Forrester Q4 2025 Landscape Report: Hack The Box driving AI-ready training & resilience for CISOs

Forrester has released its Cybersecurity Skills and Training Platforms Landscape report for Q4 2025, offering CISOs and security leaders an overview of this rapidly evolving market.

The report profiles 14 vendors and highlights a pivotal shift in how organizations approach cyber training. Instead of relying on traditional certifications and check-the-box training, leading enterprises are embracing continuous, skills-based development to counter today’s threats.

In an era of AI-driven attacks and ever-expanding digital risk, the focus is on practical skills, cross-functional development, and measurable resilience gains. Notably, Hack The Box is included in Forrester’s Q4 2025 landscape, recognized for redefining how organizations upskill talent and build cyber-defense readiness.

Key trends shaping cyber resilience in 2025

Forrester underlines several important trends and market findings that security and risk leaders should heed:

• Skills over certifications: Organizations are pivoting from one-time certifications toward continuous, hands-on skills development. In practice, this means creating a culture of ongoing learning (using realistic labs, cyber ranges, and simulations) so that teams build real competency rather than just accumulating credentials.

• AI-driven threats demand upskilling: With attackers adopting AI and automation, it’s become an “upskilling race” between defenders and adversaries. Keeping up requires training content that evolves as fast as the threat landscape. Modern platforms are starting to offer labs on generative AI attack chains and other emerging tactics so that cyber pros can practice countering AI-augmented threats.

• Cross-functional training & upskilling: The lines between security, IT, development, and operational technology (OT) teams are blurring. Effective training platforms support this by providing varied content – from AppSec to ICS/OT scenarios – enabling purple teaming approaches where blue teams and red teams (and others) learn from each other.

• Emphasis on resilience as an outcome: Beyond just improving skills, CISOs now aim to demonstrate organizational resilience. Accordingly, training success is measured less by course completion and more by real readiness metrics. The ultimate goal of upskilling programs is to ensure the organization’s ability to prevent and bounce back from attacks – and to have the data to prove it.

Hack The Box aligns with emerging cybersecurity trends

Among the vendors featured in Forrester’s report, at Hack The Box we stand out for our global reach and innovative approach to skills development.

Our platform known for gamified, hands-on cyber labs is highlighted as supporting key use cases that align with modern security team needs. According to the report, “Hack The Box enables candidate skills verification, cross-functional upskilling and training, and operations or process gap identification and remediation”.

Our product ecosystem can be used to test and verify the skills of new hires during recruitment, to continuously develop cybersecurity workforce and other departments together, running realistic simulations that reveal weaknesses in both technical controls and incident response processes.

Hack The Box’s inclusion in the landscape report comes as a confirmation in our role in transforming how organizations upskill talent, identify security gaps, and build resilience against modern threats.

We are one of the 14 vendors profiled, with a presence across North America, EMEA, and APAC (truly global in reach and solutions). The platform is particularly popular in high-stakes and regulated industries and Fortune500 enterprises (such as financial services, MSSPs), and government branches where there is strong demand for advanced cyber workforce development.

By addressing these use cases, HTB helps enterprises and organizations tackle the very challenges Forrester emphasizes – from talent shortages to siloed team skills – using a unified solution.

Hands-on, realistic environments

Hack The Box is designed on the idea that hands-on, demonstrable skills are the new standard for workforce readiness.

Customers can access an unmatched library of labs, bite-sized challenges, and enterprise-grade simulations that mirror real-world scenarios. Users must actually penetrate systems, analyze logs, or respond to incidents in accurate exercises.

This focus on realism directly supports the industry shift towards skills-based development – the kind of continuous upskilling and live-fire practice that Forrester says is essential in modern cyber programs. By training in HTB’s gamified environment, teams more effectively retain knowledge and can prove their competence under pressure.

Upskilling in the AI-driven threat landscape

Our content library now introduces labs on topics like AI red teaming, machine learning-based malware, AI-powered defensive analytics, and other cutting-edge subjects before any other vendor.

This dynamic content approach echoes Forrester’s guidance that vendors must quickly provide training for the latest vulnerabilities and even offer scenarios involving generative AI attack chains for defenders and red teamers.

Our agile content delivery helps ensure that enterprises can keep pace with the threat landscape, so their teams are never caught flat-footed by a new exploit technique or attack trend. New courses and labs featuring the latest technologies (AI, Quantum, Blockchain, and more) and exploits (CVEs, adversarial TTPs) are released on a weekly basis, with regular business-exclusive scenarios that provide additional value to cyber teams.

Cyber ranges for team readiness 

Because Hack The Box is not just a training content library but a full-fledged cyber range platform, it provides rich metrics and assessments to validate readiness.

Teams using HTB can measure their performance on labs and simulations – for example, how quickly they detected an attack in a scenario, or which vulnerabilities they failed to find.

The platform quantifies workforce capabilities and benchmarks performance across teams, giving security leaders hard data on skill levels and progress. This directly supports the trend of focusing on resilience outcomes: instead of merely tracking who completed training modules, CISOs can see evidence of how prepared their team is for real-world threats.

As Forrester notes, modern programs are moving beyond completion rates to highlight incident readiness and identify gaps in skills or processes. HTB reporting dashboards and scoring system align with that need – providing proof of cyber readiness that can be shown to executives, auditors, or the board.

In summary, Hack The Box product ecosystem embodies the hands-on, up-to-date, and skill-based approach that the Q4 2025 Forrester Landscape report identifies as the future of the cybersecurity workforce.

Discover our latest product: Threat Range

HTB Threat Range is a hands-on cyber defense arena where SOC analysts, DFIR investigators, and managers master detection, response, and reporting — boosting KPIs and team readiness.

Watch the full demo

How to secure investments in cyber resilience

Given the evolving dynamics in the market, CISOs and security leaders often face the question: how do we justify the budget for platforms like Hack The Box?

Fortunately, the trends and outcomes highlighted above make a compelling business case. Here are key points to correctly communicate to stakeholders (from technical teams up to the C-suite) when advocating for an investment in HTB or similar vendors:

• Emphasize the return on investment in terms of reduced risk and avoided costs. Forrester’s analysis suggests “tying cybersecurity initiatives to revenue impact and even insurance and compliance considerations. You can highlight that team capabilities and running regular drills will help prevent a costly breach or regulatory fine, essentially paying for itself by protecting the business. When executives see training as insurance the spend becomes a prudent investment rather than a cost.”

• One powerful way to justify a platform is through the metrics it provides. Hack The Box offers dashboards and reports that translate training activities into measurable outcomes. Forrester advises “choosing solutions that deliver useful metrics to demonstrate resilience and guide decisions, linking security efforts to business costs. This accountability and visibility can turn skeptical stakeholders into supporters, as they can literally see the needle moving on your team’s preparedness.”

• Making the case involves showing that Hack The Box can address multiple needs with one spend. Rather than buying separate tools for certification training, defensive simulation, and red teaming exercises, HTB offers a product ecosystem with content spanning many domains. The pricing plans mean you can extend training to a wide range of employees, and build a holistic cyber workforce development program that touches recruitment, training, and retention. As Forrester puts it, “choose a platform that offers flexible options for broader team coverage and provides clear metrics to prove ROI” – HTB checks those boxes.

More guidance on security spending and training vendors can be found by consulting the full Landscape Report. In order to support buyers during any vendor evaluation and purchasing process, we have created some helpful resources and practical tools – which are available within the 2025 Buyers’ Guide:

1. The full Cybersecurity Professional Development Buyers’ Guide 2025 with insights from 800+ customers.

2. A downloadable business case template developed consulting our power users.

3. A practical vendor evaluation checklist to make sure every criteria is taken into consideration.

Interested in seeing how Hack The Box can elevate your team’s capabilities and resilience? Book a demo with Hack The Box today to explore the platform firsthand and unlock a skills-first approach to cybersecurity that meets the demands of 2025 and beyond.