How leading organizations leverage threat-informed benchmarking

Cyber threats are evolving rapidly, and too many organizations struggle to keep pace. Our recent report reveals that only 40% of teams train on a weekly basis, leaving organizations with limited visibility into their cybersecurity readiness. 

Guesswork isn’t an option; with countless security tools and frameworks available, businesses need a clear way to assess defenses and identify areas for improvement

Loading Preview...

.

Traditional benchmarking methods fall short, partly because they rely on static assessments that don’t reflect real-world threats. To build true cyber resilience, organizations need to take a continuous, intelligence-driven approach — one that evaluates skills, pinpoints gaps, and sees that teams are prepared for emerging threats.

That’s where Hack The Box comes in. Our all-in-one, cloud-based solution enables companies to track, measure, and refine cybersecurity capabilities in real time.

But how does that look in action? 

Let’s take a closer look at how leading organizations are using HTB to track, measure, and enhance workforce development

Loading Preview...

. 

Autodesk uses CTFs to drive learning growth and data-driven benchmarking

Staying ahead in cybersecurity isn’t just about training — it’s about measuring progress and closing skill gaps. Autodesk

Loading Preview...

, a global leader in software for architecture, engineering, and construction, uses HTB’s Capture The Flag (CTF) challenges to boost security awareness, foster global team collaboration, and provide relevant, real-world training. 

With a huge digital ecosystem, Autodesk needed a scalable, hands-on solution that could:

• Identify skill gaps and high-potential talent within security teams

• Increase employee engagement and learning 

• Facilitate real-world, gamified cybersecurity training  

By integrating HTB CTFs into cyber teams’ practice, Autodesk empowered employees with gamified, real-world cyber challenges. 

Matthew Wilder, Strategic Security Solutions Engineering Manager @ Autodesk:

When we were planning our Defender Days, we knew we wanted to bring in a CTF vendor and HTB hit on all the points we were looking for. Because HTB focuses on building problem-solving skills, it fosters collaboration and improves communication among employees while giving us a chance to provide our developers and engineers with the opportunity to have fun and work together on joint team missions.

By utilizing ongoing benchmarking events and real-time reporting, organizations like Autodesk can track performance, close skill gaps, and improve team capabilities, ensuring they are ready to respond to emerging threats

Loading Preview...

. 

Explore our extensive library of 135+ challenges and job-role aligned packs and set up a custom CTF in under 10 minutes

Loading Preview...

to drive continuous cybersecurity growth.

Toyota creates a framework-aligned workforce development plan and closes skill gaps in under 6 months

Toyota has always been a pioneer in innovation, from revolutionizing manufacturing to setting global safety standards. But as cybersecurity threats evolve, the company faces a critical challenge: ensuring its security teams have the practical skills to defend against modern attacks.

With an expansive digital ecosystem to protect, Toyota needed more than traditional training.  Their organization required a structured, framework-aligned approach to workforce development

Loading Preview...

— one that would not only identify skill gaps but also provide a clear roadmap for continuous improvement.

Toyota’s cybersecurity leaders implemented HTB Enterprise Platform, integrating hands-on labs, attack simulations, and skill benchmarking into their team’s routine. Instead of passive learning, they could engage in industry-aligned scenarios that mirror the threats Toyota faces daily. 

Key activities included:

• Weekly CTF challenges: Every Friday, Toyota’s security team hosts a CTF session using HTB’s Dedicated Labs.

• Cross-team collaboration: 5 to 15 team members from diverse backgrounds and skill levels (including blue team security engineers!) participating in each session. 

• Buddy system for ongoing learning: Team members pair up to continue collaboration and skill-building beyond live CTFs.

• Breaking the ‘know it all’ stigma: The team embraces a culture where struggling, asking questions, and learning together is normalized.

• ‘Show and tell’ approach to learning: Leaders actively participate, demonstrating problem-solving techniques and encouraging open discussions.

This approach ensures their teams aren’t just training — they’re mastering attack techniques mapped directly to real-world skills

Loading Preview...

.

Toyota leveraged HTB’s extensive content library to create tailored training environments, benchmark skills, and track performance — turning learning into a measurable advantage. 

Gabe Lawrence, VP of Information Security @ Toyota North America:

We use the Dedicated Labs instances for CTFs we host every Friday afternoon. It's a fun and casual way for the team to gather and work together to solve challenges and our favorite way to end the work week!

With access to 25+ learning paths, 1,500+ offensive and defensive labs, and 15+ enterprise attack simulations, teams like Toyota’s can continuously upskill with the latest real-world threats. New content is added weekly, ensuring cybersecurity professionals stay ahead of evolving challenges.

NVISO transforms onboarding and verifies industry-aligned skills

For NVISO Security

Loading Preview...

, staying ahead of cyber threats is a must. As a leading European cybersecurity firm specializing in technical services, their team needs high-performing experts across various specializations. However, traditional training often lacked engagement, structure, and real-world applicability.

That’s when Firat Acar, Red Team Cybersecurity Consultant at NVISO, turned to HTB Enterprise Platform — a hands-on, gamified learning solution — to enhance onboarding and internal upskilling.

Here’s how NVISO leverages Hack The Box to train and retain top talent:

• Onboarding new team members with structured, hands-on learning paths in HTB Academy, accelerating their journey to becoming threat-ready.

• Enabling internal mobility, allowing employees to move into the security assessments division through guided skill development.

• Private team learning and upskilling using HTB Dedicated Labs, where individuals and teams sharpen their technical skills in real-world scenarios.

• ‘Hacktion Nights’ and group training events, tapping into HTB’s gamified challenges to encourage collaboration and continuous learning. 

Firat Acar, Red Team Cybersecurity Consultant @ NVISO:

We use Academy to onboard new joiners or those interested in moving to the security assessments division, while the Dedicated Labs are used for private learning and team events like our ‘Hacktion Nights.’

By leveraging HTB certifications, organizations like NVISO ensure their team’s skills are not only acquired but validated, creating a clear roadmap to career growth and expertise.

Explore the HTB’s job-role paths

Loading Preview...

that lead to industry certifications and ensure your team’s readiness for the evolving threat landscape.

City of Newcastle enhances operational performance 

As the second-largest city in New South Wales, Newcastle thrives on innovation, but with that progress comes an ever-growing digital attack surface. Protecting critical infrastructure, citizen data, and essential services meant the cybersecurity team needed more than just standard training — they needed a benchmark to measure their readiness and a way to continuously improve.

Nathan Taylor, Cybersecurity Manager at the City of Newcastle

Loading Preview...

, understood that to stay ahead of evolving threats and meet compliance requirements, his team needed a more practical, measurable solution. However, their existing training methods presented key challenges:

• Theoretical training didn’t prepare the team for real-world scenarios.

• There was no clear way to benchmark performance, leading to skill gaps and inefficiencies.

• Training content wasn’t aligned with evolving industry standards, hindering compliance efforts.

After evaluating different platforms, the City of Newcastle transitioned to HTB, which provided a comprehensive, hands-on solution that integrated seamlessly into their training plan. With HTB, the team was able to:

• Simulate real-world attack scenarios, refining both offensive and defensive skills.

• Benchmark performance against industry standards like OWASP and NIST.

• Track skill progression, ensuring continuous improvement and addressing gaps.

• Improve incident response times by practicing with real-world threats in a safe, controlled environment.

The City of Newcastle’s cybersecurity team managed to build a measurable, evolving training program that aligns with real-world challenges and ensures they stay one step ahead in securing the city’s infrastructure.

Nathan Taylor, Cybersecurity Manager @ City of Newcastle:

HTB has given the team the tools and experience to make informed decisions, improving our day-to-day threat detection and response capabilities.

Dynamic benchmarking vs. traditional solutions

Traditional cybersecurity assessments fall short because they rely on outdated methods like certifications, one-off training courses, and static assessments that do not accurately represent real-world threats.

Without data-driven insights, organizations find it challenging to measure skill development and identify gaps effectively.

Tom Williams, Director Global Operations @ Hack The Box:

To stay ahead, skills benchmarking must become more dynamic and continuous. Measuring technical knowledge isn’t a one-and-done exercise, and instead we need a framework that evolves with the threat landscape that helps us better plan, prepare, and strengthen our cyber workforce.

Dynamic benchmarking flips the script, providing teams with adaptive training, real-time insights, and a structured approach to tackling emerging threats. The organizations that embed real-time, dynamic benchmarking into their security operations are the ones building true resilience.

Our recent Benchmarking Masterclass webinar, “Rethinking Readiness”

Loading Preview...

highlights how teams that embrace real-time, dynamic benchmarking are naturally better equipped to handle real-world threats. This approach exposes hidden weaknesses in both technical skills and team coordination — insights that static assessments simply miss.

💡Join our next webinar in the series, "From Theory to Action", and dive into the practical side of dynamic benchmarking!

 Claim your spot at our next webinar

Where does your team stand? 

Understanding your team’s cybersecurity capabilities is the first step in building a resilient security workforce. Each year, Hack The Box unites security teams for a global benchmarking event, where they tackle real-world attack scenarios. 

The event pushes teams to measure and enhance their cybersecurity skills while allowing them to benchmark their capabilities against global peers. This year’s Global Cyber Skills Benchmark: Operation Blackout throws participants into a high-stakes cyber warfare simulation. 

From post-event data, we create our yearly Cyber Attack Readiness Report, analyzing industry-wide skill trends and key takeaways to help teams standardize training, identify areas for improvement, and refine strategies to enhance their overall cybersecurity performance.

The Cyber Attack Readiness Report 2024

Loading Preview...

, fueled by insights from 943 security teams and 4,944 professionals, is your go-to resource for uncovering the latest cybersecurity trends and staying ahead of emerging threats year after year. 

The graphs below show the rankings of key sectors in various cybersecurity areas, providing insights into performance and potential gaps.

Benchmark and assess your cyber workforce with HTB 

Organizations like Google, Toyota, NVISO, and RS2 are already using the platform to stay ahead of threats with hands-on skills and a platform for acquiring, retaining, and developing top cyber talent.

Ready to host your next CTF competition? Jump into the CTF Marketplace

Loading Preview...

and set up a competition in under 10 minutes!

If your organization doesn’t have access to CTF events, contact us

Loading Preview...

to integrate Capture The Flag events as regular assessments in your cybersecurity workforce development plan.