| How to build a high-performance cyber workforce

How to build a

cyber workforce
high-performance
1

2024
 Summary 2

Hundreds of security leaders fight Discover how to attract and

How to build a high-performance cyber workforce

a common, yet brutal, uphill battle: retain top cybersecurity talent.

Translating security budgets into a
high-performance security function. Know where to find entry-level
Despite the increasing investment talent.
in technology, we still see a 600%
increase in cybercrime year-over- Onboard new cybersecurity
year.Why? Most orgs solve people’s hires efficiently and effectively.
problems (and security performance
Shift your organization’s
problems) the wrong way. They fixate
security culture to one of upskilling
on processes and technology while
and proactiveness.
neglecting the talent responsible for
running all systems.
Track the right metrics to prove
the worth of investing in your
At Hack The Box (HTB), we see the people.
solution as an investment in people’s
careers, development, and well-being. Implement a reskilling strategy
Resulting in a better security posture to develop a cybersecurity A-team.
|

and cybersecurity alignment with

business objectives. Protect your teams from
burnout, retaining your top talent.
In this comprehensive guide for
security leaders, you’ll leave with Connect cybersecurity
practical tips and insights from experts performance with tangible
in the industry. After reading you’ll: company goals.
 Table of contents 3
How to build a high-performance cyber workforce

04 4 recruiting strategies that build A-list cyber teams

10 Finding entry-level talent with market-ready skills

16 The power of effective cybersecurity onboarding

22 8 cybersecurity performance metrics you should be tracking

|

36 Implement cybersecurity reskilling & close talent gaps

43 How security leaders can protect their teams from burnout

49 Why upskilling is the key to retaining top cybersecurity talent

53 Accelerate your cyber performance with Hack The Box

 Chapter 1: 4

4 recruiting strategies that

build A-list cyber teams
Security incidents are rising, of entry-level candidates applying Upgrade your
How to build a high-performance cyber workforce

insurance premiums increasing, for these open cybersecurity

and the cost per incident is hard positions. The real issue here is that
cybersecurity
to overestimate. Paired with these candidates aren’t considered recruitment strategy
complex customer environments, “qualified”. A demand for more
cloud adoption, and an increase qualified candidates with practical, 1. Focus on skills over certifications
in remote work, protecting your real-world experience and skills has Qualifications and certifications
IT infrastructure is more of a created this gap. And with many can only tell you so much about
challenge than ever before. The “entry-level” cybersecurity roles a candidate. To properly assess
result? We need more cybersecurity calling for 3-5 years of experience, whether a candidate can do the job,
professionals. The talent shortage, something has to give. you must look at their skill set. But
coupled with an ever-widening how can we measure these skills?
skills gap, is burning out teams and, So, how do we close that gap? We Our Professional Labs build skills that
ultimately, raises our susceptibility need to redefine what “qualified” are mapped to the MITRE ATT&CK
to the evolving risks we face. This all means and shift our focus on who framework, relating critical skills to
calls for a new way of hiring. the ideal candidate is. By embracing real job roles and responsibilities.
a skill-based hiring culture, we Tracking these skills makes it easier
encourage the idea that anyone to upskill (or test candidates) for a
The huge cyber
|

can become a cybersecurity certain job role. So, if a candidate

skills gap professional when supplied with the uses a platform like HTB, you can
Cybersecurity talent shortages right tools and support. Whether immediately see from their profile
have plagued the industry for it’s someone from your IT team, what areas they are skilled in and
years, and they are only getting a recent graduate, or someone where the gaps may be. You can
worse. However, there’s a common from an entirely different career then use customized or pre-built labs
misconception that there’s a lack background. to test their skills.
 Chapter 1: 5
4 recruiting strategies that
build A-list cyber teams

💡 Tip: Managers using the HTB

How to build a high-performance cyber workforce

Enterprise Platform can easily search Revolutionizing cybersecurity talent acquisition:

courses using MITRE terminology A strategic recipe for building elite teams
and assign them based on the
techniques and tactics relevant to
their teams.

Skills-based hiring also provides

some reassurance that your latest --> Prioritize skills above
certifications & job titles
hire is already aligned with evolving
threat actor tactics, techniques,
--> Search for candidates with
and procedures (TTPs). This can be passion & out-of-the-box thinking
helpful when presenting additional
investment or potential hires to the --> Post jobs where candidates
wider businesses, you can show the are spending time upskilling
tangible benefits they’ll bring to the
organization. --> Make job descriptions accessible with
a skills focus & flexibility on experience
|

--> Have a strong onboarding process

that prioritizes upskilling

--> Invest in continuous hands-on learning

with new & existing employees
 Chapter 1: 6
4 recruiting strategies that
build A-list cyber teams

2. Go where the talent is

“
How to build a high-performance cyber workforce

By depending only on recruitment

agencies or simply posting your jobs
on popular career boards, you often
receive applications with similar We finally were able to target an audience that exactly
experience levels and certifications. matched the type of skills we were seeking. There
This limits the potential pool of aren’t any other credible job boards that specialize
candidates, leading you to overlook in penetration testing, Red Team, or just focusing
some fantastic talent. on cybersecurity roles. Hack The Box offered us the
opportunity to post jobs directly to a community of
Instead, hiring managers can adopt hackers.
a much more precise approach to
hiring by targeting cybersecurity We got access to profiles that are non-traditional, this
professionals on the platforms they broadens your perspective and opens up a whole new
use. This saves both time and money, addressable market of skilled candidates. Filtering by
reducing the number of unrelated rank provided an indication of capability. It’s how we
applications and recruitment fees. found Josiah, who was working in a Blue Team role at
the time. His profile likely wouldn’t have reached us via
|

a recruiting agency because it did not meet the typical

criteria.

Tom Williams, former Principal Consultant

at Context Information Security
 Chapter 1: 7
4 recruiting strategies that
build A-list cyber teams

3. Create a unified hiring --> Offer a list of websites

How to build a high-performance cyber workforce

vision by aligning teams and platforms to search for

To successfully move your cybersecurity talent.
organization’s cybersecurity hiring
into the modern era, you need to --> Adopt this skills-based
ensure that everyone is on board. hiring culture across the entire
organization, not just cybersecurity
HR, talent teams, and hiring teams.
managers should balance the new
way of thinking about skills over --> Have some success stories in
mind to back up your reasoning for
credentials. This will ensure that
skills-first hiring over credentials.
everyone’s on the lookout for the
right type of candidate and knows
4. Invest in your team
where to find them.
Simply hiring junior employees
won’t immediately solve the
Here are some ways you can get
cybersecurity talent shortage.
everyone on the same page and
Existing employees also require
involved with the new way of
|

consistent upskilling to keep

hiring:
pace with the ever-increasing
complexity of infosec. And many
--> Provide a walkthrough
demonstration of the MITRE employees, both junior and senior,
ATT&CK Framework and what skills actively seek opportunities to
to look out for. develop new skills.
 Chapter 1: 8
4 recruiting strategies that
build A-list cyber teams

In our Cyber Attack Readiness Report

How to build a high-performance cyber workforce

2023, we surveyed 803 cybersecurity

professionals and found that more
than 70% of managers view team
events like CTFs as a viable way to
Opportunities to learn new skills 62,4%
raise employee engagement. What’s
more, 68% of security team members
rated “opportunities to learn skills”
Opportunities to learn new skills 68%
as the most successful way of
staying engaged work. Whilst 62%
of managers rated “opportunities to 26,5% Increase compensation 68% of security team members rated
learn new skills” as the best way to “opportunities to learn skills” as the most
prevent burnout amongst security successful way of staying engaged at work
staff.
62% of managers rated “opportunities
With dwindling budgets, extra salary 19,2% Increase compensation to learn new skills” as the best way to
prevent burnout amongst security staff
compensation isn’t always an option.
Thankfully, cybersecurity managers
|

13,2% A reduction in workload

are finding that investing in their
employees—with fun Capture The 2,2% More vacation time

Flag (CTF) events and offering a 3,3% A reduction in workload

5,2% More vacation time
curriculum of upskilling—helps
reduce burnout and boost retention.
 Chapter 1: 9
4 recruiting strategies that
build A-list cyber teams

Cybersecurity
How to build a high-performance cyber workforce

hiring checklist
Prioritize skills above
certifications and job titles.

Search for candidates with

passion and out-of-the-box
thinking.

Post jobs where candidates are

spending time upskilling.

Make job descriptions accessible

with a skills focus and flexibility on
experience.

Have a strong onboarding

|

process that prioritizes upskilling.

Invest in continuous hands-

on learning with new and existing
employees.
 Chapter 2: 10

Finding entry-level talent

with market-ready skills
The global cybersecurity talent
How to build a high-performance cyber workforce

shortage currently stands at almost

four million. To fill these roles, more
organizations are hiring entry-level
talent, but the real challenge is
attracting and retaining this talent
when the demand is so high. We
spoke to industry experts on what
steps hiring managers should take
to attract, hire, develop, and retain
entry-level cybersecurity employees.

Why should you hire

junior cybersecurity
teams?
By prioritizing hiring junior
candidates, you’ll be filling that
|

talent shortage whilst also retaining

entry-level talent by offering them
a place to learn and grow. The fresh
perspectives and enthusiasm are also
great additions to the team that can
help prevent burnout.
 Chapter 2: 11

Finding entry-level talent

with market-ready skills
1. Making cybersecurity

“
How to build a high-performance cyber workforce

accessible to fresh talent

The cybersecurity industry is
shrouded in mystery for many
entry-level candidates, with no clear Utilize specialist security job boards and industry
path from university to their first forums, rather than general job boards. This can
role. As leaders, we can change this result in lots of wasted time sifting through candidate
perception by actively reaching out profiles that are not suitable for the role. Speak to your
to entry-level talent and attending team to get tips on the best forums and job boards to
career fairs. post on.

When students aren’t sure that the Tom Williams, former Principal Consultant
time and money they are spending at Context Information Security
on degrees and certifications is worth
it, it can be difficult to find motivation
to continue. The responsibility rests
on cyber leaders to demystify the
best path into the industry, providing
|

candidates with a clear goal to work

towards.
 Chapter 2: 12
Finding entry-level talent
with market-ready skills

2. Prioritize pertinent skills,

“
How to build a high-performance cyber workforce

education, and certifications

Cyber hiring managers are often
trying to fill a huge variety of roles
with different levels of experience It is imperative that they have the soft skills, they have
and skills required. This means that to communicate. Our world is so complex that we can’t
there’s no one-size-fits-all approach solve it independently, we have to be able to work as a
to hiring. team.

However, one fact that remains Matthew Rosenquist, CISO, Mercury Risk and
consistent is that all cybersecurity Compliance, Inc.
roles require a combination of hard
and soft skills. By getting clear on the
skills, education, and certifications
you’re searching for in a candidate,
you’ll have a laser focus approach,
rather than hoping something sticks.
|
 Chapter 2: 13
Finding entry-level talent
with market-ready skills

3. Clearly define

“
How to build a high-performance cyber workforce

cybersecurity job descriptions

When searching for entry-level
cybersecurity professionals, hiring
managers are often faced with a lack Focus on essential skills and experience, avoiding
of “qualified” candidates. But there’s unrealistic qualifications or an extensive wish list. Not
a desperate need to redefine what managing this well can mean that you miss out on a
qualified looks like. whole host of potentially suitable candidates who will
rule themselves out of the process.

Tom Williams, former Principal Consultant at Context

Information Security
|
 Chapter 2: 14
Finding entry-level talent
with market-ready skills

4. Connect HR and

“
How to build a high-performance cyber workforce

hiring managers
HR and hiring managers need to
work closely together. Cybersecurity
is such a large and sometimes HR and the cyber hiring manager should meet early to
confusing industry that we can’t discuss the role and its requirements in detail to draft
expect HR to immediately know a specific job specification and agree on a selection
who a good entry-level candidate is. process. This part of the process is often overlooked
Managers must work closely with HR but is crucial as it provides transparency and sets clear
when creating the job ad, explaining expectations for candidates and internal stakeholders
which degrees or certifications are alike.
essential, and what tools stand out as
a green flag. Tom Williams, former Principal Consultant at Context
Information Security
|
 Chapter 2: 15
Finding entry-level talent
with market-ready skills

5. Retain talent with

How to build a high-performance cyber workforce

strong leadership

Show value: in job descriptions and

within the role itself, leaders need
to show what value they can offer
employees. Whether it’s upskilling,
remote work, flexible hours, or a
generous salary.

💡 Fun fact: 75% of employees prioritize

progressing their skills over pay.

Understand your market: money isn’t

everything, but companies need to be
aware of what the market is paying
and match these salaries to attract
long-term employees.
|

Check-in regularly: cybersecurity

is stressful and there’s often a lot of
firefighting involved in many roles.
Good leaders check in with their
employees and offer solutions to
problems.
 Chapter 3: 16

The power of effective

cybersecurity onboarding
Recruiting doesn’t end after a
How to build a high-performance cyber workforce

candidate accepts an offer, it

simply moves into the next crucial
stage: onboarding. An efficient Why onboarding is important in cybersecurity
onboarding process is necessary to
retain top-quality talent, especially
in an industry that severely lacks --> Organizations with a strong onboarding
employees with experience. process improve new hire retention by 82%.

The famous saying: “fail to prepare,

prepare to fail” certainly rings true
here. You want to set your new cyber --> 83% of cybersecurity professionals admit that
team up for success, and an efficient they or someone in their team have made errors
onboarding process is the secret. that have led to a breach due to burnout, which
is why getting up to speed is essential.
|

--> An efficient onboarding program results in

improved employee engagement, boosted
retention rates, reduced chances of burnout, and
less strain on senior employees.
 Chapter 3: 17
The power of effective
cybersecurity onboarding

1. Conduct a technology induction

How to build a high-performance cyber workforce

A working knowledge of
cybersecurity tools and technologies Reflect your culture
The onboarding process should be
is a critical first step in onboarding. immersive and unique to your organization,
reflecting the culture and mission.
One of the first stages of the
onboarding process should be to
Go beyond HR
provide an inventory of IT products Hiring managers and HR need to
and services in use. However, it’s collaborate to provide role-specific
vital to go one layer deeper and onboarding.
provide insights into the role of IT
in an organization and how the Measure success
cybersecurity team contributes to its Use CTFs, and labs to benchmark and
measure success, based on your employee’s
success.
strengths and weaknesses.

Make onboarding long-term

Onboarding should take place over
|

the course of months, not days.

Map training to real-world threats

Making training specific to NIST or MITRE
ATT&CK frameworks to ensure that employees
learn threat-landscape-connected skills.
 Chapter 3: 18
The power of effective
cybersecurity onboarding

2. Share security processes industry, your cybersecurity team

How to build a high-performance cyber workforce

Every cybersecurity team will have a will adhere to different compliance

strategy and processes to ensure they regulations. All new hires should
succeed in their roles. It’s key that know what these are.
new hires become quickly familiar
with these: 3. Introduce the cybersecurity
team and best practices
Objectives: what’s a realistic A common aspect of any onboarding
security posture, and how is success process is meeting the wider team
or failure measured? This includes and setting up inductions. New
the roles and responsibilities of cybersecurity hires should meet the
different team members. team and learn about their roles and
how they might work together. This
Risk factors: based on your is an excellent opportunity to set up
organization’s unique structure and some unique training exercises, such
risk tolerance, new hires must be as purple teaming, to help integrate
aware of the biggest risks to existing new hires with members of the team
infrastructure. they may not always work with.
|

Incident response and event

Threats: even if not pertinent to Some general best practices for management documentation to help
an individual’s role, all cybersecurity onboarding new team members new hires understand their role in the
team members should know where include: event of a breach.
and how to access threat intelligence.
Security processes such as The roles and responsibilities of
Compliance: depending on your checklists and general procedures. third-party technology.
 Chapter 3: 19
The power of effective
cybersecurity onboarding

4. Assess new hires

“
How to build a high-performance cyber workforce

Before developing an in-depth

onboarding upskilling program, it’s
important to assess and measure the
strengths and weaknesses of new “Being able to invite new starters is a great feature.
hires. By measuring skills early on, It allows us to more accurately measure a new hire’s
you’re able to provide new hires with knowledge and how to build upon it.”
a valuable onboarding experience
that quickly gets them up to speed. Mickey De Beats, Red Team CyberSecurity Consultant,
Offering the ability to upskill right Easi
away is more likely to retain and
develop talented cybersecurity
professionals.

Easi, a Hack The Box client, used our

Professional Labs to assess the skills
of new hires, refine the onboarding
process, and plan the development
|

of new employees.
 Chapter 3: 20
The power of effective
cybersecurity onboarding

5. Create a training program

How to build a high-performance cyber workforce

tailored to industry frameworks

After assessing the skills of new
hires, the next step is to create a Industry frameworks to map skills include:
tailored training program centered
around their particular job role.
Traditionally, cybersecurity training --> MITRE ATT&CK
lacks personalization and relevance
to industry job roles and trends, such
as the latest CVEs. --> MITRE DEFEND

💡 At Hack The Box, managers can

use the Enterprise Platform to easily --> NIST/NICE
search courses using terminology
from these frameworks and assign
them based on the techniques and --> The DoD Cyber Workforce Framework (DCWF)
tactics relevant to their teams.
|

Making your training specific to these industry frameworks

is more relevant to real-world scenarios and will ultimately
drive new hires to be much better at their jobs.
 Chapter 3: 21
The power of effective
cybersecurity onboarding

6. Benchmark learning with CTFs

How to build a high-performance cyber workforce

A great cybersecurity onboarding In our Cyber Attack Readiness Report 2023, we interviewed
process has measurements in 803 active cybersecurity professionals and found that:
place to track the success and
development of an employee. --> More than 70% of managers view team events like CTFs as a
Onboarding data and metrics are viable way to boost employee engagement.
essential for the C-suite to follow,
helping CISOs drive an overall --> 72% of managers agree that CTF events can help measure
cybersecurity culture shift. and upskill employees.

Capture The Flag (CTF) events are a

fun and efficient way to benchmark Strongly Somewhat Neither disagree Somewhat Strongly
an employee’s learning while offering disagree disagree or agree agree agree
new opportunities to upskill.
45,6%
43,9%

30,3%

26,5%
|

19,5%

16,7%

4,5% 5,2%

3,8% 3,8%

Team events like Capture The Flag (CTF) help measure & upskill employees
Team events like Capture The Flag (CTF) improve emplovee engagement
 Chapter 4: 22

8 cybersecurity performance
metrics you should be tracking
Cyber performance programs growth and invest more budget
How to build a high-performance cyber workforce

invest in the growth and retention in your cybersecurity initiatives

of your team. In cybersecurity, without evidence that they’re
this looks like continuous hands- working? Metrics are the answer.
on upskilling, clear career Having the right measurements in
development paths, and battling place will enable you to optimize
burnout and fatigue with engaging upskilling and overall cyber
initiatives. But this isn’t just performance. Monitoring the right
about cybersecurity. It’s about metrics also means your team
aligning performance with your is better equipped to deal with
organization’s mission. emerging threats.

Why tracking cyber For example, there could be a

new type of ransomware attack
performance is exploiting a recently discovered
important vulnerability (CVE). You need
Management consultant Peter to quickly assess whether your
Drucker famously said, “If you can’t team, both blue and red, has the
|

measure it, you can’t manage it.” current skills to defend against
this specific threat. Tracking the
How can you know that ongoing training and certifications
you’re maximizing your cyber of your team members can give
performance plans without tracking you immediate insight into their
them? And more importantly, readiness and capability to handle
how will key stakeholders witness such threats.
 Chapter 4: 23
8 cybersecurity performance
metrics you should be tracking

“
How to build a high-performance cyber workforce

Academic research states that performance evaluation

and benchmarking are a widely used method to
identify and adopt best practices as a means to
improve performance and productivity.

This methodology is particularly valuable when no

objective or engineered standard is available to define
efficient and effective performance. Leadership and
management must be able to quantitatively define
progress and improvement and that begins with
understanding the starting point.

Dan Magnotta (Mags22), HTB Federal Business

Development & Capture Manager, Hack The Box
|
 Chapter 4: 24
8 cybersecurity performance
metrics you should be tracking

Tracking security posture

How to build a high-performance cyber workforce

When reporting to the wider A checklist to track cybersecurity performance

business and C-suite, there’s a higher
focus on financial implications Preparedness: Security incidents: Cost per incident:
and risk. Whilst these metrics do you have a how has the number is this reduced
can be greatly improved by cyber proactive security of security incidents with cybersecutiy
performance programs, it’s important posture with regular changed and has performance
to track the following and compare threat emulation downtime improved? improvements?
improvement throughout the cyber training?
performance process.
Time to Optimize upskilling: Track the
After all, your cybersecurity team may detection and track the number of impacts:
have different individual goals and mitigation: employees enrolled the % time users
metrics based on their specific job track the detection, in cyber performance spend upskilling
roles, but the wider business will have resolution, and programs and monitor and % of improved
a broader focus on security posture. containment times. performance with incident response.
regular CTFs.
The magic happens when these
|

two align through well-thought-out Measure career Employee engagement:

performance programs. development: use surveys to track
track job satisfaction and
productivity and engagement, monitor your
new skills acquired. team’s turnover rate.
 Chapter 4: 25
8 cybersecurity performance
metrics you should be tracking

How to track frameworks. This also provides an

How to build a high-performance cyber workforce

cybersecurity incentive for employees to earn more

performance as they progress through industry
frameworks.
1. Metrics to optimize upskilling
Here are some strategies to put Set measurable goals:
in place to track your metrics to specific performance targets based
optimize upskilling for individuals on on skill areas. For example, a goal
teams: could be to “increase the number of
team members proficient in cloud
Benchmark existing skills: security by 20% within the next six
track the percentage of team months.”
members achieving a specific score
range in a Capture The Flag (CTF) Regularly assess and
event. This can be broken down into monitor progress:
different skill areas (e.g., network tracking improvements in scores
security, application security) to or performance in periodic
identify specific skill gaps. assessments, such as bi-annual CTF
|

events, tabletop exercises (TTXs), or

Assign upskilling programs: simulations.
track the number or percentage
of team members enrolled in and
completing upskilling programs
aligned with industry standards
like MITRE ATT&CK or NIST/NICE
 Chapter 4: 26
8 cybersecurity performance
metrics you should be tracking

“
How to build a high-performance cyber workforce

Before I want to know metrics, I need to know

outcomes. Once I know the outcomes, I can gather the
correct information.

I want to understand and know what my 6-month

or 12-month training plan is for each individual.
Normally this will be based on a work role from NIST/
NICE. As they progress, they then can obtain higher
salaries, new skills, etc. So my outcomes are based on
frameworks.

Therefore, if I know I have a junior SOC analyst and I

will allow them to have 5 hours a week to train, I want
to know how long they are on the platform, when are
|

they on the platform, and what they are doing on the

platform.

Dan Magnotta (Mags22), HTB Federal Business

Development & Capture Manager, Hack The Box
 Chapter 4: 27
8 cybersecurity performance
metrics you should be tracking

2. Measure the impact

How to build a high-performance cyber workforce

of cyber performance
Measure the impact of cyber
performance with metrics like:

--> % of time users spend upskilling.

--> % of upskilling program completed/

certificates earned.

--> % increased team engagement.

--> % of decreased response time and

improved recovery post-incident.

How does this look in action?

Before embarking on your cyber
performance program, put together
|

some statistics on data breach costs,

for example. Once the upskilling has
time to take effect, you can compare
these costs from before and after
the program. Ideally, they should
be lower due to teams containing
attacks faster.
 Chapter 4: 28
8 cybersecurity performance
metrics you should be tracking

3. Track career development

“
How to build a high-performance cyber workforce

Regularly review individual success

by tracking the following metrics:

Job productivity: are they resolving I would compare results to the cyber performance
more tickets? Remediating more training we mapped out for the individual. Are they on
vulnerabilities? Set targets for what track to meet all training requirements? What are the
you’d expect after a certain level of new skills they learned? Are we getting feedback on
upskilling. user satisfaction? Is the intent of the plan aligned with
their actual goals and team goals?
Feedback: are they satisfied with
the upskilling program? What do Dan Magnotta (Mags22), HTB Federal Business
managers and colleagues have to say Development & Capture Manager, Hack The Box
about their improvements?

New skill acquisition: track which

skills they are upskilling most
frequently in.
|

Career development: are they

on track to be promoted or move
laterally in the company? Adopting
more blue or red skills?
 Chapter 4: 29
8 cybersecurity performance
metrics you should be tracking

“
How to build a high-performance cyber workforce

Firstly, we monitor the progress of certifications and

training. Our employees are encouraged to pursue
relevant certifications like OSCP, CRTO, and others. We
make 20% of working time available for training and
further education. We track the number of certifications
obtained, courses completed, or hours dedicated to
training.

We also conduct regular skill assessments. These

assessments cover various aspects of IT security, from
network penetration to social engineering, enabling us
to quantitatively measure skill enhancements.

In terms of project performance metrics, we evaluate

|

how effectively our employees identify vulnerabilities,

the complexity of the security issues they uncover, the
time efficiency in system breaches, and the viability of
the security solutions they propose.

Moritz Samrock, Red team manager, Laokoon Security

 Chapter 4: 30
8 cybersecurity performance
metrics you should be tracking
How to build a high-performance cyber workforce

8bit transforms the way their teams upskill with HTB

Using HTB as their

workforce development
platform transformed
8bit’s upskilling
process.

Measurable metrics
and progress indicators
are one of the main
reasons why the 8bit
team managed to
seamlessly onboard five
junior team members,
practicing on over 300
|

live targets in just 10

weeks.

→ Read 8bit’s case study

 Chapter 4: 31
8 cybersecurity performance
metrics you should be tracking

4. Employee engagement

“
How to build a high-performance cyber workforce

and retention
So, how can you practically track
employee engagement and Another key metric is the contribution to knowledge
retention? sharing. This includes internal contributions to our
knowledge base, as well as external engagement like
Measure employee Net Promoter articles, workshops, or talks. Innovation is at the heart
Score (eNPS): how many of what we do. We track the development of new tools,
cybersecurity employees are likely to scripts, or methodologies for penetration testing and
recommend your organization as a red teaming, recognizing the impact and originality of
place to work? these innovations.

Conduct employee engagement Peer and supervisor feedback is integral. This qualitative
surveys to monitor job satisfaction measure helps us assess soft skills, which are essential
and engagement before and after in our collaborative and dynamic work environment.
upskilling. Participation in competitions and CTFs (Capture The
Flag) is another metric. These events are excellent for
Track voluntary employee turnover applying and testing skills in real-world scenarios.
|

rate by monitoring your voluntary

Lastly, we encourage and track contributions to
employee turnover rate. Highly
research and publications in the field. This not only
engaged employees are less likely
enhances personal growth but also contributes to the
to resign, monitor how this number
broader cybersecurity community.
changes are investing in employee
performance. Moritz Samrock, Red team manager, Laokoon Security
 Chapter 4: 32
8 cybersecurity performance
metrics you should be tracking

Why do cybersecurity
How to build a high-performance cyber workforce

teams need to align with Cybersecurity alignment for organizational resilience

organizational goals?
Many cybersecurity teams are
purely focused on technical goals. Risk management Compliance and regulations
Focus on mitigating Determining your organization’s
While board members and C-suite
high-impact risks. legal obligations aligns
executives prioritize business goals, cybersecurity upskilling with key
such as increasing the company’s areas. For example, safeguarding
profitability, staying ahead of the federal information (FISMA).
competition, and being able to pay
dividends to investors. Resource allocation Demonstrating value
Allocate resources Contributing to the organization’s
As a result, cybersecurity leaders around protecting success, protection of assets, and
frequently struggle to illustrate the critical assets. overall resilience demonstrates
overall business consequences of cybersecurity’s value.
potential security risks. This means
security requirements often go Communication Crisis management
|

unnoticed by executives and board and collaboration Minimizing the impact of an

members until a significant incident Better communicate incident by prioritizing the recovery
the importance of critical systems and data will
occurs. The more cybersecurity
of their work, gain support the organization’s ability to
professionals know about business support, and foster a achieve its goals.
outcomes, the better they culture of security.
understand the “why” of what they
are protecting.
 Chapter 4: 33
8 cybersecurity performance
metrics you should be tracking

What risk scenarios can

How to build a high-performance cyber workforce

we expect to face? Strategic cybersecurity talent development

Assess recent cyberattacks in your 5 ways to align professional development with company goals
industry and past incidents the
organization has faced, to see what
1. Understand business objectives
lessons can inform your goal-setting Identify your organization’s main objectives and the risks that accompany
process. This will highlight the most them. For example, if a goal is to boost market trust and brand reputation,
relevant risk areas to protect. then cybersecurity upskilling can reduce the risk of a data breach.

2. Identify the crown jewels to protect

Conduct an in-depth risk assessment Understand which assets your organization values most. Then build your
to evaluate your existing security upskilling program around protecting them.
measures and protocols. This
3. Learn about past incidents
will enable you to pinpoint any
Assess recent cyberattacks in your industry and past incidents the
weaknesses or deficiencies in your organization faced. Then conduct tabletop exercises and CTFs around these
current system that can be addressed scenarios.
through upskilling initiatives.
4. Educate on compliance and regulatory requirements
Identify the industry norms, regulations, and compliance requirements
|

These risk scenarios can then be essential for your organization. Ensure your security program can provide
emulated through tabletop exercises evidence of performance that meets these obligations.
(TTXs) and Capture the Flag (CTF)
5. Communicate cybersecurity goals with the board of directors
events.
Track how your upskilling initiatives are positively impacting company goals.
For example, % of time users spend upskilling → reduced Time to Detect (TTD)
→ improved market trust, and brand reputation.
 Chapter 4: 34
8 cybersecurity performance
metrics you should be tracking

For example, a TTX could test your

How to build a high-performance cyber workforce

security team’s preparedness Direct influence of Indirect influence of

by asking how they’d prepare upskilling on compliance upskilling on compliance
for a suspected attack on your
organization’s most critical assets. Skill alignment with compliance standards: Cultural shift towards compliance:
Discussion questions could include: Upskilling programs can be designed to directly Continuous upskilling fosters a culture of
address specific regulatory requirements. security awareness and compliance. When
For instance, if compliance standards require employees understand the importance of
--> What are the potential threat vectors? regular risk assessments, training employees in regulations and are trained in compliance-
advanced risk analysis techniques ensure that related processes, they are more likely to
these assessments are performed effectively adhere to these standards in their daily
--> Have you considered which attack and according to the latest methods. activities.
vectors have been most common
over the past month? Certification and standardization: Adaptation to regulatory changes:
Many regulations require that certain tasks The regulatory landscape is constantly
be performed or overseen by certified evolving, and upskilling ensures that the
--> Have you checked your patch professionals. Upskilling programs can help cybersecurity team remains current with
management status? employees gain these necessary certifications the latest compliance requirements and
(e.g., CISSP, CISA, etc.), directly supporting technology standards.
compliance efforts.
--> Can you increase the monitoring of
your IDS and IPS?
|

Enhanced audit preparedness: Innovation and compliance enhancement:

A well-trained cybersecurity team is better Upskilling can lead to innovation in
--> Do you have a way of notifying the equipped to handle audits and regulatory cybersecurity practices that not only meet
entire organization of the current inspections. Training in areas like incident but exceed regulatory requirements. For
response and data protection can streamline example, training in emerging technologies
threat? the audit process by ensuring that employees like AI and machine learning can lead to the
know how to provide the necessary development of more sophisticated security
documentation and evidence of compliance. measures, which can set new standards in
--> Does your incident response plan
compliance and industry best practices.
account for these types of situations?
 Chapter 4: 35
8 cybersecurity performance
metrics you should be tracking

Learn how to employee engagement and retention, investment and provides tangible
How to build a high-performance cyber workforce

which are important to the C-Suite. examples of potential benefits before

communicate these goals Emphasize that a more skilled a full rollout.
with the board of directors workforce can lead to innovation
When communicating the benefits and a stronger competitive edge, Emphasize agility and resilience:
of upskilling to the C-Suite and board ultimately enhancing market trust Stress that upskilling contributes to
of directors, it’s crucial to align your and brand recognition. organizational agility and resilience,
message with their strategic goals enabling the company to adapt
and demonstrate how upskilling can Use data and trends: Provide more quickly to market changes and
be a key driver of long-term business data or case studies from similar emerging threats.
success. Here’s how you might organizations that have seen success
approach it: from upskilling initiatives. This Show long-term vision: Align
evidence can make a compelling case the upskilling initiative with the
Connect upskilling to business for the potential return on investment. long-term vision of the organization.
objectives: Start by linking upskilling Show how continuous learning
directly to critical business outcomes. Address skill gaps: Identify and development are crucial in
Explain how enhanced skills lead to current skill gaps and how they pose keeping pace with technological
better risk management, faster threat risks to achieving strategic goals. advancements and industry
|

detection, and more efficient problem Outline a detailed plan for how standards.
resolution, which can all safeguard upskilling can address these gaps.
the company’s assets and reputation. Call to action: Conclude with a
Propose a pilot program: clear call to action, such as setting
Illustrate indirect benefits: Suggest starting with a pilot up a committee to explore upskilling
Highlight the indirect benefits upskilling program in a critical area. strategies or approving a budget for
of upskilling, such as increased This approach minimizes initial training programs.
 Chapter 5: 36

Implement cybersecurity
reskilling & close talent gaps
CISOs, managers, and team leaders
How to build a high-performance cyber workforce

are under immense pressure to

Upskilling vs. Reskilling
adapt and innovate. They’re tasked
Addressing the security talent shortage
with finding creative solutions to
the ongoing talent shortages that
plague the industry. Amidst these
Upskilling Outcome
challenges lies a golden opportunity: Continuous learning to expand existing Enhanced job performance
reskilling initiatives. Reskilling is skill sets and fill knowledge gaps. and career advancement.
about tapping into existing talent Example
within your organization and Increased retention and
You benchmark the skills of your SOC
engagement.
building formidable cybersecurity analyst and discoverthat they are weak
professionals from the ground up. in cloud security. So, you provide them Attract more talent
with upskilling opportunities in the
Not only does reskilling help combat cloud.
through upskilling initiatives.
cybersecurity talent shortages,
but it also keeps teams engaged,
retains people you know and trust, Reskilling Outcome
offers new career opportunities, and Learning new skills outside of current The employee learns an
develops a culture of learning within job roles and responsibilities. entirely new skill set and
|

transitions into a new role.

an organization. The result? A better Example
security posture for your company A developer on your team shows an
Close skill gaps and reduce
interest in learning more about web
and a cybersecurity team that’s talent shortages.
exploitation to help improve application
constantly adapting to threats. security. So, you provide them with red- Increased organizational
focused learning opportunities. loyalty.
 Chapter 5: 37
Implement cybersecurity
reskilling & close talent gaps
How to build a high-performance cyber workforce

A five-step plan for reskilling teams into cybersecurity

1. Skills forecasting
- Benchmark the skills of existing cybersecurity teams using Capture the Flag (CTF) events to identify
talent gaps.
- Research trending threats and in-demand skills.

2. Identify existing talent

- Don’t just focus on technical skills, look for problem-solving abilities, attention to detail, and a passion
for cybersecurity.
- Look for job roles with the most transferable skills (like developers or IT staff).

3. Promote a culture of reskilling

- Encourage lateral movement throughout your organization.
- Sell the benefits of a career in cybersecurity to relevant teams.

4. Develop new career pathways

|

- Hire creatively by exploring skills over degrees and certifications.

- Consider diverse technical backgrounds.

5. Provide mentorship programs

- Match existing employees to cybersecurity veterans to enable reskilling.
- Pair red and blue veterans together to learn from one another.
 Chapter 5: 38
Implement cybersecurity
reskilling & close talent gaps

1. Skills forecasting
How to build a high-performance cyber workforce

Benchmark the skills of your

existing employees before initiating
any reskilling program. You can do
this by conducting an event such as
Capture the Flag (CTF).

CTFs are gamified competitive

cybersecurity events that are based 14.4% 18.5%
16.3%
on different challenges or aspects
of information security. They’ll help 37.5%

your teams identify where specific 38.5%

skill and talent gaps lie.
4.0%

At Hack The Box, we map these

skills to industry frameworks 23.1%
including NIST/NICE and MITRE
ATT&CK. This means you can
|

forecast skill shortages that are

mapped to specific job roles.
28.5%
32.5%
 Chapter 5: 39
Implement cybersecurity
reskilling & close talent gaps

2. Identify existing talent

How to build a high-performance cyber workforce

You can now identify existing

Pathways to cyber
employees who are interested in
Reskill your existing internal roles into security
pursuing a career in cybersecurity or
possess transferable skills.
Job role Reskill Cybersecurity
However, this doesn’t always mean
that the skills must be technical. IT product support Cybersecurity analyst
Don’t dismiss individuals who lack & incident response
technical skills as these can be taught
with hands-on upskilling. Look for IT engineers Cybersecurity engineers
problem-solving abilities, attention
to detail, and a passion for staying
updated on technology trends and Developers Cybersecurity engineers,
the latest cybersecurity threats. analysts, & penetration testers

UI/UX design Cybersecurity engineer/analyst

|

Forecasting & Threat hunter/threat

strategic planners intelligence analyst

Accountants Cybersecurity analysts

 Chapter 5: 40
Implement cybersecurity
reskilling & close talent gaps

3. Promote a culture of reskilling

How to build a high-performance cyber workforce

Encourage all employees to explore

areas that interest them, even if those
areas of interest stretch beyond their
current job role. You can encourage
employees to pursue a new venture
in cybersecurity by sharing the
following benefits:

Job security and career

advancement:
all industries require cybersecurity
professionals and many are lacking
talent. This makes for a fantastic
opportunity for employees to
advance their careers further in a
field that needs them more than
ever.
|

Lucrative rewards:
compensation, work-life benefits,
and upskilling opportunities are
significant in the cybersecurity Life-long learning: cybersecurity can be a tempting
industry, making this a key case for being a hugely challenging, career for those employees with a
reskilling. dynamic, and stimulating industry, growth mindset.
 Chapter 5: 41
Implement cybersecurity
reskilling & close talent gaps

4. Develop new career pathways

“
How to build a high-performance cyber workforce

Professionals with diverse

backgrounds that have technical,
and non-cyber experience are
great candidates for cybersecurity Hack The Box offered us the opportunity to post jobs
positions. IT and development talent directly to a community of hackers. We got access to
profiles that are non-traditional, this broadens your
is proving to be a new route into the
perspective and opens up a whole new addressable
industry. By facilitating new methods
market of skilled candidates. Filtering by rank provided
of gaining a foothold in cybersecurity
an indication of capability. It’s how we found Josiah,
and reskilling on the job, you’re not
who was working in a Blue Team role at the time. His
only reducing the talent shortage profile likely wouldn’t have reached us via a recruiting
but making cybersecurity a more agency because it did not meet the typical criteria.
attractive career to pursue within
your organization. Not only did we unearth a real gem in Josiah—who
went on to become a great asset to the company and
is continuing to go from strength to strength in his
career—we also saved around 8,000 GBP in potential
agency recruitment fees for hiring someone with
|

Josiah’s capabilities.

Tom Williams, the former Principal Consultant at

Context Information Security, shares his experience on
hiring non-traditionally
 Chapter 5: 42
Implement cybersecurity
reskilling & close talent gaps

5. Provide mentorship programs

How to build a high-performance cyber workforce

Establishing a mentorship program

is a proven formula to help reskill
employees in the cybersecurity field.
A seasoned security mentor can offer
career direction, share knowledge,
and help foster new connections.
This also provides benefits to the
mentor, enabling them to grow
their leadership and training skills.
Mentorship can even support existing
cybersecurity professionals looking
to reskill into specialist domains.
For example, a SOC analyst might
mentor a penetration tester, teaching
them how to defend Active Directory
(AD) against common vulnerabilities,
for instance.
|
 Chapter 6: 43

How security leaders can protect

their teams from burnout
Cyber threats don’t sleep. There’s

“
How to build a high-performance cyber workforce

a constant stream of new tactics,

techniques, and procedures (TTPs)
and Advanced Persistent Threats
(APTs) for cybersecurity professionals Burnout is particularly prevalent in the cybersecurity
to be aware of and defend against. industry due to the high stakes and constant pressure
professionals face.
The continuous monitoring of
systems and the looming threat of Cybersecurity teams often deal with a high volume
a devastating cyber attack puts a of threats, tight deadlines, and the ever-present
huge amount of pressure on the knowledge that a single oversight could lead to
shoulders of cyber teams. significant breaches. The “always-on” nature of the job,
coupled with a global shortage of skilled cybersecurity
Coupled with the extreme professionals, means many are working long hours
shortage of talent and skills in the under intense scrutiny.
cybersecurity sector, burnout is a
growing problem in the industry. This relentless pace without sufficient downtime can
lead to burnout.
|

Andrea Succi, CISO at Ferrari Group

 Chapter 6: 44
How security leaders can protect
their teams from burnout
How to build a high-performance cyber workforce

Why burnout is so common in cybersecurity

Increased threats Lack of control

Threat actors are getting better Predicting when and how an attack
at attacking organizations which will happen is difficult, creating a lack
requires constant vigilance–attackers of control which adds to the stress of
only needto get it right once, cybersecurity roles.
meaning security teams must always
be on high alert.

Unrealistic expectations Long working hours

Stakeholders may not understand the Cyber threats are a 24/7 concern,
technicalities of cybersecurity, which meaning there’s plenty of overtime,
|

can lead to unrealistic deadlines and especially during or after a breach.

expectations.
 Chapter 6: 45
How security leaders can protect
their teams from burnout
How to build a high-performance cyber workforce

Building cyber strength

How to defeat burnout in security teams

Invest in employee career Adopt a human-centered approach

development to cybersecurity
Identify areas of passion with your Encourage taking breaks, flexible
employees and work with them to hours, mental health days, and a
develop and upskill in these spheres. supportive culture. Teams should
discuss their daily stresses regularly to
lighten the load.

Boost employee engagement Make cybersecurity team’s lives

with CTFs easier with awareness training
|

Provide employees with opportunities Advocate for good cyber hygiene

to showcase their skills and compete across your organization with regular
with one another in Capture the Flag training days and showcase best
(CTF) events. practices.
 Chapter 6: 46
How security leaders can protect
their teams from burnout

Invest in employee
“
How to build a high-performance cyber workforce

career development
It’s easy to burn out when your career
requires you to be “always on” but
doesn’t provide any opportunities I had the privilege of being able to implement
to advance or learn new skills. This is several initiatives to combat burnout. For instance, I
simply exhausting and unsustainable. encouraged team members to schedule “no meeting”
blocks dedicated to deep work or personal time.
Cybersecurity leaders need to take
I also planned regular check-ins with my team
the time to clearly define their
to discuss workloads, motivations, and personal
employee’s goals and work with
development goals.
them to produce development and
upskilling programs. These measures had a significant positive impact on
team morale and productivity. It’s a commitment I
For example, a SOC analyst may want believe should be carried out in any approach to team
to learn more about penetration management, reflecting a sustainable and supportive
testing. So, they could perform work environment.
|

a purple team activity with a

penetration tester to see how they Andrea Succi, CISO at Ferrari Group
exploit system weaknesses.
 Chapter 6: 47
How security leaders can protect
their teams from burnout

Adopt a human-centered effectively, reducing stress.

How to build a high-performance cyber workforce

approach to cybersecurity Fostering a supportive culture:

The following human-centered
Creating an environment where
initiatives can help combat burnout:
team members feel comfortable
discussing stress and workload
Encouraging regular breaks
openly can help in identifying
and time off: Team members need
burnout symptoms early and
to take regular breaks throughout
addressing them before they
the day and use their vacation time.
escalate.
This helps to prevent fatigue and
maintain productivity.
Leveraging automation and In our cyber attack readiness
tools: Automating repetitive tasks report, more than 70% of managers
Promoting professional
and using tools to streamline viewed team events like CTFs as
development: By investing in the
workflows can significantly reduce a viable way to boost employee
growth and development of team
the pressure on cybersecurity teams. engagement.
members, we not only enhance
their skills but also increase their
Boost employee Not only is it a great way for
|

engagement and job satisfaction.

cybersecurity teams to bond and
engagement with CTFs
practice their career development.
Implementing flexible work Providing employees with
But it’s also an opportunity for
arrangements: Flexible work opportunities to showcase their skills
managers to benchmark their
schedules can help team members and compete with one another in
team’s skills and identify areas
manage their personal and Capture the Flag (CTF) events can be
for improvement, alleviating the
professional responsibilities more incredibly rewarding.
pressures of tackling unknown issues.
 Chapter 6: 48
How security leaders can protect
their teams from burnout

Make cybersecurity Encourage managers to Decreased productivity: to keep

How to build a high-performance cyber workforce

limit access to data with strict up with the demands of the job,
team’s lives easier with administrative privileges. cybersecurity employees can’t be
awareness training stressed and burnt out.
Human error can add a great deal Make it easy for employees to ask
more stress and vulnerabilities for questions and know who to contact High turnover: employees who
cybersecurity teams to handle. with any cybersecurity concerns. aren’t looked after and engaged
Something that can lighten the may seek a role at a company
load and help prevent teams Don’t push the blame onto that has better well-being
from burning out is making users or implement phishing “tests” initiatives or less workload. With a
cybersecurity awareness training to catch employees out. Instead, talent shortage in cybersecurity,
compulsory company-wide. Here encourage a culture of awareness. organizations simply can’t afford to
are some key ways to encourage lose employees.
good cyber hygiene at your Cybersecurity burnout is a very real
organization: and present danger for CISOs and Legal consequences: if employees
managers. The implications cannot make mistakes that lead to data
Have password strength be taken lightly which is why the breaches, this could have legal
requirements and change above initiatives must be baked into liabilities.
|

passwords frequently. your organization’s culture. Here are

just a few consequences of burnout: Be a proactive leader and stop
Teach your employees to avoid burnout before it has serious
opening suspicious emails. Poor security posture: human consequences by investing in
error is one of the leading causes your employees and encouraging
Avoid downloading unknown of security breaches. Burned-out them to adopt a healthy work-life
content. employees = more mistakes. balance.
 Chapter 7: 49

Why upskilling is the key to

retaining top cybersecurity talent
Cybersecurity training has traditionally
How to build a high-performance cyber workforce

been very limited. It’ll be a one- Cybersecurity training Cybersecurity performance

off event with an external trainer,
cramming as much information into
one week as possible. This simply isn’t
Relies on certifications and Focuses on teaching provable skills
effective. Cybersecurity teams require multiple-choice questions for real-world scenarios
continuous learning that keeps pace
with existing threats, supports their
Offers a human-first approach designed to
career development, and teaches Is simply there
create and maintain high-performing cyber
them skills they can apply to real- to tick a box
professionals
life scenarios when under immense
pressure.
One-size-fits-all approach Is flexible and personalized
with no flexibility to individual needs
An adaptive approach does a better
job of mitigating business risk and
boosting security posture. It’s also The training doesn’t fit Aligns with organizational objectives
more engaging for security teams, as your organization and workforce development
their upskilling initiatives are making
|

them better at what they do, every Goes beyond upskilling and solves issues such
single day. Once certified, the training
as retention, burnout, and provides clear career
and learning stops
As a result, you retain an elite security paths
team that’s primed to perform better
because they’re highly engaged A place you return to day in and day out for
A one-off training session
continuous learning that supports career
and upskilled on cutting-edge that’s quickly forgotten
development
vulnerabilities.
 Chapter 7: 50
Why upskilling is the key to
retaining top cybersecurity talent

3 ways continuous means that most cybersecurity Organizations can demonstrate a

How to build a high-performance cyber workforce

professionals are eager for commitment to the growth of their

learning retains talent opportunities to learn, develop their cybersecurity team by providing
For CISOs and leaders, building an
skills, and grow in their careers. continuous upskilling opportunities.
effective retention strategy is key to
closing the skills gap and improving
security posture. An effective
retention plan also demonstrates
resilience by ensuring the security
team is continuously upskilled,
which reassures the board of
directors. This has been proven by our research
in our cyber attack readiness report.
By creating a culture of continuous 68% of security team members rated
learning, employees will have a “opportunities to learn skills” as the
higher incentive to stay loyal to most successful way of staying engaged
your organization, not to mention at work. This placed higher than
improved overall performance on increasing compensation, demonstrating
|

the job. just how powerful learning can be in

retaining your top talent.
1. Career development
and engagement
Breaking into the field of
cybersecurity requires plenty of
passion and determination. This
 Chapter 7: 51
Why upskilling is the key to
retaining top cybersecurity talent

2. Adaption to new threats

“
How to build a high-performance cyber workforce

New threats are a constant in

cybersecurity and teams need to
adapt quickly. This can only be done
with continuous upskilling, otherwise We use the Dedicated Labs instances for CTFs we host
teams can grow stagnant. every Friday afternoon. It’s a fun and casual way for the
team to gather and work together to solve challenges -
Make use of platforms like Hack and our favorite way to end the work week!
The Box, where we release a new
Machine every week, often based on Gabe Lawrence, VP of Information Security Cyber
the latest common vulnerabilities Protection, Toyota
and exposures (CVEs). This keeps your
team consistently on their toes.

Being a performance center for many

different companies, we’ve noticed
that the smartest cyber teams get
together regularly for upskilling and
|

knowledge sharing.

For example, Toyota security teams

participate in Friday CTFs and love
the “show and tell” style of learning
they’ve been advocating to their
team.
 Chapter 7: 52
Why upskilling is the key to
retaining top cybersecurity talent

3. Talent retention
How to build a high-performance cyber workforce

By investing in your team’s skills,

you’re not only improving security
posture but are also more likely to
retain talent over the long term.
Demonstrating a commitment to
well-being and career development
will set your company apart from
potential competitors.

Your most talented employees will be

headhunted by other organizations,
more so with the talent shortage. On
top of this, security teams are close to
burning out, with Gartner predicting
that 25% of cybersecurity leaders will
change jobs by 2025 due to stress.
|

By supporting your current

employees with learning and
development opportunities, they are
less likely to be tempted by other
opportunities.
 Accelerate your cyber 53

performance with Hack The Box

How to build a high-performance cyber workforce

We provide a human-first platform Workforce development:

for creating and maintaining high- Align organizational goals to your
performing cybersecurity individuals cybersecurity KPIs with content
and organizations. categorization and report your
success metrics to the board.
Risk mitigation:
Timely content offers training Tailored training to industry --> Book a call
on the latest CVEs in real-world standards:
environments, reducing risk and HTB content is mapped to MITRE --> HTB 14 day free trial
exposure to these vulnerabilities. ATT&CK and NIST NICE frameworks
so you can assess your cyber
Employee retention: preparedness in different areas.
Cybersecurity teams that are offered
|

upskilling opportunities are far more Boost organizational awareness:

engaged and less likely to burn out. HTB can assess cyber readiness
and performance company-wide
Performance benchmarking: with effective practices like tabletop
Conduct CTFs and gap analysis to exercises (TTXs) or nearly practical
identify weaknesses in your security assessments designed for security
posture. staff and non-technical teams.
 54
How to build a high-performance cyber workforce

How to build a high-performance

cyber workforce
|

2024