Cyber security training startup Hack The Box plans to triple its workforce and accelerate its planned global expansion following a $55 million (£44.5 million) Series B investment round last week.
Speaking to IT Pro, the company's CEO, Haris Pylarinos, said recent funding success will provide a springboard for the Greek startup to accelerate its growth trajectory and “double down” on strong commercial traction in the US, Europe, and APAC regions.
Cyber attacks on UK organisations surged 77% in 2022, new research finds Australian government invests $8 million to boost cyber skills The truth about cyber security training
Founded in 2017, the startup has grown rapidly in recent years and has capitalised on the wave of increased cyber security skills awareness among organisations worldwide.
The company commands a global workforce of around 180 staff, much of which is distributed across the US, Europe, and APAC.
“The US is one of our strongest markets already, and our plan through the Series B is to double down on this market. We are currently looking into having physical offices in New York, and we’re expanding our employee base there,” he told IT Pro.
“The plan is to triple the workforce globally within the next three years, and we are expanding globally. Australia is a good market for us, and we have a presence there that we also plan on growing.”
This concerted international push will include investment in sales and marketing capabilities, Pylarinos added. Investment in research and development (R&D) will also be a key focus in the startup’s base in Greece, while distributed remote workers will continue to play an important role.
“We maintain the majority of our R&D in Greece – we find a lot of great talent here,” Pylarinos said.
“But when it comes to R&D, there is an exception. Wherever we find great talent, we will hire them and they will work remotely. So while our base is in Greece, we have experts from all over the world contributing to our R&D functions.”
Appetite for cyber security training
Hack The Box has raised significant funding amidst a challenging period for startups; one fraught with decreased VC funding options and investor reluctance.
However, Pylarinos said this investment highlights the growing appetite for cyber security skills training worldwide.
“Cyber security is here to stay and grow because threats are growing,” he said. “Especially in the last couple of years, we’ve seen threats exploding globally. So, that means that every organisation should be prepared when it comes to cyber security.”
A key focus for Hack The Box in 2023 and beyond will be to help plug gaps in the widening global cyber skills deficit, Pylarinos said.
The global cyber security workforce gap increased by 26.2% in 2022, according to the (ISC)2 Cybersecurity Workforce Study.
This growing global deficit in cyber talent comes amidst a period of escalating security threats, which is placing organisations at great risk.
More than two-thirds (70%) of respondents to the (ISC)2 study said their organisations do not have enough cyber security staff to adequately mitigate growing threats.
Over half also warned that staffing deficits put their organisation at a ‘moderate’ or ‘extreme’ risk of cyber attacks.
Unified Endpoint Management and Security in a work-from-anywhere world
Management and security activities are deeply intertwined, requiring integrated workflows between IT and security teams
Pylarinos believes the combination of skills shortages and escalating security threats means that attracting – and retaining - cyber talent is now a critical priority for businesses, with many investing heavily to re-skill internal talent and bolster resilience.
“We are seeing more and more investment in cyber security skills programmes. So, a lot more security professionals will enter the market,” he said.
“We are also seeing some organisations creating the talent because it’s so hard to find. They hire network or IT engineers, let's say, pass them through fast-track programmes and give them the basics of cyber security to start a career in the security function. And this actually works.”
This where is Hack The Box can play a key role in addressing this problem, Pylarinos suggested. The startup aims to support organisations in bridging talent gaps and provide industry-leading training for staff.
Its gamified training programmes help individuals, businesses, government organisations, and academic institutions to “level up” their offensive security skills by providing engaging real-world threat scenarios featuring up-to-date attack techniques employed by hackers.
Increased defensive focus
So far, Hack The Box has focused heavily on penetration testing and offensive security training, known as ‘red teaming’. But, looking ahead, Pylarinos revealed the company hopes to expand the scope of training to include defensive techniques.
“This [red teaming] has great applications for incident responders and SOC analysts because by understanding how the attacker operates, they are better at figuring out the attack, figuring out the kill chain, and making them more effective at mitigating attacks,” he said.
“Our goal is to expand our portfolio to cater for many different functions of cyber. Right now, we’re considered one of the best when it comes to offensive cyber security, we want to expand to the other side. So defensive techniques such as threat hunting, and catering for security engineers, SOC analysts, and incident responders.
“Our ultimate goal is to provide a single pane of glass for the CISO, where he or she can monitor the entire cyber workforce, whether that’s on the offensive or defensive side.”
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.