Buying & Building Cyber Services icon
Back
Accreditation Pathway & Membership icon
Back
Skills, Certifications & Careers icon
Back
News, Events & Research icon
Back
About Us icon
Back
Login to profile
Join Today Find a Supplier

Dubai Cyber Force Program

Home  »  Dubai Cyber Force Program

CyberForce Logo

DESC Cyber Force is a framework designed to recognise organisations and skilled individuals who are competent in delivering cybersecurity services in Dubai. This program specifically assures the provision of Penetration Testing and Incident Response services to Dubai’s government, semi-government bodies, and critical information infrastructure sectors. 

CREST is the certifying body for Penetration Testing and Incident Response, assessing organisations and individuals according to the framework through company accreditation and validation of individual certification. 

Requirements

To participate in the Cyber Force program, organisations must meet the following criteria: 

  • Valid UAE Trade Licence: All organisations must hold a current UAE trade licence.
  • CREST Accreditation: Organisations should either already possess the appropriate CREST Accreditation or acquire it through the application process. 
  • Qualified Consultants: Organisations must employ skilled and capable individual consultants who meet the program’s standards. 

For complete details on the program and additional requirements, please refer to the program guidelines.

What certifications are acceptable

Individuals seeking to participate in the Cyber Force as part of the company application must possess one of the following certifications, which determine their role within the Cyber Force as either a Team Member or a Team Leader. 

Penetration Testing

Team Member Certifications Team Leader Level Certifications
CREST Registered Tester (CRT) CREST Certified Tester Infrastructure (CCT INF)
OffSec Certified Professional (OSCP) CREST Certified Tester Applications (CCT APP)
EC-Council Certified Security Analyst (ECSA) OffSec Experienced Penetration Tester (OSEP)
EC-Council Licensed Penetration Tester (LPT) OffSec Web Expert (OSWE)
GIAC Penetration Tester (GPEN)
GIAC Web Application Penetration Tester (GWAPT)

Incident Response

Team Member Certifications Team Leader Level Certifications
CREST Certified Registered Intrusion Analyst (CRIA) CREST Certified Incident Manager (CC-IM)
GIAC Cloud Forensics Responder (GCFR) CREST Certified Network Intrusion Analyst (CC-NIA)
GIAC Certified Forensic Analyst (GCFA) CREST Certified Host Intrusion Analyst (CC-HIA)
CREST Certified Threat Intelligence Manager (CC-TIM)
GIAC Reverse Engineering Malware (GREM)

How to register

DESC Cyber Force is committed to enhancing cybersecurity measures within Dubai by accrediting capable organisations and certifying proficient individuals. If you represent an organisation that meets these standards, we encourage you to begin the registration process today by contacting: [email protected] 

For organisations interested in becoming a CREST member company   

Visit the Membership section of our website to discover the benefits of becoming a CREST member and apply by emailing [email protected].    

For Dubai Government agencies interested in understanding more about the program, contact DESC at [email protected]. 

For more information, please see the FAQs below.   

Dubai Cyber Force Program FAQs

What is the Dubai Cyber Force program?

The Dubai Cyber Force program will signpost skilled and competent individuals and companies that can deliver Penetration Testing and Incident Response services to the Dubai government, semi-government, and CII. The program is part of the delivery of the Dubai Cyber Security Strategy (DCSS) with the vision of placing Dubai among the most secure cities electronically in the world. 

Why is the Dubai Cyber Force program required?

There is considerable variability in the services delivered by Penetration Testing and Incident Response service providers globally. Methodologies vary, breadth, depth and quality of assessment vary, and the underlying skills and competencies of the individuals delivering services can differ significantly. Penetration Testing and Incident Response services are highly technical, and the language, findings and recommendations can confuse buyers of services. 


This program sets a high, internationally recognised benchmark for the delivery of cyber services. It uses a program-based approach to deliver increased quality, improved technical skills, and greater consistency across the cyber security sector. It is essential to have confidence that Dubai’s public sector and critical information infrastructure (CII) are well protected. By defining a series of requirements for service providers and the professionals that deliver these services, the Cyber Force program delivers more consistent outcomes for delivering cyber services in Dubai.  

How will I know if a cyber service provider is a part of the program?

Buyers of services under the Cyber Force Certification Program in Dubai (e.g. Penetration Testing and Incident Response) can visit the CREST Register online to view the companies that have been registered for the program.    

 

Visit this link: Registered Companies   

 

Or via the DESC listing: Certifications – DESC 

How do I find out more information about CREST exams and make a booking? 

Visit the Certifications section of the CREST website for more information about booking a CREST exam. CREST will share details of its ‘CREST Exam Centre’ in Dubai in due course.

I represent a CREST member company; how do I find out more information about this program? 

For information on becoming a provider of the program, email [email protected] 

I am interested in becoming a CREST member company, how do I find out more information about joining? 

Visit the Membership section of our website to discover the benefits of becoming a CREST member company and apply by emailing [email protected] 

I represent a Dubai government agency, semi-government, or CII; how do I find out more information? 

Please get in touch with DESC at [email protected] for more information. 

Will the program become mandatory? 

The program is expected to become mandatory from the 31 July 2024. All interested parties are encouraged to register for the program as soon as possible to ensure they meet this timescale. 

How does this program fit with Dubai's Cyber Security Strategy (DCSS)? 

A key domain of the DCSS is creating a Cyber Smart Society – achieving awareness, skills, and capabilities to manage cyber security risks for Dubai’s public and private sectors and individuals, including: 


Capacity – Availability of knowledgeable, experienced, and trained personnel specialised in cyber security for public and private sector organisations. 


Capability – Raising the skills of cyber security experts. 


A key guiding principle and domain of the DCSS is National and International collaboration:  

Establishment of international collaboration – setting standards that are internationally recognised and enable Dubai to build a cyber eco-system that aligns with the best globally


Collaboration between organisations forming part of the Critical Information Infrastructure (CII) and establishment of partnerships with public and private sectors – connecting the public sector to the private cyber services sector through collaboration with global standard setters. 

 

Establishment of cyber security legislation and regulations – the implementation of regulations that drive capacity, capability and consistency aligned with international standards. 

Do individuals need UAE security clearance to register for the program? 

Individuals must present a valid Dubai Police security clearance when applying for recognition as part of your team.

 

To access Dubai Police security clearance portal, use the following link: Police Clearance Certificate (dubaipolice.gov.ae)

What is the cost to register?

No costs are associated with applying to be certified under the DESC Cyber Force Program. However, the applicant will bear any costs to achieve the required individual certifications outlined in the Appendices and Company Accreditations. 

Are there any specific reporting requirements for a program member? 

Depending on the discipline, DESC may require specific reporting for certain government agencies.

How long does the registration process take? 

For existing CREST members the process takes approximately five working days, from submission to notification of the result.

 

For those needing to Accredit their organisation, the timeline is dependent on how quickly they can provide the required evidence and complete the membership process.

Does the registration expire/have to be renewed?

Yes, renewal is required annually.