Corporate History



Conceived in 2004, ThinkSECURE was founded by established IT-Security professionals in response to a few disturbing trends which they observed being on the rise in the IT-Security industry:


1. Many IT-Security "certifications" focus only on tools which are outdated. Many of the courses available today did not bother to teach any methodology and only sold on the basis of "Attend My Course And Get These Tools" (which were free off the internet anyway). There is no teaching of methodology which could guard against the obsolesence of tools and enable students to learn how to be self-motivated to maintain the skills learnt, rather than relying on the paper qualification to say "I'm Certified!". Such solely-profit-oriented tactics result in the hoodwinking of many people in attending certain courses and experiencing the feeling of being cheated.



2. Many IT-Security "certifications" also have no practical certification examination component. This resulted in an increase in people being certified who only know how to do "exam-cramming" and who do not know how to practically apply the knowledge learnt.

A good case in point was a situation faced by one of our Founders who was hiring some field engineers at his previous organization. 4 applicants were shortlisted, all claiming to have a popular basic networking certification from a router vendor. When 2 routers were placed in front of them and they were asked to configure them in 30mins for back-to-back operation allowing FTP and no other traffic, 3 of the applicants refused, saying they were not confident of configuring the routers. The 4th was unsuccessful although, to his credit, he did at least make an attempt.

This kind of situation is repeated all over the world, with "brain-dumps" becoming more and more prevalent, letting people get certified on the basis of memory cramming and not practical testing. An analogy of this situation: To know how to ride a bicycle, you must actually get on the bicycle and ride it. Someone telling you how to ride it will not enable you to ride it.

Yet for many so-called "certification" courses today which use non-lab-based examination techniques, this is exactly what is going on. You aren't being tested based on getting on the bicycle and riding it.

This eventually leads to the certification becoming worthless as more and more people brain-cram and take the exam until they pass it using memory, not skill, thus penalizing any real Security Professionals and their employers who paid good money to attend such courses when employers discover the brain-crammers can't do the job and discount the certification.



3. Many "Security Consultants" are, in reality, actually product vendors or distributors. Though they publicly market themselves as security service professionals or consultants, or set up supposedly vendor-neutral "training departments", they are more interested in selling products, not solutions that are suited to the customer's needs, and gouging customers with ridiculously high prices and using these "training departments" as a cover to push products.



4. Many "IT-Security" companies do not know how to conduct a proper security test, often confusing vulnerability assessments (which anyone can do - just go and download nessus and nmap) with penetration testing, which involves much, much more than just running a simple tool.



5. Many "IT-Security" companies market their staff as having many certifications but the truth is that only 1 or 2 actually have these certifications and the rest of the technical folks are non-security-trained or have no interest or actual experience in security matters. By extending the certifications of a few to cover the entire technical staff, these companies effectively mislead and take advantage of their customers, many of whom are too trusting by nature.



6. Many "IT-Security" companies or consultancies just don't have a clue what constitutes a proper security implementation. They focus too much on technology, often saying that "brand-x" firewall or "brand-y" security product will solve all your problems. They don't realize that People, Policy and Procedure need to be looked at before deploying a Platform which is just an enabler.





All this adds up to an increasingly common climate where many certifications are awarded on the basis of head-knowledge and not practical assessment and run by companies that are focused on reaping profits at the expense of the student and the money paid by or for the student to attend the course.


Our Founders, as IT-Security Practitioners, decided that only certifications with intense lab-based training during the conducting of the course AND practical lab-based examination to determine whether the student could apply the knowledge learnt, would maintain their value and be a benefit, not a liability to the IT-Security Professional Community.
Practical lab-based examination would also help protect against brain dumps and the subsequent flood of unqualifed yet so-called "certified" people who would bring down the value of the certification to the real Professionals who took and passed the Certification exam.


On the consulting front, some companies disguise themselves as "IT-Security professionals" or "IT-Security consultancies" in order to push products that they carry as part of their main business to the customer, even if the products might not fit the customer's needs, as well as misrepresenting their organizational business focus and staff expertise.


In this regard, our Founders concluded that the only way any organization would be properly advised about securing their business and the various cost-effective, non-vendor-related solutions possible, was to establish an independent, service-based entity which would not do any product-distribution nor have any kind of product-reseller department.


Because there would not be any internal pressure to move any products that were being carried, distributed or resold by the business, this would guarantee the impartiality of the consultancy service and would ensure that whatever solutions were recommended and/or implemented would be 100% guaranteed to be in the Client's best interests: business-wise, security-wise and operations-wise.


As a result, our Corporate Philosophy is geared towards giving our Clients the best possible solutions and solution-implementations from a completely unbiased perspective and completely customized to their unique situations and requirements.