An introduction to Cyber Performance Center

Since launching Hack The Box (HTB) in 2017, I’ve spoken to hundreds of security leaders fighting a common, yet brutal, uphill battle: 

Translating security budgets into a high-performance security function. 

Despite the increasing investment in technology, we still see a 600% increase in cybercrime year-over-year. 

We still see burnout run rampant in our industry. 

We still see leaders struggle to address technical skills gaps. 

Organizations are suffering from breaches that could’ve been avoided. 

What’s happening? 

We’ve championed security programs for more than 1,500 teams around the globe, and with 2.7+ million members, became the hub for developing threat-ready cyber professionals. Our experiences & data over the last 7 years show that poor security performance boils down to one thing: 

People. 

Security has a “people problem”

It’s no surprise that a lack of talent or human failure is expected to account for over 50% of significant cyber incidents by 2025. 

And let’s be honest, the “people problem” isn’t exactly a grand revelation in the security industry. But based on our unique insights from supporting security teams with…

• Connecting team development to business goals with our courses, hands-on lab scenarios, and skill assessments.

• Engaging staff in a “grow-together” culture via our CTF platform.

• Hiring top-tier candidates through our Talent Search portal (~500k talent pool).

Most orgs solve people's problems (and security performance problems) the wrong way.

They fixate on processes and technology while neglecting the talent responsible for running all systems.   

Process investments like security monitoring, threat detection, or AI-powered operations still require the individual ability to match those with business outcomes. 

More money allocated into SIEMs and SOARs won’t defend against cyber risks without the skills to utilize technologies across the organization.

And so on.

At Hack The Box (HTB), we see the solution as an investment in people’s careers, development, and well-being. Resulting in a better security posture and cybersecurity alignment with business objectives.

From skills to performance

The life of a modern cyber professional is not just about individual ability or certifications. 

Individuals need to possess the hard skills and knowledge to fulfill their job responsibilities–but they also require the capability to match existing processes with concrete business outcomes, and an environment fostering career progression and well-being.

In other words, a cyber professional’s life is about bringing the best version of themselves every single day.

That’s what the Cyber Performance Center is about.

Your team’s completion badges on different learning platforms won’t stop cyber criminals. 

However, their ability to identify the right attack log, escalate the right incident, or detect that obscure potential vulnerability, will.  And that boils down to real-time cyber performance. 

HTB is redefining cyber resilience by providing a platform where professionals, teams, and students can find their safe, yet challenging, place to grow.

Gamified, hands-on upskilling

Our recent recognition as leaders of Forrester’s Skills & Training Platforms Wave™ confirms what we’ve validated when it comes to building market-ready professionals over the last seven years: 

Training and regular practice aren’t going anywhere. Like an Olympic gold medal athlete, a “gold medal cyber professional” needs regular training to stay ready and make a difference in their org’s security posture. 

Forrester’s independent research further highlights our upskilling capabilities in several key areas:

• Gamification: we are proud pioneers of gamified cyber training. Our gamification is functional to own the skill or technique practiced. 

• Learner Experience: our platform members have the opportunity to learn at their own pace, compete in thrilling cybersecurity competitions, or practice with guided features. Everyone can manage their personalized learning curve, with new labs released weekly.

• Curriculum Management: paths focusing on skills or job roles are designed to take students from novice to expert through a logical series of learning modules, with regular practical assessments to verify the knowledge acquired.

Our methodology builds market-ready cyber professionals.

And our focus on realism enables our platform members not only to learn single techniques, attacks, or procedures, but also to apply them to real-world problems.

Professional workforce development

A bunch of skilled individuals won’t automatically lead to a secure organization. Their skills need to be aligned to a defined business environment, tech environment, and commercial outcomes. 

That’s why we’ve focused on ensuring HTB Enterprise Platform offers the ideal solution for teams to align cybersecurity skills development and business objectives.

A comprehensive security metrics program can: 

• Help organizations improve their decision-making.

• Enhance visibility across their organization.

• Benchmark their performance against peers.

• Demonstrate the value of cybersecurity to the C-Suite and the board.

The specific metrics to track to ensure cyber readiness vary from company to company. Our methodology and platform features, though, are designed to carefully oversee skills development and analyze potential gaps that could cost real dollars to the business. 

The risk mitigation mindset can be easily demonstrated through our CVE-based practical labs:

1. Understand your operational infrastructure.

2. Understand what the adversary uses in terms of TTPs.

3. Attempt to understand the collection requirements of the adversary.

4. Decrease your mean-time-to-detect (MTTD), mean-time-to-resolve (MTTR), and mean-time-to-contain (MTTC).

This practice can enable predictive moves in cyber operations and boost the threat hunting capabilities of an organization. 

Follow the quick demonstration below to see how in-platform capabilities allow technical leaders to monitor skill progression, activity, and coverage of industry frameworks such as MITRE ATT&CK.

GET A FULL DEMO

Our solution

The challenges of our community differ from individual to individual, from organization to organization. 

A young SOC analyst might be focused on mastering the required skills to lead his first promotion, while an established business has the priority to reduce the cost of cyber incidents: 

We are proud to say that we can offer a concrete solution to the most diverse problems our industry faces.

Hack The Box does not solve a training challenge, anymore. We do upskill individuals and teams, but our final goal is to create and maintain high-performing professionals who can handle the dynamics of a constantly evolving cyber world. 

We do this by offering solutions that combine ability, workforce development, and human focus to drive peak performance.

 

Author bio: Haris Pylarinos (ch4P), CEO and Founder, Hack The Box  Haris is a security expert with over 15 years of experience in the IT and cybersecurity industry. In 2017, he founded Hack The Box, a leading gamified cybersecurity upskilling, certification, and talent assessment platform that has grown to over two million global users.  Haris achieved 1st place in Panoptis 2017, the Greek National Cyber Defence Exercise, and has participated in cybersecurity competitions worldwide. Following his 1st place win, he helped the Greek Army design future cyber warfare exercises for 2018 and 2019.  Haris was also an EC-Council certified trainer who coached young professionals participating in the European Cybersecurity Challenge of 2017 and 2018. Feel free to connect with him on LinkedIn.