Corporate History



Conceived in 2004, ThinkSECURE was founded by established IT-Security professionals in response to a few disturbing trends which they observed being on the rise in the IT-Security industry:


1. Many IT-Security "certifications" focus only on tools which are outdated. Many of the courses available today did not bother to teach any methodology and only sold on the basis of "Attend My Course And Get These Tools" (which were free off the internet anyway). There is no teaching of methodology which could guard against the obsolesence of tools and enable students to learn how to be self-motivated to maintain the skills learnt, rather than relying on the paper qualification to say "I'm Certified!". Such solely-profit-oriented tactics result in the hoodwinking of many people in attending certain courses and experiencing the feeling of being cheated.



2. Many IT-Security "certifications" also have no practical certification examination component. This results in an increase in people being certified who only know how to do "exam-cramming" and who do not know how to practically apply the knowledge learnt.

An example of this type of situation was faced by one of our Founders who was hiring some field engineers at one of his previous organizations. 4 applicants were shortlisted, all claiming to have a popular basic networking certification. When 2 routers were placed in front of them during the job-interview sessions and they were asked to configure them in 30mins for back-to-back operation allowing FTP and no other traffic, 3 of the applicants outright refused, saying they were not confident of configuring the routers. The 4th was unsuccessful although, to his credit, he did at least make an attempt. This kind of situation can be found all over the world, with "brain-dumps" becoming more and more prevalent, letting people get certified on the basis of memory cramming and not practical testing.

An analogy of the situation: to know how to ride a bicycle, you must actually get on the bicycle and ride it. Someone telling you how to ride it will not enable you to ride it. Yet this is exactly what is going on when non-lab-based, non-practical examination techniques are used. You aren't being tested based on getting on the bicycle and actually riding it, only how to describe how to ride it.

This eventually leads to certifications becoming worthless as an indicator of practical application of skill and knowledge as more and more people brain-cram and take the exam until they pass it using memory, not skill. Thus real IT-Security professionals and their employers who paid good money to attend such courses are penalized when employers discover the brain-crammers can't do the job and discount the certification.



3. Many "IT-Security" companies do not know how to conduct a proper security test, often confusing vulnerability assessments (which anyone can do - just go and download nessus and nmap) with penetration testing, which involves much, much more than just running a simple tool.



4. Many "IT-Security" companies or consultancies just don't have a clue what constitutes a proper security implementation. They focus too much on technology, often saying that "brand-x" firewall or "brand-y" security product will solve all your problems. They don't realize that People, Policy and Procedure all need to be considered before deploying a Platform which is just an enabler.



5. Various "IT-Security" companies market their staff as having many certifications but the truth is that only 1 or 2 actually have these certifications and the rest of the technical folks are non-security-trained or have no interest or actual experience in security matters. By extending the certifications of a few to cover the entire technical staff, these companies effectively mislead and take advantage of their customers, many of whom are too trusting by nature.



All this adds up to an increasingly common climate where many certifications are awarded on the basis of head-knowledge only and not practical assessment, which is detrimental to what employers want and need: proving that professionals are able to apply practical knowledge and practical skills to any situation.


Our Founders, as IT-Security Practitioners, decided that only certifications with intense lab-based training during the conducting of the course AND practical lab-based examination to determine whether the student could apply the knowledge learnt, would maintain their value and be a benefit, not a liability to the IT-Security Professional Community.
Practical lab-based examination would also help protect against brain dumps and the subsequent flood of unqualifed yet so-called "certified" people who would bring down the value of the certification to the real Professionals who took and passed the Certification exam.





On the consulting front, some companies label themselves as "vendor-neutral" IT-Security professionals/consultants using the "vendor-neutral" label as a cover to push 3rd-party products which are their main business to the customer.


In this regard, our Founders concluded that the only way any organization would be properly advised about securing their business, using as many cost-effective and non-vendor-related solutions possible, was to establish an independent, service-based entity which would not do any product-distribution/reseller department.


Because there would not be any internal pressure to move any 3rd-party products that were being carried, distributed or resold by the business, this would guarantee that whatever solutions were recommended and/or implemented would be 100% guaranteed to be in the Client's best interests: business-wise, security-wise and operations-wise.


As a result, our Corporate Philosophy is geared towards giving our Clients the best possible solutions and solution-implementations from a completely unbiased perspective and completely customized to their unique situations and requirements.