Cloud Security , Security Operations
Hack The Box Raises $55M to Bolster Cyber Training PlatformStartup Wants to Add More Cloud, Defender-Related Material to Its Training Platform
The widespread move to the cloud has created new security issues such as basic configuration mistakes that can expose organizations to breaches. At the same time, the fluid job market has injected many new and sometimes younger employees into the workforce, requiring a new strategy for security training.
Hack The Box, which just completed a Series B funding round, wants to capitalize on these trends by focusing more on cloud security and a gamification approach to its cybersecurity training platform.
The Kent, England-based startup was founded in 2017 to provide pen testers and red teamers with a way to test their offensive security skills via virtual labs, real-world simulations, capture-the-flag challenges and hacking games. But in recent years, Hack The Box has gradually branched out into defensive security to provide training and certifications to better serve IT engineers, security engineers and SOC analysts.
"Based on our expertise on the offensive side, we've build a lot of expertise on how to counter attacks as well," Hack The Box founder and CEO Haris Pylarinos tells Information Security Media Group. "So we can send that knowledge as well to the end user, providing a more unified and holistic approach to cybersecurity."
The $55 million round was led by private equity firm Carlyle and comes 21 months after the cyber range vendor received $10.6 million in Series A funding from Paladin Capital Group. Hack The Box currently employs 180 people, and Pylarinos wants to triple the company's headcount over the next three years by hiring aggressively across the company's research and development, sales and marketing teams (see: Rapid Cybersecurity Changes Demand Agile Education).
'It Feels Like Playing, But It's Actually Learning'
The cloud poses unique challenges from a cybersecurity perspective since engineers need to protect their organizations against misconfigurations, and Pylarinos says the stakes have only become higher as more organizations migrate to the cloud. Hack The Box therefore plans to expand its cloud content division by bringing on some of the 1.7 million contributors or consumers on its platform as employees.
Hack The Box also hopes to use the Series B proceeds to expand multiplayer hacking games so that people within the same organization can practice carrying out and stopping cyberattacks against their colleagues, Pylarinos says. The platform is a good fit for any large enterprise or midmarket organization with either an internal cyber division or IT department that has some cyber focus, Pylarinos says.
"It feels like playing, but it's actually learning," he says. "And it's very efficient learning because the competitiveness triggers emotions, and emotions tend to make the knowledge acquired at a specific time better retained in your head for future use rather than reading a document."
From a go-to-market perspective, Pylarinos says Hack The Box plans to triple the size of its North American workforce over the next year. Today, just 19% of the company's employees are based in North America even though Hack The Box generates more than half its revenue in the United States. Pylarinos expects that 40% of Hack The Box's employees will be based in North America a year from now.
Crossing the Atlantic
The United States has many large organizations with massive headcounts that could benefit from what Hack The Box has to offer, says Pylarinos, which is why the firm has been building out a presence in New York since early 2021 and learning more about the U.S. market to complement its hubs in Greece and the United Kingdom.
Hack The Box stands apart from others in the cyber range market, such as TryHackMe, Offensive Security and Immersive Labs, thanks to the size of its community and a focus on keeping its platform updated with the latest and greatest cyber methods, trends and techniques. For instance, in late 2021, Pylarinos says the ins and outs of Log4j were incorporated into the Hack the Box platform within a few days.
From a metrics standpoint, Pylarinos says he's closely tracking annual recurring revenue as well as gross and net revenue retention. Outside of financials, Hack The Box monitors the number of new content items released each month as well as how users rate the new content to understand what types of content the company should produce more of and what types of content the company should stop producing.
"Organizations get all the statistics that each user performs on the community edition of Hack The Box," Pylarinos says. "So the CISO from day one can monitor sometimes years of progress of their employees."