Hack The Box: Cybersecurity Training
Popular Topics
  • JOIN NOW
ALL Red Teaming Blue Teaming Cyber Teams Education CISO Diaries Customer Stories Write-Ups CVE Explained News Career Stories Humans of HTB Attack Anatomy Artificial Intelligence

Cyber Teams

8 min read

Testing 657 cybersec teams: Here’s what we learned (from 1,856 flag submissions)

Insights from testing 2,979 cybersecurity professionals (who submitted a total of 1,856 flags) across 8 key cybersecurity skills categories.

Dimitris avatar

Dimitris,
Oct 16
2022

Hack The Box Article

Last year 657 security teams from (organizations such as Deloitte, Cisco, and Toyota) tested their cybersecurity skills in our annual global hacking event, Business CTF

Loading Preview...

. 

Facing a total of 33 real-world inspired challenges related to forensics, reversing, web attacks, and more, players gained Continuing Professional Education (CPE) credits for role-playing as a multinational law enforcement agency in pursuit of fierce financial cybercriminals! 

Following the record-breaking event, we revealed behind-the-scenes performance data in our Cyber Attack Readiness report

Loading Preview...

. In this post, we’ll publicly share the top three insights we gained from our analysis. 

Note: For a complete picture of industry and challenge performance data we suggest that you read the full report

Loading Preview...

.

Pre-register for Business CTF 2023 

Measuring key cybersecurity skills with hacking challenges

Business CTF features jeopardy-style hacking challenges based on real-world vulnerabilities and emerging threats. These challenges are split into relevant skills categories pertaining to different aspects of cybersecurity. 

Skill category  

Description

Forensics

Analysis of digital forensics artifacts. Teams had to investigate realistic digital forensics artifacts commonly seen in sophisticated cyber security attacks.

Real-world relevance: Investigate an incident and identify who is responsible. 

Reversing

The art of reverse-engineering. Teams had to analyze and identify the behavior of compiled applications by leveraging static and dynamic reverse engineering techniques.

Real-world relevance: Discover hidden or undocumented features in systems that make software or hardware vulnerable to an attack. 

Web

Web-based exploits. Teams had to enumerate, identify vulnerabilities, and exploit a variety of different vulnerable web applications.

Real-world relevance: Find and exploit code flaws, misconfigurations, and insecure software in web-based applications or environments. 

Cloud

AWS, GCP, and Azure misconfigurations. Teams had to apply real-world privilege escalation techniques and attack paths in cloud environments. 

Real-world relevance: Identify and deal with common cloud security flaws. (This is becoming increasingly important with the rise of remote work and reliance on cloud infrastructure). 

Pwn

Binary exploitation through exploiting memory corruption bugs. Teams had to analyze executables, find memory flaws, and chain different techniques to develop an exploit.

Real-world relevance: Develop exploits/attacks based on binary files that interact with computer memory and processors. 

Hardware

Penetrating different hardware systems with software. Teams had to analyze and develop a working exploit for infrastructure-related Supervisory Control And Data Acquisition (SCADA) 

Real-world relevance: Find and secure against vulnerabilities, weaknesses, or flaws that can compromise infrastructure systems. 

Host exploitation

Teams had to enumerate the hosts, identify vulnerable entry points, gain an initial foothold, and escalate their privileges to administrator or root. 

Real-world relevance: Identify or exploit vulnerabilities that would allow attackers to remotely access a network, gain elevated privileges, or move deeper into a network. 

Crypto

Cryptographic flaws. Teams had to leverage weaknesses in known or custom-made algorithms to decrypt objects with up-to-date cryptological processes.

Real-world relevance: Protect sensitive information from unauthorized access by identifying encryption flaws. For example, banking applications and financial transactions. 

HTB business CTF gated report - measuring skills

Read the full report

  • Learn the three critical steps that forward-thinking cybersecurity leaders of today must take to cultivate a capable, attack-ready culture and improve employee engagement (from Dimitrios Bougioukas, our Senior Director of IT Security Training Services).

  • Get a complete breakdown of overall industry performance across eight key cybersecurity challenge/skills categories (including cloud, crypto, web, forensics, hardware, and more).

  • See how each industry performed when tested with various cybersecurity technologies, vulnerabilities, and threat types.

Access the report

Cloud security skills gaps continue to manifest across all industries 

Most organizations performed above average when faced with cyber attack challenges that involved forensics, reversing, and web technologies. In comparison, cloud, crypto, and hardware technologies, as well as HostEx and pwn challenges, proved to be somewhat testing. 

Cloud skills gap business ctf hack the box

This gap evidences the current cloud security skills shortage and highlights the urgent need for IT and cybersecurity leaders to prioritize cloud security training

Loading Preview...

. 

In spite of the cloud's strong presence and adoption during the past few years, the cloud security skills shortage is still prevalent. Considering the central role cloud technology and security play in enabling modern organizations to scale, innovate, and manage complex IT infrastructure, the 60% decrease in attack readiness when comparing forensics (30.2% solve rate) against a category such as cloud (12% solve rate) is noteworthy. Some potential causes of this skills gap include:

  • Constant updates to existing cloud tech stacks make it difficult to follow cloud-related knowledge and trends. 

  • Poor (or poorly organized) documentation of cloud tech stacks that can result in knowledge gaps regarding both general cloud systems and cloud security. 

  • The complexity of cloud migrations. An effective cloud security professional is required to be seasoned with both on-premise (or non-cloud) and cloud security matters. 

Overall the challenges were pretty realistic, which is a big plus for me. I definitely recommend joining the CTF, as it lets you test your skills in realistic scenarios and challenge yourself against the best specialists in the field. We will join again next year.

 

Lukasz Lamparski, Security Manager and Senior Incident Responder, ING Bank

Professional skillsets adapt to specific industry segments and threats 

All cybersecurity professionals strive towards a seamless and secure operation of the information systems under their watch within their usual scope of work. In addition, each industry deals with unique kinds of threats and malicious actors. Here are specific industry examples of skillset specialization per industry found in our report: 

Finance:

Finance teams achieved the best results in the HostEx category and were second best in cloud, but came last for solving crypto attack challenges. 

finance

Cyber threats in Finance webinar

Lessons learned from Mastercard and Gemini on reducing cybersecurity risks, getting leadership buy-in for Red teams, and how Blue & Red teams can improve their defense with lower budgets.

Access Recording

Government:

Government teams demonstrated strong skills in forensics, reversing, web, and hardware, scoring a top three position in all categories. Conversely, cloud and HostEx were the biggest areas of improvement for cybersecurity in government organizations

Loading Preview...

. 

gov

Tech: 

Teams in Tech organizations were among the top three performers in web, forensics, and reversing attacks, but (like teams from other industries) achieved lower scores in cloud, HostEx, pwn, and hardware challenges. 

tech

Security:

Security teams were the most adept at dealing with attacks involving web, forensics, and reversing. Compared to the other seven industries, they scored third in cloud security and hardware challenges. 

security

Manufacturing:

Manufacturing holds the third lowest average across all industry categories, but performed relatively well in attacks involving web, forensics, and reversing. Cloud security was the biggest area of improvement for manufacturing teams. 

manufacturing

Industries related to critical infrastructure struggled

It comes as no shock to see that security, consulting, and technology organizations perform above average (15.4%) and are prepared to deal with cybersecurity challenges across a wide range of technologies. 

Organizations essential to global infrastructures, such as government, manufacturing, healthcare, and education showed less cyber attack readiness, with healthcare scoring 31% lower than the average solve rate for all challenge categories. This is noteworthy when you consider that data breaches in healthcare organizations

Loading Preview...

are on the rise. Some potential causes of this include: 

  • Legacy or unpatched systems that must remain operational

  • Busy and stressful schedule that makes keeping up with the ever-evolving threat landscape challenging

  • Sometimes focusing too much on achieving compliance whilst neglecting in-depth security across all systems and communication protocols 

Boost your team’s skills, employee engagement, and coordination under pressure

Skill level of individual employees isn’t the only important factor for an organization to be attack-ready and resilient in the face of cyber threats. Your team’s ability to collaborate and coordinate under pressure is vital to identifying, preventing, and improving your overall security posture. 

We’re biased, of course, but we recommend the HTB Business CTF as a great way to:

  1. Get an industry benchmark of your organization and team’s ability to deal with various cybersecurity threats, challenges, and scenarios. 

  2. Improve employee engagement and retention by encouraging both junior and senior staff to solve challenges based on real-world cybersecurity threats and enjoy a gamified, engaging storyline

    Loading Preview...

    . 

  3. Collaboratively upskill in an event that cultivates practical cyber skills and yields CPE credits. 

Amazing experience working with HTB! Not only it is a very complete and fun hacking learning platform, but also the team is full of talent and creativity and will support your CTF setups in a very professional way. I’m looking forward to continuing this great collaboration.

 

Ignacio Arsuaga, Cybersecurity Enterprise Architect, Siemens

Hack The Box specializes in distinguished practical and guided cybersecurity training courses aligned with the NIST NICE and MITRE | ATT&CK frameworks, as well as unrivaled hands-on labs designed to help organizations close skills gaps, hire top talent, and protect infrastructure.

Explore 360 cyber workforce development 

Author bio: Dimitrios Bougioukas (Dimitris), Senior Director of IT Security Training Services, Hack The Box

Dimitrios has extensive experience in upskilling the IT security teams of Fortune 100/500 tech companies and government organizations. He enjoys analyzing the threat landscape as well as interpreting market and data analytics to assist Hack The Box in devising its training strategy and roadmaps, from go-to-market all the way to the syllabus level. Prior to Hack The Box, Dimitrios directed the development of training and certifications through eLearnSecurity/INE and was behind certifications like eCPTX, eWPT, and eCIR. You can connect with him on LinkedIn here

Loading Preview...

.

 

GET A DEMO FREE TRIAL

Contents

  • Measuring key cybersecurity skills with hacking challenges
  • Cloud security skills gaps continue to manifest across all industries 
  • Professional skillsets adapt to specific industry segments and threats 
  • Cyber threats in Finance webinar
  • Industries related to critical infrastructure struggled
  • Boost your team’s skills, employee engagement, and coordination under pressure

Latest News

Hack the Box Blog

Artificial Intelligence

6 min read

AI Red Teaming explained: Adversarial simulation, testing, and capabilities

b3rt0ll0 avatar b3rt0ll0, May 09, 2025

Hack the Box Blog

News

5 min read

Hack The Box partners with Norwich University to revolutionize cybersecurity education

Cait avatar Cait, May 07, 2025

Hack the Box Blog

News

12 min read

The complete list of Q1 2025 releases and updates on HTB Enterprise Platform

katemous avatar katemous, May 02, 2025

Hack The Blog

The latest news and updates, direct from Hack The Box

Read More
Hack The Box: Cybersecurity Training

The #1 platform to build attack-ready
teams and organizations.

Get a demo

Forrester wave leader Forrester wave leader
ISO 27001 ISO 27701 ISO 9001
G2 rating Capterra rating

Products
Teams
Courses & Certifications Cyber Ranges Enterprise Attack Simulations Cloud Infrastructure Simulations Capture The Flag Tabletop Exercises Talent Sourcing
Individuals
Courses & Certifications Hacking Labs Defensive Labs Red Team Labs Capture The Flag Job Board
Solutions
Job Roles
Red Teams Blue Teams Purple Teams
Industries
Government Higher Education Finance Professional Services
Use Cases
Technical Onboarding Team Benchmarking Candidate Assessment Threat Management Code Vulnerability Crisis Simulation Governance & Compliance
Resources
Community Blog Industry Reports Webinars AMAs Learn with HTB Customer Stories Cheat Sheets Compliance Sheets Glossary Guides & Templates Parrot OS Help Center
Programs
Channel & Resellers Ambassador Program Affiliate Program SME Program
Company
About us Careers Brand Guidelines Certificate Validation Trust Center Product Updates Status
Contact Us
Press Support Enterprise Sales
Partners
Become a Partner Register a Deal
Store
HTB Swag Buy Gift Cards
Products
Teams
Courses & Certifications Cyber Ranges Enterprise Attack Simulations Cloud Infrastructure Simulations Capture The Flag Tabletop Exercises Talent Sourcing

Individuals

Courses & Certifications Hacking Labs Defensive Labs Red Team Labs Capture The Flag Job Board
Solutions
Job Roles
Red Teams Blue Teams Purple Teams

Industries

Government Higher Education Finance Professional Services

Use Cases

Technical Onboarding Team Benchmarking Candidate Assessment Threat Management Code Vulnerability Crisis Simulation Governance & Compliance
Resources
Community Blog Industry Reports Webinars AMAs Learn with HTB Customer Stories Cheat Sheets Compliance Sheets Glossary Guides & Templates Parrot OS Help Center

Programs

Channel & Resellers Ambassador Program Affiliate Program SME Program
Company
About us Careers Brand Guidelines Certificate Validation Trust Center Product Updates Status

Contact Us

Press Support Enterprise Sales

Partners

Become a Partner Register a Deal

Store

HTB Swag Buy Gift Cards
Cookie Settings
Privacy Policy
User Agreement
© 2025 Hack The Box