Dubai Cyber Force Program

The Dubai Cyber Force program will signpost skilled and competent individuals and companies that can deliver Penetration Testing and Incident Response services to the Dubai government, semi-government, and CII. The program is part of the delivery of the Dubai Cyber Security Strategy (DCSS) with the vision of placing Dubai among the most secure cities electronically in the world.  

There is considerable variability in the services delivered by Penetration Testing and Incident Response service providers globally. Methodologies vary, breadth, depth and quality of assessment vary, and the underlying skills and competencies of the individuals delivering services can differ significantly. Penetration Testing and Incident Response services are highly technical, and the language, findings and recommendations can confuse buyers of services.  

This program sets a high, internationally recognised benchmark for the delivery of cyber services. It uses a program-based approach to deliver increased quality, improved technical skills, and greater consistency across the cyber security sector. It is essential to have confidence that Dubai’s public sector and critical information infrastructure (CII) are well protected. By defining a series of requirements for service providers and the professionals that deliver these services, the Cyber Force program delivers more consistent outcomes for delivering cyber services in Dubai.  

Individuals must be either CREST qualified or hold alternative certifications and work for an accredited CREST member company for Penetration Testing or Incident Response disciplines. For further information, please email [email protected]. 

Organisations must have an existing UAE trade licence (in the mainland or freezone) or work with a local partner who has.

For more information see the Program Requirements document.

To confirm your organisation’s eligibility to do business in Dubai, please contact [email protected]. 

Buyers of Penetration Testing and Incident Response services in Dubai will be able to identify CREST member organisations with Dubai Cyber Force registered individuals via the CREST website as organisations register for the program.  

Your organisation (or a local partner) will need to have an existing UAE trade license (in the mainland or freezone).

To confirm your organisation’s eligibility to do business in Dubai, please contact [email protected].  

Visit the Certifications section of the CREST website for more information about booking a CREST exam. CREST will share details of its ‘CREST Exam Centre’ in Dubai in due course.

For information on becoming a provider of the program, email [email protected].  

Visit the Membership section of our website to discover the benefits of becoming a CREST member company and apply by emailing [email protected].  

Please get in touch with DESC at [email protected] for more information.  

The program is expected to become mandatory from the 31 July 2024. All interested parties are encouraged to register for the program as soon as possible to ensure they meet this timescale.  

A key domain of the DCSS is creating a Cyber Smart Society – achieving awareness, skills, and capabilities to manage cyber security risks for Dubai’s public and private sectors and individuals, including:  

Capacity – Availability of knowledgeable, experienced, and trained personnel specialised in cyber security for public and private sector organisations.  

Capability – Raising the skills of cyber security experts.  

A key guiding principle and domain of the DCSS is National and International collaboration:    

Establishment of international collaboration – setting standards that are internationally recognised and enable Dubai to build a cyber eco-system that aligns with the best globally

Collaboration between organisations forming part of the Critical Information Infrastructure (CII) and establishment of partnerships with public and private sectors – connecting the public sector to the private cyber services sector through collaboration with global standard setters.  

Establishment of cyber security legislation and regulations – the implementation of regulations that drive capacity, capability and consistency aligned with international standards.  

Penetration Testing  

Team Member level : 

CREST Registered Penetration Tester (CRT)  

Team Leader level:  

CREST Certified Infrastructure Tester (CCT INF)  

CREST Certified Web Applications Tester (CCT APP)  

Incident Response (IR) 

Team Member level:  

 CREST Registered Intrusion Analyst (CRIA) 

Team Leader level:   

CREST Certified Network Intrusion Analyst (CCNIA)  

CREST Certified Host Intrusion Analyst (CCHIA)  

CREST Certified Incident Manager (CCIM)  

Not for registration, but if they are conducting an engagement, they must secure a Dubai Police Clearance Certificate. 

No, there is no cost to register for the program.   

However, there are fees applicable to gain a Dubai Police Clearance Certificate, which will be paid directly to the police force at the point of application.

Depending on the discipline, DESC may require specific reporting for certain government agencies. 

Buyers of Penetration Testing and Incident Response services in Dubai will be able to identify CREST member organisations with Dubai Cyber Force registered individuals via the CREST website as organisations register for the program.

The process takes approximately five working days, from submission to notification of the result. 

Yes, renewal is required annually.

These individuals can still register so long as they are appropriately qualified. 

Consult the DESC Cyber Force Program Guidelines document for acceptable alternative qualifications. Coming soon.