Hack The Box: Startup Case Study – Gamified Cybersecurity Training

In today’s technology-driven world, few things keep organizations up at night like the fear of a data breach. As digital threats become increasingly sophisticated, the demand for skilled cybersecurity professionals is surging across all industries.

But hiring talent isn’t enough; what’s needed is continuous, cutting-edge training to keep up with ever-evolving threats. That’s exactly where this home for ethical hackers steps in—bridging the gap between rising cyber risk and real-world readiness. Its name?

Hack The Box

Hack The Box (HTB) is an innovative educational platform that gamifies cybersecurity training by offering hands-on labs and real-world challenges. It caters to both individuals and organizations seeking to enhance their cybersecurity skills and capabilities. By blending entertainment with education, Hack The Box provides an engaging environment for learning and professional development.

Founding Year: 2017

Headquarters: Folkestone, England, United Kingdom

Industry: Educational Services

Status: Active

Business Model

B2B, One-sided, Product & Service

• Clients: 
  • Individuals: Aspiring security professionals and experienced ethical hackers looking for a structured but fun learning platform with courses and modules covering cybersecurity fundamentals to advanced topics across offensive, defensive, and general security domains.
  • Businesses and organizations of all sizes looking to upskill their cybersecurity workforce, improve their security posture, and address the human element in cybersecurity. This includes companies in various industries, government agencies, and educational institutions.

It’s Like Codecademy but for Cybersecurity

Hack The Box operates similarly to Codecademy, sharing a commitment to interactive, self-paced learning and skills development. Both offer structured learning paths, a mix of beginner to advanced content, and gamified elements to keep users engaged.

But, there are some major differences:

• Hack the Box is geared toward cybersecurity enthusiasts and professionals.
• It focuses on hands-on penetration testing, ethical hacking, and security challenges through simulated real-world environments.
• HTB emphasizes practical, system-level hacking skills, often requiring users to exploit vulnerabilities in virtual machines.

Key Challenges in Cybersecurity

• Cybersecurity Skills Gap: Many traditional education systems focus more on theory than on real-world application, leaving a gap between what’s taught and what’s needed on the job.
• Evolving and Sophisticated Threats: Cyber threats are constantly evolving, from ransomware and phishing to zero-day exploits and Advanced Persistent Threats (APTs). Staying up to date with these tactics is a continual challenge for professionals and organizations.
• Lack of Realistic, Legal Training Environments: Aspiring ethical hackers often lack safe and legal environments in which to practice hacking skills. Testing exploits on live systems or unauthorized networks can have serious legal consequences.
• Limited Access to Quality, Affordable Training: Many high-quality cybersecurity training programs and certifications are expensive and out of reach for students or self-learners. This limits access to a diverse, global talent pool.
• Unclear Pathways to Certification and Career Readiness: Even when learners acquire skills, there’s often no clear path to prove or validate their readiness for real-world roles. Many certifications focus on rote memorization rather than demonstrating practical skills.

Hack The Box’s Solution

• An Immersive, Hands-on Platform: Users can practice real-world hacking in simulated environments. Through vulnerable virtual machines and real attack scenarios, users learn how to identify, exploit, and remediate security flaws.
• Regular Content Update: HTB updates its content to reflect emerging threats and attack vectors. It uses cutting-edge exploit techniques to make users understand how modern attackers think and operate.
• Legal and Controlled Platform: Machines are deliberately configured with vulnerabilities for users to find and exploit. The platform mimics real-world enterprise setups, providing a risk-free space for experimentation and learning.
• Certification and Jobs: The HTB Certified Penetration Testing Specialist (CPTS) is a practical, performance-based certification that tests users in a live hacking environment, mirroring real-world scenarios to ensure certified individuals can perform under pressure. HTB also aligns many of its training paths with job roles and industry frameworks, such as MITRE ATT&CK.

Founding Story

• Problem Inspiration: Hack The Box was founded in 2017 to bridge the gap between theoretical cybersecurity knowledge and real-world application. The founders recognized a pressing need for practical, accessible, and community-driven cybersecurity education.
• Founders’ Experience and Motivation: The company was founded by a team combining technical expertise and commercial vision:
  • Haris Pylarinos (@ch4p): Pylarinos brings over 15 years of experience in cybersecurity, systems engineering, networking, and software architecture. Described as a lifelong gamer and self-taught ethical hacker since the age of 12, his dissatisfaction with traditional training methods was the catalyst for the creation of HTB. He is recognized as an Endeavor Entrepreneur.
  • James Hooker (@g0blin): Hooker’s journey to becoming a co-founder exemplifies the company’s community roots; he started as an early, highly ranked platform user who actively contributed, identified a vulnerability, and was subsequently recruited. His background includes roles as a Vulnerability Researcher, Senior Software Engineer, Web Developer, and IT Consultant, with an HND in Computing and an Offensive Security Certified Professional (OSCP) certification.
  • Aris Zikopoulos (@azik): Zikopoulos holds an MBA from the Athens University of Economics and Business (AUEB), coupled with his previous experience in sales at ITWAY. He leads the company’s commercial strategy and business development efforts.
• Early Solution and Growth: HTB was born out of a desire to modernize cybersecurity education, making it hands-on, affordable, fun, and globally accessible, while building a vibrant ecosystem of learners, hackers, and employers. This practical, engaging, and inclusive approach made it appealing to beginners, professionals,  and companies with cybersecurity needs.
• Technology and Innovation:  HTB balances realism, accessibility, and engagement for cybersecurity education. It combines gamification, scalable cloud environments, and real-time performance tracking, which allows users to interact with realistic enterprise environments, offering immersive, storyline-based labs and PvP hacking simulations.
• Challenges and First Results: HTB faced challenges in gaining trust and traction within the ethical hacking community. It had to prove its value amid skepticism around legality, quality, and sustainability. The platform launched with a unique “invite-only” challenge that required users to hack their way in—an unconventional onboarding model that intrigued some but also limited early growth. Building and maintaining complex virtual environments with realistic vulnerabilities demanded deep technical expertise and infrastructure, especially with limited resources.

Despite these hurdles, HTB quickly attracted a passionate user base through word-of-mouth, community forums, and capture-the-flag (CTF) events. Its early success was evident in the exponential growth of users, from a few thousand to tens of thousands within the first year, many of whom praised its realism, challenge quality, and community-driven atmosphere.

Key Growth Milestones

2017: HTB launches in June, and the First Pro Lab (RastaLabs) was released in

2018: Capture-the-flag (CTF) platform debuted; Discord launched

2019: Awarded the UK’s “Most Innovative New Cybersecurity Company”

2020: Hacking Battlegrounds early Beta access; HTB Academy released for structured learning

2021: Launch of Enterprise Platform & BlackSky; Reached 100 Employees and 670k Community members

2022: Certifications introduced [Certified Penetration Testing Specialist (HTB CPTS) and Certified Bug Bounty Hunter (HTB CBBH)]; User base surpasses 1 million

2023: Launched Certified Defensive Security Analyst (HTB CDSA) certification

2024: More certifications [Certified Active Directory Pentesting Expert (HTB CAPE) and HTB Certified Web Exploitation Expert (HTB CWEE)]

2025: Partnerships with enterprises such as Google and LinkedIn; User base surpasses 3 million

Market & Competition

Target Market

Current Market:

• Individuals: Cybersecurity enthusiasts and professionals seeking to enhance their skills and advance their careers. This includes students, recent graduates, and experienced professionals looking to upskill or transition into cybersecurity roles.
• Organizations and institutions: Organizations of all sizes seeking to improve their cybersecurity posture by upskilling their workforce, conducting security assessments, and simulating real-world attack scenarios. This includes companies in various industries, government agencies, and educational institutions.

Market Size and Growth:

• Global Cybersecurity Training Services Market: Grand View Research Projected the market to reach $13,698.1 Million by 2030, growing at a CAGR of 17.1% from 2024 to 2030; with the US, Australian, and Greek markets growing significantly at a CAGR of 15.0%, 19.%, and 7.7% respectively, within the same forecast period. Since HTB already operates in these markets, it indicates that the company is well-positioned to acquire a significant market share, provided it continues to offer cutting-edge training and certification in cybersecurity.

Number of Clients and Suppliers:

• Clients: Over 1,500 companies have utilized HTB’s corporate cybersecurity training services. The brand also reports having 3.6 million users.
• Suppliers: Aside from the employees who design and build virtual machines, challenges, and labs used in the platform, HTB leverages a diverse partner network to broaden access to its interactive training. This includes channel and distributor partners, global regional partners, and accreditation partners. These collaborations make HTB more available to governments, enterprises, educational institutions, and professional communities worldwide.

Potential New Markets:

• Expanding into new geographical regions: HTB has plans to accelerate its international expansion, with a focus on Africa and the Asia Pacific (APAC). This is a strategic move because both markets are experiencing cybersecurity skill shortages amid a growing demand for cybersecurity professionals.
• Targeting new customer segments: HTB aims to expand its training offerings to include defensive techniques, catering to security engineers, SOC analysts, and incident responders.

Growth Trends:

• Increasing frequency and sophistication of cyberattacks: This drives the demand for skilled cybersecurity professionals and the need for effective training solutions.
• Growing awareness of cybersecurity threats: Organizations are increasingly recognizing the importance of cybersecurity and investing in training to mitigate risks.
• Rising demand for skilled cybersecurity professionals: The cybersecurity workforce shortage is a well-documented challenge, with a shortage of over 4 million professionals as of 2023. This shortage is creating a significant opportunity for training providers like HTB.

Competitor Landscape

Hack The Box operates in a competitive market with several established players offering cybersecurity training and skills development solutions. These competitors range from online platforms with gamified approaches to traditional training providers offering courses, certifications, and simulations.

Main Rivals:

• TryHackMe: An online platform known for its gamified approach to cybersecurity training, offering hands-on labs, learning paths, and CTFs.
• Immersive Labs: A cybersecurity training provider specializing in scenario-based learning and crisis simulations.
• Cyberbit: A company focused on cybersecurity skills development, offering cyber ranges, simulations, and training platforms.
• INE: A provider of cybersecurity training and certifications, offering courses, labs, and bootcamps.
• Infosec Skills: A cybersecurity training platform featuring courses, hands-on labs, and bootcamps.
• Pluralsight Skills: An online learning platform with a vast library of cybersecurity courses.
• CBT Nuggets: An on-demand IT training provider offering cybersecurity courses and video tutorials.
• KodeKloud: A learning platform for DevOps and Automation, offering courses and hands-on labs.
• ACI Learning: An IT training provider offering cybersecurity certifications and courses.
• Coursera for Business: An online learning platform for businesses, offering cybersecurity courses and specializations.

Marketing & Sales

Main Positioning Values: Quality & Variety

Website & Socials

• Monthly Visits: Hack The Box’s website sees over 2.1 million monthly visits.
• Traffic Sources: Most of this traffic comes from direct and organic channels, with only minimal shares from referrals, paid search, and social networks.
• Top Countries: The United States leads in traffic share, followed by India, the United Kingdom, Vietnam, and France.
• Traffic from Social Media: YouTube is the primary social channel, with LinkedIn, Reddit, X, and WhatsApp also contributing smaller yet notable shares.

Media Coverage

• GlobeNewswire and The Manila Times featured HTB’s partnership with Carahsoft Technology Corp. to bring advanced cybersecurity training solutions to the public sector.
• TechCrunch+ and The Recursive covered HTB’s Series B funding round of $55 million, led by Carlyle.
• Awards:
  • 2024:
    • Best Small & Medium Workplaces in Europe 2024
    • Cybersecurity Certification Innovation Award in 2024
  • 2021: Security Training Programme of the Year
  • 2020: TOP 25 CyberSecurity Companies
  • 2019: UK’s Most Innovative New Cybersecurity Company
• CyberMagazine and CSO online discussed HTB’s partnership with CREST to enhance cybersecurity skills development.
• Funding Rounds: Featured on several platforms, including Endeavor, Crunchbase, TechCrunch, The Recursive, and UK Tech News.

Marketing Strategies

• Target Audience: HTB primarily targets individuals interested in cybersecurity, from beginners to seasoned professionals, as well as businesses and educational institutions seeking to upskill their workforce. The website demographics show the largest age group is 25-34 (33.5%), followed by 18-24 (29.6%), and 35-44 (20.7%), with a predominantly male audience (73.5%).
• Content Marketing: HTB utilizes its blog, videos, podcasts, and social media presence, including Discord, LinkedIn, X, YouTube, and Facebook, to share valuable content, engage with its community, and promote the brand.
• Community Building: HTB leverages its strong community on Discord and through meetups to foster engagement, word-of-mouth referrals, and attract new users.
• Partnerships: HTB partners with organizations like Carahsoft to reach specific markets, such as the public sector. Strategic partnerships with companies like Google and training providers like Applied Technology Academy expand reach into specific sectors like AI and government. They also collaborate with universities to integrate their platform into cybersecurity curricula. They partnered with Parrot to further develop the Parrot Security OS
• Affiliate Program: HTB incentivizes content creators to promote their platform and drive subscriptions through an affiliate program.
• Events and Competitions: HTB hosts CTF competitions and events to attract participants, generate interest, and showcase their platform’s capabilities.
• Freemium Model: HTB offers a free tier with limited access, enticing users to upgrade to paid VIP and VIP+ subscriptions for full access and additional features. Businesses and institutions have separate pricing plans tailored to their specific needs.

Product & Innovation

Hack The Box has been recognized as a global leader in hands-on cybersecurity education due to its innovative approach and products, which include:

Gamified Hacking Platform

HTB pioneered a fully gamified environment for learning ethical hacking. From its legendary “hack-your-way-in” invite challenge to leaderboards, flags, points, and ranking systems, HTB transformed security training into a competitive and immersive game. This innovation not only made learning fun but also deeply engaging and community-driven.

Hack The Box Academy

Launched in 2020, HTB Academy introduced structured, interactive learning paths that combine theory and hands-on labs in a seamless experience. Unlike traditional courses, HTB Academy allows learners to apply what they’re learning in real-time with virtual machines and scenarios. It covers beginner to expert topics and is aligned with job roles and certifications.

Pro Labs

Pro Labs are advanced, enterprise-grade environments that simulate real-world corporate networks. These labs mimic complex infrastructures with features such as Active Directory, multiple pivot points, and layered defenses. Labs like Offshore, Dante, and Cybernetics are used by professionals preparing for high-stakes roles or certifications, including OSCP and HTB CPTS.

HTB CPTS Certification

HTB’s Certified Penetration Testing Specialist (CPTS) is a practical, performance-based certification exam that requires candidates to solve real hacking scenarios in a live environment. Unlike multiple-choice certifications, CPTS validates actual skill and decision-making, making it highly respected by employers and red teams.

Battlegrounds & Endgames

HTB introduced Battlegrounds, a real-time PvP (player-versus-player) hacking mode, where participants compete to compromise targets before their opponents. Endgames, on the other hand, are narrative-driven, multi-stage environments that simulate full attack chains. Both are designed for advanced learners and represent cutting-edge innovation in cybersecurity training.

Financials & Metrics

Revenue Sources

• Individual Subscriptions: HTB offers various subscription tiers for individuals seeking to enhance their cybersecurity skills. These tiers provide access to different levels of content and features.
• Enterprise Solutions: HTB generates revenue through its enterprise platform, which provides cybersecurity training and development solutions for businesses and organizations. These solutions include Dedicated Labs, Professional Labs, Cloud Labs, and Academy Labs.
• Capture The Flag (CTF) Events: HTB hosts CTF competitions and events for individuals, businesses, and universities, generating revenue through participation fees and sponsorships.
• Talent Search Platform: HTB’s talent search platform connects cybersecurity professionals with job opportunities, potentially generating revenue through recruitment fees or subscriptions from companies seeking to hire skilled professionals.

Metrics

• Annual Recurring Revenue (ARR): While precise ARR figures are not publicly available, Growjo estimates HTB’s annual revenue to be $523.8 million.
• Funding and Investments: HTB has raised about $70 million in funding in four rounds:
  • Seed: Raised $1.3 million in April 2019 and an additional $2.58 million in October 2019.
  • Series A: 2021, raised 10.6 million
  • Series B: 2023, raised $55 million.
• Employee Count: Estimates suggest that HTB has between 201-500 employees.

Structure & Culture

Leadership Structure

HTB seems to have a tiered structure, with the following team members:

• Haris Pylarinos, Co-Founder & CEO
• Aris Zikopoulos, Co-Founder & CCO
• James Hooker, Co-Founder & CTO
• Nikos Fountas, COO
• Tom Fernandez, CRO
• Christine Bartlett, SVP of Marketing
• Gerasimos Marketos, SVP of Product
• John Tsakatanis, SVP of Finance

This leadership team blends the founders’ original vision and technical depth with experienced executives focused on scaling operations, product development, finance, and sales across different market segments.

Company Culture

• Teamwork and Collaboration: HTBers describe the team dynamic as a global symphony—individual strengths harmonized around shared goals.
• Growth Mindset: Lifelong learning is built into the culture, with annual training budgets, development initiatives, and collective growth at every level.
• Hackers at Heart and Creativity: Problem-solving through unconventional thinking is prized across teams, from marketing to engineering. Leaders encourage calculated risk-taking and disruptive innovation.
• Passion & Purpose: Employees share a deep passion for cybersecurity. This energy, combined with a mission to democratize cyber skills worldwide, fosters high engagement and autonomy.

Impact & Success

Customer Feedback

• Positive Feedback: Users on G2, Trustpilot, and GetApp praise HTB’s gamified approach, hands-on learning experience, comprehensive content, and the platform’s engaging learning environment. They appreciate the variety of challenges and machines, as well as the ability to learn at their own pace.
• Constructive Criticism: Some users have suggested improvements, such as providing more in-depth explanations in certain modules and enhancing the platform’s organization and structure.

Success Stories

• Chuck Woolson: A former US Marine with no prior tech experience who used HTB to transition into a cybersecurity career and become a Red Team Operator for Synack Red Team.
• Organizations: HTB has showcased how organizations like Autodesk, Emerson Electric, and various universities have used its platform to upskill their cybersecurity teams and improve their security posture.

Growth & Future

Challenges

• Maintaining Content Relevance: The cybersecurity landscape evolves rapidly. A key challenge is continuously updating the vast library of labs, courses, and challenges to reflect the latest threats, vulnerabilities, and technologies, ensuring the training remains relevant.
• Balancing Gamification with Professional Rigor: HTB is known for its gamified approach, but professional users (corporate clients, red/blue teams, government agencies) demand structured, measurable, and certifiable content. Thus, it has to balance being appealing to both hobbyist learners and enterprise teams without compromising either experience.
• Bridging the gap between “fun hacking” and “measurable upskilling” for enterprise buyers: Large organizations need tangible business value; metrics, dashboards, team oversight, skill mapping, etc. HTB must translate its immersive model into boardroom-relevant ROI.

Future Plans

• International Expansion: A key focus is accelerating growth in established strong markets like the US and Europe, as well as expanding presence in the APAC region, including Australia. Plans include establishing physical offices in New York and significantly increasing the employee base in these regions, supported by investment in sales and marketing capabilities.
• Product Development & Innovation: Heavy investment in R&D is planned to execute a product roadmap focused on top-notch content releases and groundbreaking features. The 2025 product roadmap emphasizes four pillars: User Management, Analytics & Reporting, Learning Experience, and Curriculum Management. Key areas include:
  • Expanding Defensive Capabilities: A major strategic goal is to broaden offerings beyond the current strength in offensive security (red teaming) to better cater to defensive roles (blue teaming) such as SOC analysts, incident responders, threat hunters, and security engineers. This includes new certifications (HTB CDSA), labs (Sherlocks), and potentially dedicated blue team labs.
  • AI Security Training: Partnering with Google to launch the AI Red Teamer job-role path, addressing the emerging need for skills in evaluating and defending AI systems, aligned with frameworks like Google SAIF, MITRE Atlas, and OWASP LLM/ML.
  • Enhanced Enterprise Features: Improving user management for large teams, enhancing analytics and reporting for better performance tracking and executive visibility, streamlining the learning experience, and overhauling curriculum management. This includes improving CTF data visibility and simplifying access across the content library.
  • Rapid Vulnerability Content: Aiming to provide training content simulating new vulnerabilities quickly after disclosure.
  • Content Acquisition: Strategically acquiring content, like that from Vulnlab, to bolster specific areas like red teaming and Active Directory security.
• Ultimate Goal: To become the “ultimate reference point for cybersecurity professionals” and provide a “single pane of glass for the CISO” to manage and monitor the entire cyber workforce across offensive and defensive domains.

Key Takeaways for Entrepreneurs

• Turn Boredom into a Game: Traditional education often struggles with engagement. Hack The Box demonstrates the power of gamification. Identify industries where learning is perceived as tedious and explore how to inject fun, competition, and rewards to transform the experience.
• The Power of ‘Always On’ Learning: In a rapidly evolving field like cybersecurity, constant upskilling is crucial. Consider business models where the learning journey never truly ends, offering continuous value and fostering long-term customer relationships through subscriptions or recurring revenue streams.
• Don’t Just Teach, Entertain: Hack The Box blurs the lines between education and entertainment. Challenge the assumption that learning must be serious. Embrace elements of play, storytelling, and community engagement to make your offering inherently captivating.
• Feedback Loops Fuel Growth: Automated feedback mechanisms in Hack The Box’s platform ensure scalability. Think about how technology can provide instant, personalized feedback in your chosen field, freeing you from manual limitations and allowing you to serve a larger audience.
• Find Your ‘News’ Niche: Just as news remains eternally relevant, identify areas where knowledge needs constant refreshing. Positioning your offering within such a space naturally lends itself to long-term engagement and monetization.