It’s been over two years since Hack the Box completed a $55 million Series B funding round, but CEO Haris Pylarinos is keen to continue riding the wave of optimism at the company and make inroads into new markets.
Speaking to ITPro in the wake of the investment round in January 2023, Pylarinos said the company planned to triple its headcount and accelerate global expansion.
In a follow-up interview last month, the chief executive revealed these plans are continuing at a good pace. The company now boasts sites in the UK, Greece, and US, but has taken a cautious approach to increasing headcount rather than haphazardly expanding.
“Overall the Series B gave a great push to the company,” he told ITPro. “We have grown significantly since then, but sensibly at the same time. Our headcount, roughly speaking, is approaching the 300 mark.”
There are positive signs across the board for Hack the Box at present, according to Pylarinos. The company has expanded its enterprise customer base, now working with major brands such as Siemens, Google, and Lufthansa, and its community platform has surpassed the three million user mark.
Hack the Box provides gamified training programs to help organizations and individuals improve cybersecurity awareness and skills. These war game-style cybersecurity programs include real-world threat scenarios, all of which use techniques commonly used by threat actors.
When the company launched in 2017, this was a market ripe with opportunity – and with accelerating threats and skills gaps in the years following placing organizations at huge risk, the company capitalized.
Hack the Box infuses cyber training with AI
Notably, the Series B enabled the company to further expand its offerings, this time capitalizing on a new industry trend: generative AI. In December last year, the company launched a new AI-powered Crisis Control service aimed at taking its gamified training programs one step further.
This tests users’ cyber defense capabilities using real-time breach and crisis simulations, all powered by AI to throw the occasional spanner into the works and ensure they’re able to adapt and respond to a worst-case scenario.
As with the original training programs, Pylarinos told ITPro there was a gap in the market. Similarly, crisis simulations were - and still are - an area where security leaders have been keen to sharpen up and increase budgets to prepare for the worst.
Research from Hack the Box found 74% of CISOs plan to increase budgets for crisis simulation exercises in the year ahead, underlining the enthusiasm for these offerings.
“Crisis control is an important product, a product that reaches the boardroom where the decisions are made in cybersecurity incidents,” he said. “The fact that we use AI helps keep each and every exercise relevant.”
Hack the Box is growing at a solid pace, according to CEO Haris Pylarinos
Crisis simulation programs are by no means new, nor is the use of AI in curating these, Pylarinos admitted. However, what he believes separates Hack the Box from other offerings is the fact that the AI model underpinning the scheme was built in-house and isn’t a rehashed product simply infused with AI.
Indeed, each training program is catered specifically to the organization, their unique needs, and based on the industry they operate in.
“A common theme you see on the market is that ‘we used ChatGPT to create the narrative’ - this isn’t the case,” he said. “What we actually do is we scan public information, like news articles, for example, and we understand what is the current trend in the vertical that the organization is in.”
As an example, Pylarinos told ITPro that an organization operating in the financial services sector would be given a crisis control simulation based on factors such as increased APT activities in that industry, or specific malware strains being used against financial institutions.
“Our system understands that and builds an exercise based on what is going on today in the market. So you are training on something that is extremely realistic and relevant to your specific industry. I think that's the advantage of utilizing AI in that capacity.”
So far, feedback on the service has been great, Pylarinos said. Admittedly, though, the program is still in its infancy so it’s not quite reached the volume where he could definitively outline the true benefits or impact.
Further gains afoot for Hack the Box
Looking ahead, Pylarinos told ITPro the company plans to continue expanding, and growth remains solid. Notably, the chief executive said “I don’t see a fundraise coming any time soon” on account of its positive cash flow.
“We are becoming more and more cash efficient as time progresses without sacrificing growth, meaning that there is a very good chance that we pass the burning point where you spend more capital than you earn and become profitable in the following years.”
There are positive signs the company is making further inroads into other verticals, Pylarinos added. The company initially started as "primarily a red team player” training penetration testers.
But now the company is fostering closer ties with the blue and purple team domains - and it’s a trend he appears keen on pursuing further by leveraging the company's expertise and established reputation in the red teaming space.
“We are now a fully fledged powerhouse, catering for red, blue and purple needs,” he said. “Blue [teamers] is a much bigger market, so there are more potential users out there that would benefit from our content.
“The fact that we have so much expertise on the red side helps us recapitalize this and train the defensive side on how to deflect and manage the most difficult cyber attacks out there.”
MORE FROM ITPRO
- Cyber attacks against UK firms dropped by 10% last year, but experts say don't get complacent
- What do security pros want from generative AI?
- The UK cybersecurity sector is worth over £13 billion, but there’s still huge untapped potential if it can overcome these hurdles
-
Dragging your feet on Windows 11 migration? Rising infostealer threats might change thatNews With the clock ticking down to the Windows 10 end of life deadline in October, organizations are dragging their feet on Windows 11 migration – and leaving their devices vulnerable as a result.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Foreign AI model launches may have improved trust in US AI developers, says Mandiant CTO – as he warns Chinese cyber attacks are at an “unprecedented level”News Concerns about enterprise AI deployments have faded due to greater understanding of the technology and negative examples in the international community, according to Mandiant CTO Charles Carmakal.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapersNews While not malicious, the bots can overwhelm web applications in a way similar to bad actors
-
Law enforcement needs to fight fire with fire on AI threatsNews UK law enforcement agencies have been urged to employ a more proactive approach to AI-related cyber crime as threats posed by the technology accelerate.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
-
300 days under the radar: How Volt Typhoon eluded detection in the US electric grid for nearly a yearAnalysis Lengthy OT lifespans give attackers time to penetrate networks underpinning critical infrastructure and plan future disruption
-
The UK cybersecurity sector is worth over £13 billion, but experts say there’s huge untapped potential if it can overcome these hurdlesAnalysis A new report released by the DSIT revealed the UK’s cybersecurity sector generated £13.2 billion over the last year
-
Cybersecurity teams face unparalleled pressure, but they’re stepping up to the plateNews While cybersecurity teams are contending with rising workloads and chronic staffing issues, new research shows practitioners are still charging ahead and meeting targets.
-
There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victimsNews Security experts have warned the BlackLock group could become the most active ransomware operator in 2025
