Certification Featured

My Impressions: CREST Registered Threat Intelligence Analyst Certification

I recently passed CREST Registered Threat Intelligence Analyst examination and want to share few thoughts and suggestions on how to approach the preparation as I haven't seen many articles on the topic

Valerii Soloninka

Feb 10, 2025 • 5 min read

TL;DR

CRTIA is a solid certification, and I recommend it for analysts with 2+ years of experience, if you want to have a CTI Cert in the portfolio. It shouldn’t be a major obstacle to overcome (though I passed on my second attempt).
Multiple ways to prepare: You can choose from on-demand courses, self-study with books and YouTube, or an instructor-led course through a certified provider.
Expect FULL COVERAGE of the syllabus—period. Identify your weak areas and ensure they align with the exam syllabus for targeted preparation.
Multiple-Choice Questions are boring, but the Long-Form Written Questions section is fantastic. I really enjoyed putting my thoughts into words. The CREST assessors seem generous in grading Long-Form Written Questions, considering multiple factors—huge shoutout to them!
PearsonVUE experience was smooth—no delays or lags. The worst part? The cheap membrane keyboard (probably a $5 Amazon special), but it is not a big deal, I didn't expect mechanical keyboard with Blue Switches to irritate other people in the room.
Track the time: Time management is super important aspect, don't waste too many valuable minutes for Multiple-Choice Questions, if you are not able to answer in 40-60 seconds, I would recommend you to skip and come back to it later.

What is CREST?

CREST is an international not-for-profit, membership body representing the global cyber security industry.
Since 2006 we have been leading the cyber security community to collectively raise the standards of cyber service providers and professionals, quality assuring the sector and in turn providing confidence to the buying community, government and regulators.
CREST

Basically, CREST is an organization that provides certification standards, something similar to SANS Institute or ISC2, but unlike SANS, which provides trainings along with certification, the main focus of CREST is on certification and accreditation. The company is based in the UK and is deeply integrated with UK cybersecurity regulations; for instance, CREST is an approved accreditation body for the UK Cyber Essentials program. I don't want to spread too much and recommend asking any LLM Model or just simply Googling it.

Touching upon the certifications, they provide a decent variety of certifications not only for specialists of different levels, but also for people in manager positions. The main focus is on three domains: Threat Intelligence, Incident Response, and Penetration Testing. The full list of available certifications is represented below:

Why Did I Pick CRTIA?

Essentially, the choice was made by my company as a business requirement, but I was thinking about taking the exam myself, so I was lucky that my own ambitions matched with my company’s requirements. There are only a few well-known Threat Intelligence certifications: CREST RTIA, SANS GCTI, and EC-Council CTIA, so the choice was quite obvious.

Apart from that, Dubai Electronic Security Center (DESC) signed a partnership agreement with CREST, which was another reason to focus on passing the certification as I currently employed and work in the UAE.

Preparation for the Exam

My Background

I give my background as a cybersecurity professional to have a better understanding of my experience. I have around 1.5 years of being a SOC L1 Analyst, around 1.5 years of being a Cyber Threat Analyst (essentially, a mix of responsibilities between Threat Intelligence, Detection Engineering, and Threat Hunting), and 1.5 years of full Threat Intelligence Domain. I passed CompTIA CySA+ and Cisco CCNA in the past.

Instructor-Led Training

I did an Instructor-Led Training as part of the package. The conversations were super cool with cool people about cool things. Can't say it was a good preparation for the exam, but it definitely was a really nice and pleasant experience talking to experienced professionals about a variety of cybersecurity and threat intelligence topics, so I picked up a few neat tricks.

How I Failed First Attempt

I booked the exam a month after finishing the Instructor-Led Training. I was pretty confident with my knowledge and did a couple of runs through PPTs, but boy, was I wrong... I knew my weak areas were EU/UK CyberSecurity Frameworks, everything related to math, and EU/UK CyberSecurity Regulations. I had an idea to focus on the rest of the questions and don't pay too much attention to the mentioned topics. Unfortunately, the tactic didn't work out well enough to pass the exam. So, I got the results 2 days after and the results were expected: I passed the Written Long-form Questions and miserably failed the Multi-choice Questions.

Important Note: Multi-choice Questions and Long-form Questions are rated separately, and you need to complete both of them successfully in order to pass the examination.

On-Demand Training

As far as I know, there is only one publicly available option for on-demand training - arcX. Their course is pretty much aligned with the CRTIA Syllabus, and probably this is the only source you can use to prepare for the exam. Personally, I used the course to improve my knowledge in weak areas and fast scrolling through other materials.

Self-Learning Option

CREST being nice by providing a list of recommended literature to prepare for the exam, available on the main page of the certification. I didn't really use any specific source to prepare, but I can recommend few sources I enjoyed through out my short career, not just as a part of preparation for the exam, but more as a general recommendations:

Intelligence-Driven Incident Response: Outwitting the Adversary by Scott J. Roberts and Rebekah Brown.
Operationalizing Threat Intelligence: A guide to developing and operationalizing cyber threat intelligence programs by Kyle Wilhoit and Joseph Opacki.
Intelligence: From Secrets to Policy 9th Edition by Mark M. Lowenthal.
Cybersecurity Podcasts I've mentioned in the previous blogpost.

Second Attempt and Pass

I went for the second attempt pretty confidently. I was able to better manage my time. Since I'm not a native speaker, I had 30 minutes more, which was really helpful as I closed the exam window 10 minutes before the end.

I took the exam on the 29th of December, in the middle of Christmas and right before the New Year, so I didn't really expect to get results any time soon. I sent an email on the 6th of February inquiring about the results and got them the same day after 3-4 hours! Huge respect to CREST for a well-oiled bureaucracy machine!

Final Thoughts

Passing the CRTIA was a great learning experience. The Multiple-Choice Questions were tough and boring, but I enjoyed the Long-Form Written Section. Time management was key super important for the exam, and after failing my first attempt, I adjusted my study plan and focused on my weak areas. Overall, CRTIA is a good certification for CTI professionals with some experience, especially in regions where CREST is well-known. If you want to prove your skills, boost your credibility, or meet job requirements, it’s definitely worth it.