RS2 drives a 150% boost in learning and meets critical compliance needs

RS2 is a leading provider of global omni and multi-channel payment solutions, offering technologies for issuers and acquirers, all within a single payment platform. 

To ensure solutions are developed and maintained with sufficient security embedded at all levels, RS2 implements a stringent information security program. This ensures that every application created is put through a rigorous software development lifecycle in order to comply with industry standards.  

The security team at RS2 is led by Conrad Laus. Conrad was looking for training to keep his team's technical knowledge as current as possible and to help satisfy compliance requirements such as PCI DSS, SSF, and PCI PIN. Providing a safe environment for the team to exercise with real-world scenarios based on common vulnerabilities was also a high priority. 

One of the biggest reasons we chose Hack The Box was because Dedicated Labs is in a completely secure environment. The fact that we can work isolated from any other organizational setup, ensures there are no risks to our infrastructure during training.

 

Conrad Laus, Security Team Lead, RS2

Their goal

To better protect their systems and customers while meeting compliance requirements, RS2 needed to ensure that all security personnel:

1. Held a high level of technical proficiency regarding the latest security threats 
2. Shared a consistent standard of knowledge

HTB Dedicated Labs' cyber range-like ability to give a broad spectrum of threat scenarios with varying degrees of difficulty made these outcomes possible. The team was able to share knowledge before performing an exploit, collaborate as a team, and truly master the skills and principles they learned. 

Conrad saw the team utilizing the platform not only to expand their skills in new areas, but also to enhance their capabilities in their day-to-day job roles.

He was also pleased to see that threats presented in the platform accurately reflected real-world scenarios an employee might encounter, such as unpatched systems, misconfigurations, and non-secure coding practices. 

Their solution 

RS2 utilizes HTB Dedicated Labs, which contains over 600+ vulnerable systems that can be spun up at any time. New content is added every month. HTB Dedi Labs training emphasizes two crucial principles for modern security teams – fully optimize limited training time and encourage knowledge sharing between employees.

When speaking about the labs, Conrad said, “The labs are engaging for all members of the team regardless of their skill level. We enjoy practicing in real-world scenarios!”

As part of the training process, they ask every team member to select a machine that will provide the most value to their current learning objectives or development needs. The team then deconflicts to ensure they train on a broad selection of content that benefits the entire team. After this, each individual gets to work on their selected machine during three, two-hour sessions held on a weekly basis.

In the final session, each team member provides a walkthrough of the machine to the rest of the group, explaining their key findings, their methodology, what worked, what didn’t, and most importantly, how this security issue can be mitigated. 

Hack The Box’s effective tagging system makes machine selection a straightforward process, allowing our team to find what they need easily. In turn, this allows them to focus on the topics and areas of highest importance rather than dedicating time and effort on content they’re already familiar with.

 

Conrad Laus, Security Team Lead, RS2

Adopting this approach allows the team to learn from one another and benefit from each other's knowledge. It also helps RS2 develop their communication and relationships as a wider information security team, helping them to be more effective as a group during times of high stress and pressure. 

The technical presentation aspect also aids RS2’s team members when presenting technical issues to senior management (and other departments within the organization) or preparing for information security conferences. 

Their results 

Since introducing HTB to the RS2 team, all members have become more conscious of current exploits and as a result, are aware of the most up-to-date best practices in security. This has aided in improving compliance with industry standards.

In addition, the overall knowledge within the team has grown at a steady rate and students have gained valuable technical presentation and writing skills, which they use on a daily basis.

The RS2 team has also become aware of how critically important it is to continuously apply all applicable security controls and techniques in their day-to-day responsibilities. This includes security configuration hardening, vulnerability scanning and patching, penetration testing, secure code development, and tailored information security training per department.

Since we started using Hack The Box Dedicated Labs, the team has developed a greater understanding of security best practices and a desire to keep up to date on these trends. 

 

Conrad Laus, Security Team Lead, RS2

The HTB platform is now a critical component of the security team’s operational activities and the team at RS2 says they’re excited to continue making the best use of it for the years to come.  

Since implementing Hack The Box into their training program, the RS2 team has:

• Seen a 150% increase in team learning session participation

• Improved knowledge and skill sets significantly within the first 6 months of use

• Satisfied important compliance requirements (PCI DSS, SSF, and PCI PIN)

• Completed 40 HTB machines