It’s been over two years since Hack the Box completed a $55 million Series B funding round, but CEO Haris Pylarinos is keen to continue riding the wave of optimism at the company and make inroads into new markets.
Speaking to ITPro in the wake of the investment round in January 2023, Pylarinos said the company planned to triple its headcount and accelerate global expansion.
In a follow-up interview last month, the chief executive revealed these plans are continuing at a good pace. The company now boasts sites in the UK, Greece, and US, but has taken a cautious approach to increasing headcount rather than haphazardly expanding.
“Overall the Series B gave a great push to the company,” he told ITPro. “We have grown significantly since then, but sensibly at the same time. Our headcount, roughly speaking, is approaching the 300 mark.”
There are positive signs across the board for Hack the Box at present, according to Pylarinos. The company has expanded its enterprise customer base, now working with major brands such as Siemens, Google, and Lufthansa, and its community platform has surpassed the three million user mark.
Hack the Box provides gamified training programs to help organizations and individuals improve cybersecurity awareness and skills. These war game-style cybersecurity programs include real-world threat scenarios, all of which use techniques commonly used by threat actors.
When the company launched in 2017, this was a market ripe with opportunity – and with accelerating threats and skills gaps in the years following placing organizations at huge risk, the company capitalized.
Hack the Box infuses cyber training with AI
Notably, the Series B enabled the company to further expand its offerings, this time capitalizing on a new industry trend: generative AI. In December last year, the company launched a new AI-powered Crisis Control service aimed at taking its gamified training programs one step further.
This tests users’ cyber defense capabilities using real-time breach and crisis simulations, all powered by AI to throw the occasional spanner into the works and ensure they’re able to adapt and respond to a worst-case scenario.
As with the original training programs, Pylarinos told ITPro there was a gap in the market. Similarly, crisis simulations were - and still are - an area where security leaders have been keen to sharpen up and increase budgets to prepare for the worst.
Research from Hack the Box found 74% of CISOs plan to increase budgets for crisis simulation exercises in the year ahead, underlining the enthusiasm for these offerings.
“Crisis control is an important product, a product that reaches the boardroom where the decisions are made in cybersecurity incidents,” he said. “The fact that we use AI helps keep each and every exercise relevant.”
Hack the Box is growing at a solid pace, according to CEO Haris Pylarinos
Crisis simulation programs are by no means new, nor is the use of AI in curating these, Pylarinos admitted. However, what he believes separates Hack the Box from other offerings is the fact that the AI model underpinning the scheme was built in-house and isn’t a rehashed product simply infused with AI.
Indeed, each training program is catered specifically to the organization, their unique needs, and based on the industry they operate in.
“A common theme you see on the market is that ‘we used ChatGPT to create the narrative’ - this isn’t the case,” he said. “What we actually do is we scan public information, like news articles, for example, and we understand what is the current trend in the vertical that the organization is in.”
As an example, Pylarinos told ITPro that an organization operating in the financial services sector would be given a crisis control simulation based on factors such as increased APT activities in that industry, or specific malware strains being used against financial institutions.
“Our system understands that and builds an exercise based on what is going on today in the market. So you are training on something that is extremely realistic and relevant to your specific industry. I think that's the advantage of utilizing AI in that capacity.”
So far, feedback on the service has been great, Pylarinos said. Admittedly, though, the program is still in its infancy so it’s not quite reached the volume where he could definitively outline the true benefits or impact.
Further gains afoot for Hack the Box
Looking ahead, Pylarinos told ITPro the company plans to continue expanding, and growth remains solid. Notably, the chief executive said “I don’t see a fundraise coming any time soon” on account of its positive cash flow.
“We are becoming more and more cash efficient as time progresses without sacrificing growth, meaning that there is a very good chance that we pass the burning point where you spend more capital than you earn and become profitable in the following years.”
There are positive signs the company is making further inroads into other verticals, Pylarinos added. The company initially started as "primarily a red team player” training penetration testers.
But now the company is fostering closer ties with the blue and purple team domains - and it’s a trend he appears keen on pursuing further by leveraging the company's expertise and established reputation in the red teaming space.
“We are now a fully fledged powerhouse, catering for red, blue and purple needs,” he said. “Blue [teamers] is a much bigger market, so there are more potential users out there that would benefit from our content.
“The fact that we have so much expertise on the red side helps us recapitalize this and train the defensive side on how to deflect and manage the most difficult cyber attacks out there.”
MORE FROM ITPRO
- Cyber attacks against UK firms dropped by 10% last year, but experts say don't get complacent
- What do security pros want from generative AI?
- The UK cybersecurity sector is worth over £13 billion, but there’s still huge untapped potential if it can overcome these hurdles
-
Enterprise AI adoption is about to get the Big Brother treatmentOpinion Worried your staff aren’t using those shiny AI tools you petitioned for? Big tech has you covered
-
Dreamforce 2025: What's an agentic OS?ITPro Podcast NPUs, e-ink, and immersive headsets are the latest hardware innovations for business devices
-
Cyber skills shortages are pushing firms into dangerous shortcuts – and it’s putting them at huge risk of security breachesNews Chronic cyber skills shortages mean many businesses are implementing quick fixes
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
The UK’s ‘chronic shortage of cyber professionals’ is putting the country at riskNews While high-profile attacks grab headlines, a security researcher warns the UK's "chronic shortage of cyber professionals" is left unaddressed by government, industry, and academia.
-
Microsoft patched a critical vulnerability in its NLWeb AI search tool – but there's no CVE (yet)News Researchers found an unauthenticated path traversal bug in the tool debuted at Microsoft Build in May
-
Despite the hype, cybersecurity teams are still taking a cautious approach to using AI toolsNews Research from ISC2 shows the appetite for AI tools in cybersecurity is growing, but professionals are taking a far more cautious approach than other industries.
-
Cyber professionals call for a 'strategic pause' on AI adoption as teams left scrambling to secure toolsNews Security professionals are scrambling to secure generative AI tools
-
SonicWall CEO Bob VanKirk hails ‘pivotal moment’ as firm unveils new MSP cyber solutionsNews The company is expanding its MSP solutions range and ramping up its focus on platform-based security
-
Foreign AI model launches may have improved trust in US AI developers, says Mandiant CTO – as he warns Chinese cyber attacks are at an “unprecedented level”News Concerns about enterprise AI deployments have faded due to greater understanding of the technology and negative examples in the international community, according to Mandiant CTO Charles Carmakal.
