Enterprise Security
Certification :


Web Application
Auditing & Pentesting
Certification :


Wireless Security
Auditing & Pentesting
Certification :


Wireless Investigation
For Law Enforcement
Certification :


Secure Wireless
Deployment & Monitoring
Certification :


Upskilling Training
Courses :


Preparatory Training
Courses :


Training Class & Certification Exam Schedule

Training Class & Certification Exam-related FAQ

Authorized Training Partners & Training Schedules

Certified Practitioners List

Examination Review Board

Assisting Individual Defence(tm) : Email (AID:E)

Assisting Individual Defence : Email (AID:E)
Employee & Individual Anti-Phishing/Anti-Ransomware Upskilling Training

The bulk of annual total reported security breaches involves attacks against individuals and employees :

Source : Verizon 2022 Data Breach Investigations Report

Of total data breaches, phishing-type attacks form the greatest percentage :

Source : CISCO 2021 Cybersecurity Threat Trends Report

People still continue suffer such attacks DESPITE TECHNICAL DEFENCES (ANTI-SPAM, ANTI-VIRUS, ANTI-PHISHING, ETC) IN PLACE at companies, institutions, schools and other organizations worldwide.

This is proof that reliance on technology alone will NOT protect you !

In fact, most malware continues to be delivered by email directed at people :

Source : Verizon 2021 Data Breach Investigations Report

An attacker only needs ONE PERSON to do a single click, single opening of attachment, etc, and KABOOM - now you've got ransomware...or something much worse!

Plus, office document formats are usually the most widely used weapon of choice for attackers to target your people, with the composition of total malicious email attachments as follows:

        Source : CISCO 2018 Annual Cybersecurity Report

Therefore, attackers view all forms of email-based attacks as the most low-risk and worthwhile type of end-user attack.

And then there is the Great Resignation - cybersecurity practitioners everywhere are getting burnt-out having to deal with daily attacks and organizational demands; a 2022 survey shows 54% OF THEM WANT TO QUIT DOING CYBERSECURITY.
The constant pace of attacks and requirements is only going to place ever-increasing strain on your IT and cybersecurity teams.

All these statistics are guaranteed to get worse with time, regardless of whether you are a large bank or financial services company, a teacher or school, a student, a government entity, a small business owner, family office or high-net-worth individual, etc...

Wouldn't it be helpful for you, your IT team and your company if...

...EVERY employee could...

...use technical-IT-level skills...

...to spot attack emails...

...REGARDLESS of attack sophistication?

With the ASSISTING INDIVIDUAL DEFENCE : EMAIL (AID:E) upskilling training, they can!


It doesn't matter if they are in HR, Finance, Procurement, Sales, Marketing, Legal, Teaching, etc, or if they work for a commercial or an educational or a non-profit organization - every non-technical person CAN BE ABLE TO HELP DEFEND YOUR ORGANIZATION by becoming an effective extension of your cybersecurity and IT team defences !

By enlisting your non-technical people in the fight against phishing, ransomware and other cyberthreats via equipping them with the ability to more easily identify an attack email that makes it past your technical defences, this will lighten the burden that your Cybersecurity and IT teams have in dealing with constant attacks against your organization and mitigate their burnout rate.

Even if you have Outlook plugins that allow your employees to report suspected phishing emails, someone in your IT or cybersecurity team has to spend time or effort processing the report or acting on a third-party service-provider report that is sent to them.
Doesn't this reporting add to their existing already-heavy workload?

A lot of vendor-delivered "security awareness"-level training (i.e. SAT) is focused on cosmetic generic approaches, or are directive in nature (e.g. simply tell you "don't open suspicious emails", "look out for mis-spelt words", etc).

Such approaches fail when faced with a more advanced foe targeting your employees because they don't give employees the proper skills AT A TECHNICAL LEVEL to deal with more sophisticated attackers.

SAT therefore does not impart sufficient technical-level depth to make a substantial difference at the front lines of Cybersecurity.

If it really was effective, why do we still see so much news about successful phishing and ransomware cases?

SAT also often does not factor in the continued inventiveness and creativity of attackers in bypassing automated defences (e.g. using ChatGPT to improve email content appearance) and therefore requires continuous updates and expense instead of a one-time investment per person.

And 'gamification' and 'fun' approaches used by some training doesn't always mean people will properly learn the actual technical skills needed to be of REAL help to your IT and Cybersecurity teams.

You just need to answer a simple question :

After going through all the prior end-user training and SAT programmes, do ALL your non-technical end-users now have ACTIONABLE TECHNICAL-LEVEL SKILLS that allows them to identify that an email is malicious REGARDLESS OF ATTACK SOPHISTICATION and WITHOUT NEEDING TO ESCALATE TO YOUR I.T. TEAM ?

The deliverable should be : "Did the training make a real technical-level difference in increasing your security posture", and not how 'cheap', 'fun' or 'gaming' it was.

As opposed to SAT programmes, our very-targeted and cost-effective UPSKILLING TRAINING converts actual TECHNICAL-LEVEL cybersecurity skills into easy-to-apply everyday practical steps that ANYONE can apply to validate whether any email that makes it past your technical anti-spam/anti-phish defences and arrives inside their mailbox is legitimate or not, regardless of how sophisticated and authentic the email appears.

The upskilling training session is instructor-led, not a video-only, which is more beneficial for non-technical people because it is more interactive and engaging.

Using our proprietary methodology, real-instructor delivery and online web-tool, we will teach your email-users how to easily spot different types of creative approaches that attackers take when sending spear-phishing and other social-engineering-attack emails to targets' mailboxes, REGARDLESS OF THE SOPHISTICATION OF THE ATTACK.

The instructor-led training session allows attendees to put what is taught into practice through a practical real-time exercise segment that uses actual real-world attack email examples instead of "simulated" test email examples.

After going through AID:E™, ALL your non-technical end-users can become a technical-level extension of your Cybersecurity / IT-team and the last line of real defence against phishing and ransomware-laden emails that make it past your outer automated defences!

And why focus specifically and exclusively on email?

As per the charts under the WHY DO I NEED ANTI-PHISHING / ANTI-RANSOMWARE TRAINING section, email is the single largest delivery mechanism for targeting an organization through its end-users. So it makes sense to go after the biggest threat first.

  • Enables your NON-TECHNICAL end-users to be self-defending on EVERY email inside their mailbox REGARDLESS of attack sophistication;

  • Lightens your IT / Cybersecurity team workload by reducing the number of Outlook pushbutton "report phishing email" reports they receive;

  • Helps free up your IT / Cybersecurity team to focus on more value-added tasks;

  • ONE-TIME training per attendee only because AID:E™ technical upskilling is permanent once acquired!
    Unlike SAT-type training, there is no need for repeated subscription for new SAT training every year caused by rise of more sophisticated well-written email attack types;

  • Comes with optional complimentary access to post-training AID:E™ online web tool to help maintain newly-acquired technical defensive skill (requires separate individual registration with THINKSECURE® PTE LTD);

  • Family offices and high-net-worth individuals - AID:E™ assists you in avoiding disruption and damage to your investing, treasury-related transactions and high-value activities due to phishing, ransomware and other incidents arising from end-user email interaction;

  • Hospitals & Healthcare - AID:E™ helps to reduce the probability of phishing, ransomware and other incidents arising from end-user email interaction from disrupting the operation of your critical healthcare systems;

  • Schools & Education - AID:E™ helps to reduce the probability of phishing, ransomware and other incidents arising from end-user email interaction from disrupting your students' learning that is reliant on computers and school support systems;

  • Law Firms - AID:E™ helps to reduce the probability of phishing, ransomware and other incidents arising from end-user email interaction from disrupting your computer systems that you use to perform client work and communicate with clients;

  • Insurance & Banks - AID:E™ helps to reduce the probability of phishing, ransomware and other incidents arising from end-user email interaction from disrupting your access to critical customer records and accounts;

  • Reduce chances of third-party liability and public-relations nightmares stemming from data breaches by lowering employees' vulnerability to ransomware and other malware delivered via emails;

  • Assist you during cybersecurity insurance renewal rate negotiations by providing a basis for showing that you are working actively to reduce your organization's cybersecurity risk and thus are a "good" customer for insuring;

  • Removes the excuse that "I didn't know it was a malicious email" or "I am not trained to spot fake emails";
    Now the only remaining reason the end-user can give is "I can't be bothered to check" and this makes any Consequences Policy you have so much easier to enforce;

  • ...and can even be applied to your own personal / home email if you work, study or conduct business from home !

  • HR department employees

  • Finance department employees

  • Procurement department employees

  • Marketing department employees

  • Sales department employees

  • Senior, mid and supervisory management

  • Family offices

  • High-net-worth individuals

  • School teachers

  • School students

  • Doctors

  • Nurses

  • Lawyers

  • Administrative staff


An organization with a global customer footprint engaged us to conduct an unannounced spear-phishing security-test against a list of its non-IT employee targets in October 2022 in order to assess the organization's security posture following standard end-user security-awareness training and before undergoing the ASSISTING INDIVIDUAL DEFENCE : EMAIL (AID:E) upskilling training.

The bite-rate (or "click" percentage) for this pre-AID:E™ baseline test was 66.67 %.

Four days after this initial baseline test, an AID:E™ anti-phishing & anti-ransomware upskilling training session was conducted for the employee targets.

A second spear-phishing test was commissioned by the same customer to be run four days after the AID:E™ training.

Result : after the AID:E™ session, the bite-rate dropped to 0 % ...and, in a total role reversal, there were even non-technical employees who alerted the organization's IT team by sending screenshots of the raw email headers to describe the attack attempt to the IT team, one example of which is shown below :

Collectively, this demonstrates internalization and application of the technical-level skills imparted by our upskilling training.

A 100 % drop in the bite-rate following our training proves that it is entirely feasible for non-technical users in HR, Finance, Procurement, Marketing, etc, to acquire and apply technical-level cybersecurity skills to help defend an organization !

( Note : the spear-phishing tests were separately commissioned by the customer to measure the efficiency of AID:E™ and is not part of an AID:E™ session/pricing. )

Usually 2.5 up to a maximum of 3 hours, subject to the degree of attendee interaction during the practical exercise segment.

Ideally, paid sessions are intended to be run on-site with an in-person instructor at your organization's premises for maximum effect. However, so long as attendees can access their organization and/or personal email inboxes during the session using their laptop computers, the session can be run on-site at any physical location subject to minimum session size and venue space constraints.

Contact us today for pricing and availability in your country.

Please kindly email from your organization's email address and provide your company/school/institution/agency name as this training is intended for organizations with non-technical employees, e.g. businesses, government-related entities, educational institutions, medical facilities, etc.

Enquiries received from Gmail and other free email address providers are unlikely to get a reply.

Copyright © 2005-2023 THINKSECURE® PTE LTD ("ThinkSECURE"). All Rights Reserved. Any reproduction, storage or transmission of any of the contents of this website, without the express and written consent of ThinkSECURE Pte Ltd is strictly prohibited. Use of this site is subject to our Terms & Conditions. The "THINKSECURE" brand name is a registered trademark of THINKSECURE PTE LTD in Singapore and a trademark of THINKSECURE PTE LTD in certain other countries. The ThinkSECURE device is a trademark of THINKSECURE PTE LTD in Singapore and certain other countries.

This Website Is Designed To Be Viewed At 1024x768 Resolution and 24-bit color using Arial, Stencil Std & Lucida Console fonts.