As in many applications of computer technology, cybersecurity training can be a real challenge. That applies to students, employees, and employers alike. Some of the aspects of this challenge directly impact my work as an information security writer and researcher. The jargon is constantly evolving.
New concepts are always emerging. DevOps barely existed for a decade and then DevSecOps was born. Industry standards like the NIST Cybersecurity Framework are changing how companies are designing their incident response. And containerization, virtualization, and the cloud are revolutionizing industries.
If someone learned to be a bricklayer a hundred years ago, they’d be ready to build walls in the 21st century. But in cybersecurity, five years ago may as well be fifty years ago. How can companies know that their people have the knowledge to defend their networks for the ever evolving cyber threat landscape of today and the future?
Ah yes, the “cybersecurity skills gap.” No three words can simultaneously make HR managers nod and tech jobseekers rage with such equal intensity.
HR thinks, “This role requires five years SOC experience, demonstrable familiarity with this particular SIEM, and a portfolio of digital forensics work. We can’t find a candidate who fulfills these requirements, so the role will remain vacant for now.”
Jobseekers think, “I’ve been in DFIR for a decade now. I spent a year as a SOC analyst at this other company. I used this SIEM, not the other SIEM. I’ve been unemployed for six months now and I’m behind on my rent.”
We can work together and produce win-win situations. Companies need top cybersecurity talent. A little bit of money spent on labor and training saves a company many times more money when they can prevent and mitigate cyber attacks which often cost millions of dollars in collective damages. (According to IBM’s Cost of a Data Breach 2021 report, a single data breach costs a company an average of $4.24 million USD!) And cybersecurity talent wins when they get to do good work everyday and enjoy a fulfilling career.
I personally feel that we can acknowledge and address the problem of cybersecurity training while avoiding controversial buzzwords. We can accomplish our mutual goals when students work on developing their skills and companies facilitate those efforts. Here at Hack The Box, we see it happen every single day.
The genesis of Hack The Box was when our founder and CEO Haris Pylarinos started developing virtual machines designed to teach people penetration testing skills. There’s only so much you can learn by reading, you must learn by doing. The cybersecurity community got really excited about Haris’ work. A thriving online community of curious hackers formed. From there, more hackers and business professionals joined HTB. And now Hack The Box is known internationally as the top gamified educational platform for pentesters and red teams. If someone wants to develop their pentesting skills these days, Hack The Box is the first thought that crosses their minds. But we never rest on our laurels, we’re always innovating.
We’re always adding new labs for hackers to test their skills, reflecting how vulnerabilities and cyber threats are constantly evolving. Meanwhile, we’re constantly expanding the ways we provide cybersecurity training. We now offer Dedicated Labs and Professional Labs for business, so your employees can learn to think like a hacker.
We launched HTB Academy in November 2020. HTB Academy is just as interactive as our famous labs and CTFs, but we also cover a variety of cybersecurity concepts from secure web application design to OSINT, from assembly language to SQL injection. As we’ve been adding courses to HTB Academy, we launched HTB Academy for Business in June of this year. These courses are designed with employee training in mind, to help address the cybersecurity needs of businesses of all sizes and in many industries.
We had our very first Business CTF in July. It was even more successful than we ever could have imagined. 374 corporate teams with a collective of 1621 players fiercely competed for £20,000 worth of prizes. Xormatic, Synacktiv, StandardChartered, INGBank, and Orange Cyberdefense came out on top. Now we’re starting to plan our second Business CTF for 2022.
Here’s a list of some of the companies and institutions that continue to choose Hack The Box for their employee cybersecurity training. (I’m sorry I don’t have room for a complete list!):
Whew! I feel like I just read an issue of Fortune Magazine. The list of big name clientele is actually a lot longer than that. We’re so happy that so many industry leading companies benefit from our services. But we enjoy working with small businesses just as much.
Here at Hack The Box, we have a team who specialize in listening to companies to provide them cybersecurity training designed for their particular needs. Feel free to get in touch.