Conceived in 2004, ThinkSECURE was founded in Jan 2005 by established IT-Security professionals in response to a few disturbing trends which they felt was on the rise in the worldwide IT-Security industry at the time :
1. A number of technical-level IT-Security courses focused only on tools which were outdated, did not teach any cohesive methodology and only sold on the basis of "Attend My Course And Get These Tools" (most of which were free off the internet anyway). There was no teaching of methodology which could guard against the obsolesence of tools and enable students to learn how to be self-motivated to maintain the skills learnt.
2. Many technical-level IT-Security courses also had no practical certification examination component. This resulted in an increase in people being certified who only knew how to do "exam-cramming" and who did not know how to practically apply the knowledge learnt.
An example of this type of situation was faced by one of our Founders who was hiring some field engineers during a previous appointment. 4 applicants were shortlisted, all claiming to have a particular certification. When 2 network devices were placed in front of them during the job-interview sessions and they were asked to configure them in 30mins for back-to-back operation allowing FTP and no other traffic, 3 of the applicants outright refused, saying they were not confident of configuring the devices. The 4th was unsuccessful although, to his credit, he did at least make an attempt. At the time, this kind of situation could be found in many places in the world with "brain-dumps" becoming more prevalent, thus enabling people to get certified on the basis of memory cramming alone and not practical testing.
An analogy of the situation: to know how to ride a bicycle, you must actually get on the bicycle and ride it. Someone telling you how to ride it will not enable you to ride it. Yet this was exactly what was going on when lab-based, practical examination techniques were not used. People weren't being tested based on getting on the bicycle and actually riding it, only how to describe how to ride it.
This eventually would have led to many certifications becoming devalued as an indicator of practical application of skill and knowledge as more and more people brain-crammed and took exams until they passed using memory, not skill. Thus, real IT-Security professionals and their employers who paid good money to get certified were penalized when employers discovered the brain-crammers couldn't do the job and started discounting various certifications.
3. Some IT-Security service providers did not know how to conduct a proper technical in-depth security test, often confusing vulnerability assessments (which anyone can do - just go and download nessus and nmap) with penetration testing, which involves much, much more than just running a simple tool.
4. Some IT-Security service providers just didn't have a clue what constituted a proper security implementation. They focused too much on technology, often saying that "brand-x" or "brand-y" security product would solve all your problems. They didn't realize that People, Policy and Procedure all needed to be considered before deploying a Platform which is just an enabler.
5. Some IT-Security service providers marketed their staff as having various certifications but the truth was that only a few actually had these certifications and the rest of the technical folks were either in non-IT-security-related roles or had little actual experience in IT-security matters. By extending the certifications of a few members of a project team to cover the entire project team, some offenders took advantage of the trust extended by their customers.
All this added up to a situation where many certifications were being awarded on the basis of head-knowledge only and not practical assessment, which was detrimental to what employers wanted and needed: proving that professionals were able to apply practical knowledge and practical skills to any situation.
Our Founders, as IT-Security Practitioners, decided that only certifications with intense lab-based training during the conducting of the course AND practical lab-based examination to determine whether the student could apply the knowledge learnt, would maintain their value and be a benefit, not a liability to the IT-Security Professional Community.
Practical lab-based examinations would also help protect against brain dumps which would bring down the value of certifications and hurt those experienced technical professionals who took and passed certification exams.
On the services side, it was also observed that some parties had positioned themselves as "vendor-neutral" but used the "vendor-neutral" label as a cover to push specific products which they carried.
In this respect, our Founders concluded that the only way the company's clients would be independently advised about securing their business using as many cost-effective and non-vendor-specific solutions as possible was to establish an independent, service-based entity which would not do any 3rd-party product-distribution/reselling. They reasoned that this would ensure that there would be no pressure for the company to push someone elses' product whether it fit in with the client's best interests or not.
As a result, our Corporate Philosophy is geared towards giving our Clients the best possible IT-security certification/training and penetration-testing/incident-response solutions from an unbiased perspective and customized to their unique situations and requirements.
This Website Is Designed To Be Viewed At 1024x768 Resolution and 24-bit color using Arial, Stencil Std & Lucida Console fonts.
Copyright © 2004-2016 THINKSECURE® PTE LTD ("ThinkSECURE"). All Rights Reserved. Any reproduction, storage or transmission of any of the contents of this website, without the express and written consent of ThinkSECURE Pte Ltd is strictly prohibited. Use of this site is subject to our Terms & Conditions. The "THINKSECURE" brand name is a registered trademark of THINKSECURE PTE LTD in Singapore and a trademark of THINKSECURE PTE LTD in certain other countries. The ThinkSECURE device is a trademark of THINKSECURE PTE LTD in Singapore and certain other countries.