Hack The Box Raises $55M to Power Cyber Fitness Platform
Cloud security, security operations
Startup wants to add more cloud, defense related material to the training platform
Michael Novinson (Michael Novinson) •
12 January 2023
The widespread move to the cloud has created new security issues such as basic configuration errors that can expose organizations to breaches. At the same time, the fluid labor market has injected many new and sometimes younger employees into the workforce, requiring a new strategy for safety training.
See also: Live webinar | Navigating the difficulties of patching OT
Hack The Box, which just completed a Series B funding round, wants to capitalize on these trends by focusing more on cloud security and a gamification approach to its cybersecurity training platform.
The Kent, England-based startup was founded in 2017 to give pen testers and red teamers a way to test their offensive security skills via virtual labs, real-world simulations, capture-the-flag challenges and hacking games. But in recent years, Hack The Box has gradually branched out into defensive security to provide training and certifications to better serve IT engineers, security engineers and SOC analysts.
“Based on our expertise on the offensive side, we’ve built a lot of expertise on how to counter attacks as well,” Hack The Box founder and CEO Haris Pylarinos tells Information Security Media Group. “So we can send that knowledge to the end user as well, and provide a more unified and holistic approach to cyber security.”
The $55 million round was led by private equity firm Carlyle and comes 21 months after the cyber range provider received $10.6 million in Series A funding from Paladin Capital Group. Hack The Box currently employs 180 people, and Pylarinos is looking to triple the company’s headcount over the next three years by hiring aggressively across the company’s research and development, sales and marketing teams (see: Rapid changes in cybersecurity require agile education).
‘It feels like playing, but it’s actually learning’
The cloud poses unique challenges from a cybersecurity perspective since engineers must protect their organizations from misconfigurations, and Pylarinos says the stakes have only gotten higher as more organizations migrate to the cloud. Hack The Box therefore plans to expand its cloud content division by bringing some of the 1.7 million contributors or consumers on the platform as employees.
Hack The Box also hopes to use the Series B proceeds to expand multiplayer hacking games so people in the same organization can practice executing and stopping cyberattacks against their colleagues, Pylarinos says. The platform is a good fit for any large enterprise or mid-market organization with either an internal cyber division or IT department that has some cyber focus, says Pylarinos.
“It feels like playing, but it’s actually learning,” he says. “And it’s very effective learning because the competitiveness triggers emotions, and emotions tend to make the knowledge acquired at a particular time better retained in your head for future use rather than reading a document.”
From a go-to-market perspective, Pylarinos says Hack The Box plans to triple the size of its North American workforce over the next year. Today, only 19% of the company’s employees are based in North America, even though Hack The Box generates more than half of its revenue in the United States. Pylarinos expects 40% of Hack The Box’s employees to be based in North America in a year.
Crossing the Atlantic Ocean
The US has many large organizations with massive employees that could benefit from what Hack The Box has to offer, says Pylarinos, which is why the firm has been building a presence in New York since early 2021 and learning more about the US market to complement its hubs in Greece and the UK.
Hack The Box stands out from others in the cyberware market, such as TryHackMe, Offensive Security, and Immersive Labs, thanks to the size of its community and focus on keeping the platform up-to-date with the latest and greatest cyber methods, trends, and techniques. For example, in late 2021, Pylarinos says the ins and outs of Log4j were incorporated into the Hack the Box platform within a few days.
From a metrics standpoint, Pylarinos says he closely tracks annual recurring revenue as well as gross and net revenue retention. Beyond financials, Hack The Box monitors the number of new content items released each month, as well as how users rate the new content to understand what types of content the company should produce more of and what types of content the company should stop producing.
“Organizations get all the statistics that each user performs on the community edition of Hack The Box,” says Pylarinos. “So the CISO from day one can monitor sometimes years of progress for their employees.”