In 2019, acclaimed ethical hacker Steven Walbroehl and growth hacker Rob Behnke founded Halborn, a blockchain and SAAAS (Security Advisor as a Service) company. What started as a small and regional organization has since grown to a team of more than 100 individuals around the world while providing services to nearly 100 global technology and consulting firms.
Included in Halborn’s portfolio are advanced penetration testing, smart contract audit, and DevOps + automation services, as well as a comprehensive SAAAS package featuring more than 11 individual services. Their mission? To serve as a third-party provider capable of continuously monitoring critical assets, enhancing processes, and providing industry-leading cybersecurity consulting.
With a fully remote team working in more than 22 countries, and an ever-evolving cyber landscape to keep up with, the Halborn team knew they needed to find a way to ensure their staff remain aligned with the latest threats as well as the best ways to mitigate them. This is where Hack The Box comes in.
Initially, the Halborn team conducted all training in-house. Gabi Urrutia, Halborn’s first employee and Vice President of Security Engineering, spent countless hours writing educational manuals focused on the Google Cloud Platform and AWS. With these manuals, Gabi and his team would host internal workshops and educational sessions to help the team stay up-to-date on the latest cloud threats. Unfortunately, Gabi was unable to continue developing training on top of his day-to-day responsibilities, and he began the search for an alternative that would allow his team to train when, where, and how they wanted.
But what initially led Gabi to HTB wasn’t the business platform with Halborn. His journey with HTB started several years prior when he was working as a United States Naval Officer within the United States Cyber Command.
“I’ve been here [at Halborn] from the beginning, and security has been on my mind since the beginning too,” Urrutia said. “I played because, in the government, they use Active Directory and since I was the lead of the internal team, I did Rasta Labs on HTB Pro Labs to understand how to hijack an Active Directory and Rasta Labs helped me to improve my skills.”
In addition to Gabi, a majority of his team had used HTB to further their professional skills outside of work. And with cloud technology being their primary focus, the introduction of HTB Cloud Labs came at a perfect time.
“To be honest, Hack The Box has the reputation. We tried to look for other platforms, but when we saw you just launched BlackSky, we went for it,” he said. “Whatever comes from Hack The Box makes people super excited about it. We heard really good feedback from folks at our company and we were excited to learn more things about Cloud security.”
After making the transition from the Main Platform to the Enterprise Platform, the Halborn team immediately began diving into the material and developing their own way of using it. This includes dividing up into groups and working through Cloud Labs at the same time. Once a lab has been completed, a meeting takes place to share ideas, exchange experiences, and walk through any difficulties the group might have had.
These meetings have also allowed the Halborn team to test new methods and techniques to use while performing their jobs. For example, if the team discovers a new way to escalate privileges while working through a lab instance, they’ll assign an internal point of contact who is responsible for showing the discovery to other members of the company and educating them on the benefits of the new approach.
“We are a super special company and we try to improve ourselves all the time. We have multiple internal workshops to show the cool things across each team that they did before and try to foster this kind of improvement,” said Gabi.
Outside of improving the skills of his team, Gabi knew the next step was to focus on how to leverage those skills to produce comprehensive, security-focused audits for Halborn customers.
“Honestly, I saw some reports from other companies and auditors, and it was not focused on security,“ he said. “Our audits now have more quality than before. When you start your analysis, it’s important to cover all the external attacks. And thanks to HTB’s BlackSky Cloud labs, we’re able to provide better recommendations to clients while also helping prevent them from being hijacked by internal members.”
In addition to improving the quality of their audits, Gabi shared that 15 members of his team are now Blizzard, Hailstorm and Cyclone certified as a result of the skills developed using the HTB platform. But the benefits don’t stop there.
Because of the success his team has seen with HTB, Gabi has big plans for the future, which include hosting a company retreat and organizing several days dedicated to working, hacking, and continuing to grow as an organization.
Since implementing Hack The Box into their training program, the Halborn team has:
Reduced time spent conducting audits by 25%
Certified 15 team members in Cloud security
Enhanced knowledge of all three major cloud providers
Allowed a fully remote team to learn when, where, and how they want
Mastered practical skills in a secure, guided environment
Loved by an infosec community of more than two million members, Hack The Box is helping security leaders across the globe equip their teams with the skills and expertise needed to proactively secure and protect their organizations.
Whether you’re sharpening specific techniques, training up junior staff, or looking to recruit skilled cybersecurity talent, HTB has a solution to fit your needs. Measure, assess, and proactively close your organization’s cybersecurity skills gap with a single platform focused on improving cyber workforce learning and development.
Computer and network security
reannm, Feb 23, 2024