Cyber Teams
ch4p,
Apr 30
2024
Since launching Hack The Box (HTB) in 2017, I’ve spoken to hundreds of security leaders fighting a common, yet brutal, uphill battle:
Translating security budgets into a high-performance security function.
Despite the increasing investment in technology, we still see a 600% increase in cybercrime year-over-year.
We still see burnout run rampant in our industry.
We still see leaders struggle to address technical skills gaps.
Organizations are suffering from breaches that could’ve been avoided.
What’s happening?
We’ve championed security programs for more than 1,500 teams around the globe, and with 2.7+ million members, became the hub for developing threat-ready cyber professionals. Our experiences & data over the last 7 years show that poor security performance boils down to one thing:
People.
It’s no surprise that a lack of talent or human failure is expected to account for over 50% of significant cyber incidents by 2025.
And let’s be honest, the “people problem” isn’t exactly a grand revelation in the security industry. But based on our unique insights from supporting security teams with…
Connecting team development to business goals with our courses, hands-on lab scenarios, and skill assessments.
Engaging staff in a “grow-together” culture via our CTF platform.
Hiring top-tier candidates through our Talent Search portal (~500k talent pool).
Most orgs solve people's problems (and security performance problems) the wrong way.
They fixate on processes and technology while neglecting the talent responsible for running all systems.
Process investments like security monitoring, threat detection, or AI-powered operations still require the individual ability to match those with business outcomes.
More money allocated into SIEMs and SOARs won’t defend against cyber risks without the skills to utilize technologies across the organization.
And so on.
At Hack The Box (HTB), we see the solution as an investment in people’s careers, development, and well-being. Resulting in a better security posture and cybersecurity alignment with business objectives.
What makes an exceptional cybersecurity training platform?
Download our buyer’s guide for cybersecurity solutions in 2024 and learn how we help to continuously adapt to new threats, benchmark your team’s capabilities, elevate career development, and retain your talent.
The life of a modern cyber professional is not just about individual ability or certifications.
Individuals need to possess the hard skills and knowledge to fulfill their job responsibilities–but they also require the capability to match existing processes with concrete business outcomes, and an environment fostering career progression and well-being.
In other words, a cyber professional’s life is about bringing the best version of themselves every single day.
That’s what the Cyber Performance Center is about.
Your team’s completion badges on different learning platforms won’t stop cyber criminals.
However, their ability to identify the right attack log, escalate the right incident, or detect that obscure potential vulnerability, will. And that boils down to real-time cyber performance.
HTB is redefining cyber resilience by providing a platform where professionals, teams, and students can find their safe, yet challenging, place to grow.
Our methodology is divided into three pillars inspired by the People, Process, Technology (PPT) framework:
People: Provide comprehensive career path programs for individuals to develop their skills and knowledge continuously. This includes technical training on tools and technologies, as well as soft skills training on communication, teamwork, and problem-solving.
Process: Integrate cybersecurity workforce development into existing processes, such as incident response and risk management. Conduct regular tabletop exercises and simulations to practice responding to cyber incidents.
Technology: Use cutting-edge upskilling courses, labs, and cyber range scenarios equipped with simulated networks, systems, and attack vectors to build hands-on experience in a controlled environment that avoids harming production systems.
An excellent cyber performance program must fully integrate all three pillars to positively impact business metrics and stand against a riskier cyber world.
Unlike traditional training methods, we provide an all-in-one platform that serves as a single pane of glass for an ever-growing community of 2.7 million members.
Cyber teams are under pressure to be “always on” in the face of constant threats. So, how can they manage stress and how can managers support teams facing burnout?
84% of cybersecurity professionals are experiencing burnout, which is directly affecting performance. With human error as the cause of most incidents and breaches, mental health in the industry should be addressed as the first concern to technical leaders.
When do we experience burnout? Not only because of the workload: usually, we experience stress at work when we do not possess the skills, the tools, and the time to deliver our job role; when our hiring expectations are not met, and when we see our career path leading nowhere.
Our recent recognition as leaders of Forrester’s Skills & Training Platforms Wave™ confirms what we’ve validated when it comes to building market-ready professionals over the last seven years:
Training and regular practice aren’t going anywhere. Like an Olympic gold medal athlete, a “gold medal cyber professional” needs regular training to stay ready and make a difference in their org’s security posture.
Forrester’s independent research further highlights our upskilling capabilities in several key areas:
Gamification: we are proud pioneers of gamified cyber training. Our gamification is functional to own the skill or technique practiced.
Learner Experience: our platform members have the opportunity to learn at their own pace, compete in thrilling cybersecurity competitions, or practice with guided features. Everyone can manage their personalized learning curve, with new labs released weekly.
Curriculum Management: paths focusing on skills or job roles are designed to take students from novice to expert through a logical series of learning modules, with regular practical assessments to verify the knowledge acquired.
Our methodology builds market-ready cyber professionals.
And our focus on realism enables our platform members not only to learn single techniques, attacks, or procedures, but also to apply them to real-world problems.
A bunch of skilled individuals won’t automatically lead to a secure organization. Their skills need to be aligned to a defined business environment, tech environment, and commercial outcomes.
That’s why we’ve focused on ensuring HTB Enterprise Platform offers the ideal solution for teams to align cybersecurity skills development and business objectives.
A comprehensive security metrics program can:
Help organizations improve their decision-making.
Enhance visibility across their organization.
Benchmark their performance against peers.
Demonstrate the value of cybersecurity to the C-Suite and the board.
The specific metrics to track to ensure cyber readiness vary from company to company. Our methodology and platform features, though, are designed to carefully oversee skills development and analyze potential gaps that could cost real dollars to the business.
The risk mitigation mindset can be easily demonstrated through our CVE-based practical labs:
Understand your operational infrastructure.
Understand what the adversary uses in terms of TTPs.
Attempt to understand the collection requirements of the adversary.
Decrease your mean-time-to-detect (MTTD), mean-time-to-resolve (MTTR), and mean-time-to-contain (MTTC).
This practice can enable predictive moves in cyber operations and boost the threat hunting capabilities of an organization.
Follow the quick demonstration below to see how in-platform capabilities allow technical leaders to monitor skill progression, activity, and coverage of industry frameworks such as MITRE ATT&CK.
The challenges of our community differ from individual to individual, from organization to organization.
A young SOC analyst might be focused on mastering the required skills to lead his first promotion, while an established business has the priority to reduce the cost of cyber incidents:
We are proud to say that we can offer a concrete solution to the most diverse problems our industry faces.
Hack The Box does not solve a training challenge, anymore. We do upskill individuals and teams, but our final goal is to create and maintain high-performing professionals who can handle the dynamics of a constantly evolving cyber world.
We do this by offering solutions that combine ability, workforce development, and human focus to drive peak performance.
Today’s cyber threats present a new challenge to organizations, and unskilled teams pose a real risk to the security of your business. This is why cybersecurity performance programs and continuous improvement are no longer a nice-to-have, but a necessity.
Risk mitigation: Timely content offers training on the latest CVEs in real-world environments, reducing risk and exposure to these vulnerabilities.
Employee retention: Cybersecurity teams that are offered upskilling opportunities are far more engaged and less likely to burn out.
Performance benchmarking: Conduct CTFs and gap analysis to identify weaknesses in your security posture.
Tailored training to industry standards: HTB content is mapped to MITRE ATT&CK and NIST NICE frameworks so you can assess your cyber preparedness in different areas.
Boost organizational awareness: HTB can assess cyber readiness and performance company-wide with effective practices like tabletop exercises (TTXs) or nearly practical assessments designed for security staff and non-technical teams.
Author bio: Haris Pylarinos (ch4p), Founder and CEO, Hack The Box Haris Pylarinos is the Founder and CEO of Hack The Box. With a vision to connect and upskill the cybersecurity community worldwide, Haris disrupted the industry by introducing Hack The Box to the world, and its innovative holistic 360º approach to cyber workforce development, assessment, and recruitment. Leading the company’s expansion worldwide, Haris has been managing to grow Hack The Box exponentially. Under his leadership, the team scaled to over 260 employees and over 2.7 million platform members since its launch in 2017. In addition to his role at Hack The Box, Haris has over 15 years of experience and expertise in cybersecurity and systems engineering. He also possessed a strong background in Networking and Software Architecture. Feel free to connect with him on LinkedIn. |
Blue Teaming
Odysseus (c4n0pus), Dec 20, 2024