Vintrip Labs

About

Applied research, deployed in practice

Vintrip Labs sits between security research and security operations. We do original work — and we deploy it in client engagements rather than publish it in a journal.

How we work

Vintrip Labs was founded in 2020 in Singapore by Jian Wei Lim, after a decade running red team operations at a regional financial-services institution. The founding observation was simple: the gap between what security research understands about human risk and what the awareness-training industry actually delivers is enormous.

Most awareness vendors treat the workforce as an attack surface to be remediated. We treat it as a population to be understood. The difference is not rhetorical: it changes the curriculum, the simulation programme, the metrics, and ultimately the outcomes.

We are a small team by deliberate choice. Fifteen people across our Singapore office and remote contributors in Sydney, Kuala Lumpur, London, and Lisbon. Every engagement is led by a named senior consultant who is responsible for the work from scope to closure.

We are independent. Vintrip Labs is privately held, with no outside investment beyond the founders. We have no commercial relationships with simulation-platform vendors, no product-resale arrangements, and no incentive to recommend tooling over outcomes.

Our work is occasionally published in industry venues — the SANS reading room, conference talks at FIRST and AISA, peer-reviewed contributions to the MITRE ATT&CK documentation. Where we publish, we credit the client engagements that informed the work under NDA arrangements.

Our values

Outcomes over artefacts

We measure success by whether the programme changed behaviour, not by whether the deliverable looks nice in a portal.

Honest scoping

We say no to engagements we cannot do well, and we are explicit about effort, timeline, and assumptions before any contract is signed.

Senior by default

Engagements are led by senior practitioners. There is no offshore second-tier delivery; the people you meet at scoping are the people who do the work.

Evidence-driven

Our claims about programme effectiveness are anchored in published behavioural research, not vendor case studies.

Company history

  • 2020. Founded in Singapore by Jian Wei Lim. Initial focus on phishing-simulation programmes for ASEAN financial-services clients.
  • 2021. First multi-year framework engagement signed with an ASEAN retail bank. Research practice established with Dr Priya Sundaram joining as Head of Research.
  • 2022. First healthcare engagement; published research on clinical-context awareness in collaboration with three regional hospital networks. Team grew to ten.
  • 2023. Expanded into Australia and UK with remote senior consultants in Sydney and London. First red-teaming engagement under the new adversary-simulation practice.
  • 2024. Reached fifteen people across five cities. Quarterly resilience-reporting product reached 180 organisations served cumulatively.
  • 2026. Established the open behavioural-analytics initiative; first independent publication of cohort-level resilience metrics across our active client population.

Where we operate

Headquartered in Singapore, with remote senior consultants in Sydney, Kuala Lumpur, London, and Lisbon. Engagements span ASEAN, Australia, and the United Kingdom. We travel where the work requires it.

Press & recognition

For media and analyst enquiries, see our press page or contact hello@vintriplabs.com directly. We are listed in industry directories including the Cyber Security Agency of Singapore (CSA) cybersecurity services provider directory.