Phishing simulation programme
Multi-vector simulation across email, SMS, voice, and quick-response codes — modelled on the threats your sector actually faces.
Cybersecurity research lab
Measure and reduce human risk — for real.
We help security teams move from compliance-tick training to measurable behaviour change. Adversary-aligned simulations, scenario-based learning, and quarterly resilience reporting that boards actually read.
180+Organisations served
14Languages supported
97%Client retention 2024
2.4MSimulated phish delivered
What we do
What we work on
Four programme areas, each backed by an internal research practice. Engagements draw from all four, scoped to your specific risk picture.
Awareness curriculum design
Role-relevant micro-learning curriculum, natively produced in 14 languages, designed around behavioural-change principles rather than knowledge transfer.
Resilience measurement & reporting
Quarterly executive reporting on phishing-click rate, reporting rate, and behavioural improvement against an industry-benchmarked baseline.
Adversary-aligned red teaming
Goal-oriented adversary simulation aligned with MITRE ATT&CK and your existing detection coverage. Threat-led, intelligence-led, scoped to actual business risk.
“Vintrip's quarterly reporting was the first time our board engaged seriously with phishing-resilience data. It moved the conversation from compliance evidence to actual risk management.”
— Group CISO, ASEAN financial services group
Selected work
Retail banking, 18,000 employees
Building a phishing-resilience programme at an ASEAN retail bank
Designed and ran a multi-year phishing-resilience programme that moved click-rate from 24% to 6% and reporting-rate from 3% to 41% over eight quarters.
Power utility, ~3,000 employees
Coordinated tabletop exercise for a regional utility crisis team
Designed and facilitated a three-day coordinated tabletop covering corporate compromise, OT-adjacent disruption, and external communications under regulatory time-pressure.
Life sciences, R&D-led, ~1,200 staff
Awareness programme for a life-sciences research environment
Designed a research-environment-specific awareness programme covering grant-fraud lures, supply-chain compromise scenarios, and lab-notebook integrity threats.
From the Field notes
2026-04-02
Click-rate is a vanity metric — measure reporting instead
Why click-through on phishing simulations is the weakest signal you can track, and what to measure instead.
2026-03-10
Adversary-in-the-middle phishing — what changed in 2025
Token-stealing phishing kits are now commodity. What that means for your detection layer and how training has to adapt.
2026-02-18
Quishing as the new default vector
QR-code phishing has moved from edge case to dominant initial vector in many engagements. The implications run beyond email security.
Working with Vintrip Labs
We work with organisations who want awareness programmes that change behaviour, not just produce evidence. If that sounds like the conversation you want to have, write to us.