lloyd’s Register in 2018. Following the acquisition, he worked with the leadership team as a strategic advisor focussing on global growth.

Rowland has worked closely with international governments and regulators to bring about increased levels of capability in the Penetration Testing, Threat Intelligence, Incident Response and Security Operations Centre markets.  He is able to talk about these from a government and strategy perspective as well as sharing real-world examples from what is seen in the field. Rowland presents at many international events and is a passionate infosec leader that is actively trying to professionalise the cyber security industry.
Contact:  [email protected]

Ian Glover, Director
Ian has worked in the IT industry for the last 40 years and has been working in information security for the last 36 years. As President of CREST he took CREST to a position of influence in the technical security industry and has been instrumental in many major industry initiatives. These included the  Bank of England and Government project to develop the STAR, STAR-FS and CBEST Schemes that are designed to provide higher levels of assurance for the UK financial services and other parts of the critical national infrastructure. He also helped to develop and implement the UK Government CIR (Cyber Incident Response) and CREST Cyber Security Incident Response (CSIR) schemes. Internationally he also worked with governments and regulators to support CREST members globally.

Prior to representing CREST, Ian was one of the founders of Insight Consulting, a leading specialist information security consultancy. The business was purchased by Siemens. He then sat on the Board of Siemens Communications. Prior to establishing Insight Consulting has worked for the MoD, Treasury (CCTA) and Ernst and Young.
Contact: [email protected]

Elaine Luck, Operations ManagerEAL-2018-h+s
Elaine has worked at Board level in industry for over 40 years, predominantly for the leading trade association in the defence and public security sectors but latterly in the facilities environment. Her roles have included company secretary, business and operations management, membership management, event organisation and personnel management. Within CREST she is responsible to the Executive and Regional Advisory Boards for all aspects of day to day operations and for all legal, compliance and governance matters.
Contact: [email protected]

Adriana Costa-McFadden, Manager Academic & Professional Developmentadriana photo v2
Prior to joining CREST, Adriana was a Software Engineer at Nortel Networks. Within CREST, she is responsible for membership renewals, examination equivalencies, administration of the Approved Training Provider scheme, Academic Partners and overall support to members.
Contact: [email protected]

Sally Fitzmaurice, Examination Co-Ordination Manager
Sally has extensive, high-level experience in administration and a strong background in customer engagement and time management. Within CREST she is responsible for managing all aspects of the examination booking process.
Contact: [email protected]


Samantha Alexander, Principal AccreditorSam Alexander
Sam is an experienced auditor in Information Security, Business Continuity and Quality. She has particular experience of ISO27001 and information security having been consultant helping clients with the implementation and operation of new management systems effectively into their business. Supporting clients to maintain their certifications to relevant standards, as well as carrying out reviews, updates and restructuring of management systems for a wide range of sectors. Within CREST she supports the company membership accreditation function, carrying out reviews on company applications and all supporting documentation.
Contact: [email protected]

Jonathan Armstrong, Associate AccreditorJonathan Armstrong
Jonathan is an experienced relationship manager having worked for over a decade in the banking industry. He has experience of quality assurance and internal auditing. Within CREST Jonathan supports the accreditation team and assists with company audits and membership enquiries. Jonathan read Criminology at university and has a keen interest in cyber security.
Contact:  [email protected]

alan-thomson_smallAlan Thomson, Communications Manager
Alan is a very experienced senior communications specialist with extensive experience in publishing, communications and public relations.  His career has spanned journalism, publishing and PR consultancy culminating in running his own publishing business including publishing a national professional membership journal for further education teachers and training.  In CREST he is responsible for internal and external communications strategy and for co-ordinating and writing a variety of internal and external communication mediums. He also has responsibility for the overall management of CREST events.
Contact:  [email protected]

Stephen Child, IT Systems ManagerS-Child
Stephen is a very experienced IT professional with over 10 years experience working in IT infrastructure. He has supreme technical knowledge of software such as Azure, V-Centre and Windows. He is also CISSP, CCNA and CCNP qualified. Within CREST he has responsibility for all aspects of examination infrastructure maintenance as well as back office development, maintenance and support.
Contact: [email protected]

Tyrone Taylor2Tyrone Taylor, IT Systems Administrator
Tyrone has extensive experience in IT gained over 30 years and is committed to providing support to clients and colleagues. Within CREST he is responsible for managing the back office systems, supporting the technical delivery of examinations and helping with project work.
Contact:  [email protected]