Dear global cybersecurity community,
Hack The Box is turning 7 years old today and as I am reflecting on our 2023 ride, I can’t help but celebrate all the amazing milestones that brought us where we are today. That’s definitely a reason to party!
As a cybersecurity professional myself, I was always looking for ways to enhance my hacking skills and challenge conventional thinking. Yearning for more than just reading textbooks, I founded Hack The Box; a platform providing a community of cybersecurity professionals and enthusiasts with hands-on practice and the opportunity to improve their cybersecurity capabilities.
However, I soon realized that my primary goal extended beyond personal development. I aimed to spearhead a movement towards advanced learning experiences, in an effort to address the challenges around cybersecurity skills development and bridge the 4 million cyber skills gap that our industry is facing. Quickly, the initial concept evolved into an all-in-one environment that encompasses cybersecurity learning, upskilling, and recruitment, allowing individuals and security teams to keep track of their development and identify knowledge or skill gaps quickly and easily.
From 2017 until today, Hack The Box has brought together a community of over 2.6 million members worldwide and has served more than 1,500 organizations around the globe.
2023 was a momentous year for Hack The Box! From securing $55 million in Series B funding to surpassing 2 million platform members worldwide, an expanded product offering that introduced new defensive security solutions, and our recognition as a leader in The Forrester Wave's category of Cybersecurity Skills and Training Platforms, 2023 has been a heck of an amazing ride!
Among others, some remarkable milestones of Hack The Box include:
New HTB platform members: 918,237
New businesses using HTB: 364
New universities enrolled: 178
CTFs hosted: 233
Number of CTF players: 42,544
Machines spawned on our platform: 9,509,979
Machines released: 114
Challenges released: 149
Sherlocks released: 55
HTB Academy modules completed: 491,808
HTB Academy sections completed: 8,609,076
New social media followers across channels: 202,810
So here is a brief recap of what 2023 felt like for us.
The curtain rose on securing $55 million in Series B funding, accompanied by reaching a staggering two million registered users globally across the HTB multiverse. And that was only the beginning, as we entered the HTB blue era, expanding our product portfolio to cater to the defensive and purple cybersecurity domains. As a cherry on the top, our commitment to providing unparalleled solutions was globally acknowledged, being recognized as a leader in The Forrester Wave™: Cybersecurity Skills And Training Platforms, Q4 2023. We received the highest possible scores in seven crucial criteria: Skills Assessment and Verification, Gamification, Competition and Recognition, Learner Experience and Adoption, Curriculum Management, Vision, Pricing Flexibility, Transparency, and Community.
As the seasons changed, new faces emerged at Hack The Box. 100 new employees from across the globe joined us, each bringing with them a spark of innovation and a hunger for our mission. But what made this growth truly special was the role played by our existing employees; thirty percent of our new hires were welcomed through our referral program.
We were also honored with accolades, and certified by Great Place to Work in Greece, the UK, and the US. Our Greek entity ranked #1 in the category Best Workplace in Technology in Greece, #4 in the category Best Workplace in Greece, and #7 in the category Best Workplace in Europe.
The heartbeat of these accolades lay in our people. Internal satisfaction surveys revealed that 92% of our employees would recommend Hack The Box as a great workplace. Our surveys also highlighted the areas where we shine brightest, with top scores in giving voice to all cultures and backgrounds (95%), providing flexibility (92%), and offering robust manager support (91%).
But amidst our everyday work, there came a time for celebration. More than 200 HTBers from over 20 countries converged on the Greek island of Poros for our annual Global Retreat.
We expanded our product line to include defensive security learning solutions.
One of our reports conducted last year on the critical skills for modern SOC analysts revealed that over 58.4% of participants prioritize practical Machines (vulnerable virtual instances) to enhance their DFIR skills. Amidst new record highs of ransomware attacks and an 8% increase in global cyber threats during the middle of 2023, HTB introduced new solutions to equip blue teamers with the latest skills needed to combat cybercriminals effectively. As of today, our product portfolio includes:
The SOC analyst career path and the HTB Certified Defensive Security Analyst (HTB CDSA) certification which evaluate proficiency in defensive security across various domains, techniques, and concepts, equipping cyber professionals with intermediate-level skills in security analysis, SOC operations, and incident handling.
Investigation-based defensive security scenarios for HTB Labs named Sherlocks.
A new lab within HTB Labs, named FullHouse, designed to uncover vulnerabilities in the HTB Casino's systems while navigating through various challenges, including AI and blockchain.
A new Blockchain challenges category, designed to provide skills needed to understand smart contracts and address associated security challenges.
And we didn’t stop there…
We introduced Hack The Box’s Capture The Flag (CTF) Marketplace: CTFs have always been your favorite method for assessing team efficiency and fostering team building. Therefore, we haven't come empty-handed. We introduced the CTF Marketplace; a dynamic hub revolutionizing how you create and engage with Capture The Flag events. As an innovative hosting center, the HTB CTF Marketplace enables you to effortlessly organize, configure, and manage CTF events like never before. It streamlines the process, saving time and effort for your security and IT teams, offering clear steps and a vast library of curated content for quick setup and deployment without requiring extensive technical expertise.
HTB Academy made it to the NIST NICE Framework: HTB Academy is now aligned with the NIST NICE framework! You can now study with precision as HTB Academy modules are mapped to NICE Tasks, Knowledge, and Skills. Moreover, you can monitor your skill and work-role advancement through a new Skill Progress Mapping feature based on NIST NICE directly on the HTB Academy platform.
We expanded our industry certifications portfolio: The HTB CSDA was not the only new certification we launched last year. We also introduced the HTB CWEE, which rigorously assesses your abilities to identify advanced web vulnerabilities through hands-on exams employing black-box and white-box techniques.
Guided Mode is now available as part of the HTB Machines: A perfect companion for beginners, providing a structured approach to solving HTB Machines through guided questions.
Streaks at HTB Academy: Keep your upskilling journey on track with weekly consistency measurements. But be careful; Meeting your weekly goal will increase your streak by 1, but if you miss it, your streak resets to 0.
New training pathways for Crest's Certified Web Application Tester exam: With innovation as our cornerstone, we introduced fresh training pathways customized for individuals readying themselves for the CREST Certified Web Application Tester exam (CCT APP). These pathways presented a cutting-edge and engaging method for honing skills and competencies, guaranteeing thorough readiness for the certification examination.
The University of South Florida and Ecole 2600 broke down barriers to cyber education with HTB. By utilizing HTB Academy content and Dedicated Lab challenges, USF reduced preparation time from days to hours, improved student knowledge within six months, increased enrollment in cybersecurity classes, elevated interest and engagement with course material, aligned lectures and projects with current industry trends, while providing an effective training environment for the USF CyberHerd competitive team.
Similarly, Ecole 2600 saw the development of key job-related skills by leveraging Dedicated Labs and Professional Labs. The platform facilitated both individual and group work, fostering easier communication and support among peers.
E.ON achieved improved collaboration between defensive and offensive teams in under one month and eliminated blockers experienced when managing projects across teams.
8bit successfully eliminated costs and time associated with searching for upskilling resources online. Additionally, enhanced the onboarding process for new employees, enabling them to become "project ready" in weeks rather than months.
With a fully remote team operating in over 22 countries, Halborn utilized HTB to ensure staff remained aligned with the latest threats, especially as in-house training became too time-consuming. This initiative resulted in a 25% reduction in time spent conducting audits and the certification of 15 team members in Cloud security.
Once again, we united aspiring hackers, corporate teams, and students through our Capture The Flag (CTF) events, offering hands-on, real-time experience, and opportunities for knowledge exchange.
We launched the CTF season, with the largest online competition for hackers worldwide, Cyber Apocalypse CTF. Over 12,553 hackers from 170 countries participated, navigating intergalactic temples and tackling 72 high-octane challenges across 10 categories, with the support of Euro Information and Snyk.
In our Business CTF, 5,117 players and 982 corporate teams from 90 countries worked together to save humanity by escaping the planet. We presented 32 challenges across eight categories, with the support of Snyk and Express VPN.
During Business CTF, we analyzed the team’s performance data and discovered key findings:
Many security teams are still catching up with blockchain and cloud-related technology, with solving rates for these challenges nearly 30% lower than the average.
Over 70% of managers view team events like CTFs as effective in raising employee engagement and measuring skills.
62% of managers rated "opportunities to learn new skills" as the best way to prevent burnout among security staff.
Employees prioritize skill advancement over pay, with less than one in four security team members considering a pay increase as the best way to engage them at work.
The CTF season concluded with three days of intense competition involving 6,500 students from around the world in our University CTF.
In the latest research that we conducted, called “Securing the future of cybersecurity: From classroom to every career stage”, we identified various challenges that cybersecurity graduates and teams are facing when it comes to laying the groundwork for cybersecurity careers, and recruitment and assessment processes. It's particularly concerning that our research shows recent graduates are entering the workforce unprepared. This underscores the need for a change in the education system that will help rebalance the scales in favor of professionals.
A similar pattern occurs within businesses' assessments, with 64% asserting that existing recruitment processes inadequately assess candidates for their practical skills in addressing ever-evolving cyber threats. Relying solely on university degrees is no longer effective; assessments must equally emphasize testing candidates against real-world threats. Companies valuing practical experience and embracing talented, ethical hackers with hands-on experience will be best placed to succeed.
Here are a few key results of our survey :
95% acknowledge their organization's understanding of cybersecurity importance and required skills.
64% feel current recruitment processes inadequately assess practical skills for addressing evolving cyber threats.
78% deem traditional university cybersecurity education insufficient for countering evolving cybercriminal tactics.
90% stress the need for cybersecurity graduates to gain hands-on experience before their first role.
The cybersecurity talent shortage is most acute in SOC teams, with demand for security analysts expected to surpass average growth by 150%. Our report “Developing the Modern SOC Analyst: A 360 Upskilling Report” identified skills in demand, and revealed professionals' career planning trends between offensive and defensive cybersecurity roles.
Significant findings from our research include the following:
Fundamental skills, notably incident handling processes, and methodologies, are crucial for analysts.
Over 40% prioritize cloud security skills for analysts in the next five years.
58% prefer learning digital forensics and incident response (DFIR) through vulnerable virtual machines.
A growing number of professionals seek careers blending offensive and defensive roles, with hybrid blue/red teamers emerging.
Cheers to our new ThreatReady LinkedIn newsletter. Through this resource, we aim to support security leaders with people-centric cybersecurity news and insights.
We also met many of you around the world.
From GISEC and GITEX in Dubai to Infosecurity Europe and Black Hat Europe in London, to AISA CyberCon in Canberra and Melbourne, leHACK in Paris, BSides in South Florida, RomHack in Rome, Ekoparty in Argentina, Black Hat USA and DEFCON in Las Vegas, we met for the very first time or reunited with you!
We hosted various HTB Meetups for Universities, local gatherings where students connect with peers, share knowledge, and evolve into cyber-ready individuals.
Apart from our HTB Meetups for Universities, we spread the joy of hacking far and wide! We embarked on a hacking adventure with your help - our incredible community. We traveled to 10 exciting destinations, including Paris, Texas, Salta, Kathmandu, La Paz, San Salvador, Casablanca, Warsaw, Portugal, and Guadalajara. Some meetups were led by our existing HTB ambassadors, while others were hosted by the 20 new meetup groups formed throughout the year.
As the challenges of cybersecurity continue to evolve, we're not losing sleep over them. Instead, we're embracing them head-on. We're here to empower you to be the best you can be each day, by providing you with solutions for all cybersecurity domains.
Keep an eye out for exciting updates coming soon! Until then, keep hacking in your unique style.
Cheers,
Ch4p
Blue Teaming
Odysseus (c4n0pus), Dec 20, 2024