Hack The Box, a gamified cybersecurity

training platform with 1.7M users, raises

Image Credits: Hack the Box (opens in a new window)under a license.

There’s long existed a divide in the world of computer hacking between those who are
taking a malicious approach to crack a system, and those who are using the same
techniques to understand the system’s vulnerabilities, help fix them and at the same time
fight against the malicious actors. Today, Hack The Box, one of the startups that’s built a
platform to help cultivate more of the latter group with a gamified approach, is announcing
$55 million in funding to expand its business after racking up 1.7 million users.

The funding is being led by Carlyle, with Paladin Capital Group, Osage University
Partners, Marathon Venture Capital, Brighteye Ventures and Endeavor Catalyst Fund
also participating.
The U.K. startup is not disclosing valuation at the moment. But for some context,
according to PitchBook, the startup, based out of England but with offices in New York
and with founding roots out of Greece — where it also has an office (and where it
seems rumors of this round leaked out a couple of days ago) — had raised just over $24
million since being founded in 2017 (with about $15 million of that in equity: the company
says it’s now raised about $70 million). Its last valuation, previously updated in 2021 after
it raised $10.6 million, was a very modest $52 million.

“Modest” because the scale of what the company has achieved is pretty impressive. The
1.7 million community members that use the platform cover both individuals who have
joined HTB on their own steam to learn skills and get certifications, as well as some 1,500
enterprises, universities, governments and other organizations that have sent their teams
to HTB to be put through their paces.

The company says it currently runs some 450 “hacking labs” across more than 300
machines. Similar to companies like Kahoot (which works in a very different environment
to be clear, K-12 education and corporate training) the idea with HTB is that its learning
environment is built around gamification, simulations with avatars and narrative scenarios
that are designed to throw users into what are built to mimic classic cyber hacks of
varying and increasing sophistication. It also has a “pro lab” tier that takes on typical
network configurations, such as Active Directory or fully patched environments, to test
and train people on different attacks and approaches around common enterprise tools
and scenarios. Penetration testing, misconfigurations and evading endpoint protections
are among the situations that are thrown at users.

On top of this, in addition to its training platform for individuals and teams, it offers a
careers platform, where those looking to hire ethical hackers, or ethical hackers looking
for work, can connect.

HTB is not the first nor only company to build cyber training around a gamified
environment. US Cyber Games, built in conjunction with U.S. government organizations,
is built out as a mass-player environment that is used to identify and train would be white-
hat hackers. (It also has a careers service.) HTB is actually one of the US Cyber Games’
sponsors and supporters. Others like SafeTitan, Phished and Immersive Labs offer a
range of approaches both for technical teams as well as employees to help raise
awareness. The latter is not a category currently addressed by HTB, although it’s an
obvious area into which it might grow.

“Our mission is to create and connect cyber-ready humans and organizations through
highly engaging hacking experiences that cultivate out-of-the-box thinking,” said Haris
Pylarinos, the CEO and co-founder, in a statement. “The game in cyber has changed with
defensive, reactive and recovery postures not being fit-for-purpose in the face of an ever-
increasing and ever-evolving wave of sophisticated attacks. A new proactive offensive &
defensive approach is needed to take the fight to cybercriminals rather than waiting to be
hit. From individual security professionals to companies, this means adopting a ‘hacker
mindset’, learning to think and act like an attacker. This is the kind of mindset that we
cultivate through Hack The Box.”
Something we have been regularly returning to on TechCrunch at the moment is the fact
that funding has become a lot harder to come by in certain segments of tech. HTB is in
one of the categories that is continuing to see attention, not least because security
breaches certainly have not slowed down with the rest of the economy. That’s one reason
why investors would back those in the field that are scaling and have so far done so with
relatively little outside capital.

“The demands on security and IT professionals have never been greater. An industry-
wide talent shortage and an exponentially growing number of cyber threats place great
importance on professionals and organizations to maintain best-in-class security
practices,” Constantin Boye, a director at Carlyle, in a statement. “Hack The Box is a
pioneer in constantly providing fresh and curated training and upskilling content, in a fully
gamified and intuitive environment, enabling individuals and organizations to tackle real-
world hacking problems. We are excited for the next stage of Hack The Box’s evolution
and are proud to be part of this journey.”

More TechCrunch

Katrina Lake is back as interim CEO of struggling Stitch Fix, 17 months after
stepping down

Apple’s M2 Mac Mini arrives January 24, starting at $599