The passion of young hackers and a series of "first" marks

20 years ago, more than 20 young hackers with a passion for cyber security came together to form a research group to implement the Vietnam Information Security Network project, under the Center for Science, Technology and Young Talent Development - Central Committee of the Ho Chi Minh Communist Youth Union.

Among them are some quite famous names, respected by hackers such as: Phung Anh Tuan, Do Ngoc Duy Trac, Truong Duc Luong... The rest are third-year students or higher at universities.

Hackers created the Vietnam Information Security Network in 2003.

Aiming at professional information security services, a research center and service provider according to US standards was quickly formed under the auspices of the Central Youth Union.

“At that time, the Central Youth Union lent us the 3rd and 4th floors of building 7 Dao Duy Anh as our “headquarters”, with a foreign-sponsored lab. Information security-related knowledge was systematized, based on the framework of the SANS training system - a prestigious US private organization in the world in information security training. Everyone had a roadmap to proactively study from a foreign perspective,” Mr. Truong Duc Luong, Chairman of Vietnam Cyber ​​Security Joint Stock Company (VSEC) recalled the early days.

Mr. Truong Duc Luong, Chairman of Vietnam Cyber ​​Security Joint Stock Company (VSEC).

It is the passion, enthusiasm, and dedication to finding new lands that motivated the research team to make some "first" marks in Vietnam in the first year of establishment: Providing the first information security training service in Vietnam, self-developed training materials based on the reference of SANS training system; Providing the first information security assessment service in Vietnam with the first customers being the Ministry of Public Security and the Departments of Information and Communications.

The following year, the research team made another “first” mark: Deploying the first Information Security Warning Center in Vietnam.

“At that time, according to our observations, there was no unit in Vietnam specializing in information security training. Therefore, VSEC's training program resonated in the community. A series of courses starting in Hanoi, expanding to Ho Chi Minh City, attracted many students from the Ministry of Public Security, the Ministry of National Defense, other state agencies and localities... Technology-specialized forums all rated the training quality as very good,” said Mr. Luong.

“In addition to training activities, we also provide security assessment services (pentest audit). There was market demand, but the cost for this activity of organizations and businesses was not much. At that time, we worked almost only because of passion. As a research group under the Central Youth Union, sponsored by state agencies, even training personnel at local information and communication departments was of a supportive nature. Therefore, there were not many sources of investment funds for sustainable development in the future. The idea of ​​establishing a business began to take shape,” the Chairman of VSEC explained about the birth of the company.

The journey has many quiet moments and bottlenecks.

VSEC Company was officially established in 2009. Its main business activity is pentest audit, supporting organizations/enterprises not only to assess the level of information security but also to detect dangerous security holes in the system, helping the IT team to improve defense capabilities and minimize damage.

VSEC plays the role of a doctor who examines information systems, then gives warnings and prescribes medicine for them to buy themselves.

“VSEC plays the role of a doctor who examines information systems, then gives warnings and prescribes medicine for them to buy themselves. The first big customer is a Vietnamese telecommunications corporation. We checked a very large system of theirs, looked for vulnerabilities, and successfully exploited them for them to see. Impressed with the results, they signed a contract for VSEC to deploy pentest audit services within 6 months. The contract value is about 10,000 USD,” Mr. Luong said.

However, VSEC's development journey had a break point of about 5 years. When most of the company's leaders were doing many jobs at the same time, their focus on VSEC gradually decreased, and they only considered it as a part-time job.

In 2014, the Government discussed the development of the Law on Information Security. This means that many information security issues that were previously only recommendations, which can be done or not done, will become mandatory regulations that must be followed.

Forecasting the "upward" potential of the information security service market, Mr. Luong stopped working at other companies, focused on VSEC, established a group of 7 experts to delve into technology, focusing on two main areas: Pentest audit; Reverse engineering of malware information, ready to meet the increasing needs of the community after the Law on Information Security comes into effect.

VSEC gathers a team of "warriors" who possess many research projects that can impact many technological systems in Vietnam. Typically, research to find very serious errors that can change the content of modems used in households; or very serious errors in banks that can change the content of money transfers...

However, a “bottleneck” appeared and existed for about 2 years: Not enough human resources to both provide services and develop products for sale in the market. The human resources, despite having qualities, specialized skills, and being recognized by the expert community, still cannot develop more strongly when resources are dispersed.

The Covid-19 pandemic made VSEC leaders feel the need for change. And then they decided to restructure, rebuild the team, and focus on the only service they do best. VSEC's development graph continued to go up.

In 2019, VSEC was continuously mentioned by the social community when a series of products were honored at major awards: USEC DataSafe super-secure USB device and Vadar information security monitoring software solution won Sao Khue Award; SafeSAI comprehensive website monitoring solution received National winner CBC Competition Award...

In 2020, VSEC launched the Information Security Monitoring and Operation Center (SOC) model, and then quickly received a license to confirm connection and share information with the National Cyber ​​Security Monitoring Center (NCSC). The quality of SOC services provided by VSEC is rated in the Top 3 best enterprises in Vietnam today.

VSEC's information security training and drill services ensure compliance with the regulations of the Department of Information Security - Ministry of Information and Communications.

“Providing high-quality security services that meet the needs of organizations and businesses, regardless of deployment requirements, scale or complexity of the IT infrastructure system, monitoring capacity or management capability, we have now served more than 1,000 customers including businesses and government organizations. VSEC's information security training and drill services ensure compliance with the regulations of the Department of Information Security - Ministry of Information and Communications, and are the number one choice of ministries, departments, branches, banks and large enterprises in Vietnam. VSEC has also become a member of many domestic and foreign associations and organizations such as: VNCert National Incident Response Network; Vietnam Information Security Association, FS-ISAC, Blackpanda, RAPID, Affinitas Global, CoreSecurity, RecorderdFuture…”, the Chairman of VSEC proudly said.

Confidently go out into the world with international class

Operating according to international standards since its inception, VSEC has built a team of qualified personnel with 100% of experts holding international certificates, with extensive experience in detecting CVEs (common vulnerabilities and weaknesses), researching 0-day vulnerabilities (unknown and unpatched software or hardware vulnerabilities) with a CVSS score (common vulnerability scoring system) of up to 9.1. Information security assessments from experts are comprehensively implemented from the environment, technology to people to ensure that no security vulnerabilities are missed.

From the original mission: "Providing world-class services to the Vietnamese market", VSEC confidently moves towards a new mission: "Vietnamese people completely master the world's information security technologies, always ready to support and actively contribute to the common development in the field of information security of society".

The name VSEC became known to the world when it entered the Top 6 Finalists of the Start Jerusalem Startup Competition in 2016 organized by the Ministry of Foreign Affairs and the Jerusalem Development Authority - Israel.

Five years later, VSEC became the first managed information security service provider (MSSP) in Vietnam to be certified with CREST for both Penetration Testing and SOC services, demonstrating the ability of Vietnamese enterprises to meet the most stringent requirements not only in Vietnam but also globally. The CREST standard of a British organization is the most trusted standard in the industry for MSSP companies.

In the same year 2021, VSEC was the first MSSP in Vietnam to join the FS-ISAC Consortium - the only global cyber intelligence sharing community focused solely on financial services.

Most recently, in 2023, VSEC became the only unit in Vietnam in the Top 250 MSSPs according to MSSP Alert's ranking.

Positioning VSEC as not only an international-class MSSP in Vietnam, Chairman Truong Duc Luong and his associates are planning a long-term plan to “reach out to the ocean”. International standards such as CREST have helped Vietnamese businesses to communicate more easily with international partners, expanding their “network of branches” in foreign markets.

VSEC experts are the only Vietnamese representatives attending the CRESTCon Australia Conference in September 2023.

Last September, VSEC experts were the only Vietnamese representatives to attend the CRESTCon Australia Conference, further affirming the capacity and efforts of a Vietnamese technology enterprise reaching out to the world.

“Since the end of last year, we have been preparing for the VSEC brand to be present abroad according to the roadmap of 3-5 years. There have been a number of foreign companies proposing investment or M&A for VSEC to grow better. Currently, we have 4 partners in the international market, and are continuing to connect with a number of other foreign partners. Following the motto of “minimum cost creates maximum results”, we are making efforts to find partners and customers, creating a basic and sustainable stepping stone for the next steps”, the Chairman of VSEC revealed the future direction.

The total international market that VSEC wants to access is estimated to be worth about 1.6 billion USD. VSEC leaders really hope that more Vietnamese companies will join hands on the “Go Global” journey to be able to capture the market faster.

“Only by committing will we achieve results. And today's results - not only Vietnamese enterprises but also foreign enterprises have come to VSEC - are the "sweet fruit" of our relentless commitment over the past 20 years. We have never doubted this journey. The global technology "wave" has never stopped moving. If only VSEC had committed to the journey "to the big sea", we would only be a very small dot. If there was the commitment of a group of Vietnamese security enterprises, many small dots would create a red node affirming Vietnam's position in the world's cyber security market, which is always open", Chairman Truong Duc Luong confided.

Vietnamnet.vn