When I joined Hack The Box’s (HTB) talent acquisition team, I quickly realized that it was not just another typical organization. The leadership, the employees, the product, the customers, and the love that people had - and still have - for the product impressed me.
As my journey progressed, it became clear that certain positions were covered primarily through our community. Take, for example, Marshall Livingston (@tr33). He transitioned from being an HTB enthusiast to HTB’s Sales Engineer. As a Sales Engineer, he helps our business customers understand the technical aspects of our products, enabling corporate cybersecurity teams to advance their cybersecurity skills and improve cyber resilience.
This hiring approach made perfect sense. HTB enthusiasts who upskilled on our cybersecurity training platform were the perfect candidate pool to tap into for positions that required a deep, technical understanding of our product and broader cybersecurity concepts.
Fun fact: Approximately 13% of our hires from 2021-2022 were HTB users.
As soon as the pattern of HTB users being hired was recognized, it was important to manage it in a systematic way so that we could streamline the hiring process for technical recruitment. The talent team began by identifying roles that require various levels of technical and product knowledge. The final list looked something like this:
Growth Community Associates
Technical Customer Support
Customer Success Associates
Content Engineers (Testers, Creators of HTB hacking content)
Product Delivery Managers
After identifying these important roles, we outlined and prioritized different ways to connect with our community members in order to raise awareness and invite them to apply for these specialized roles. We searched for:
Community members who submitted hacking content to HTB
Project-based contractors and partners that we worked with
Existing HTB employees and referrals
A big part of HTB’s value proposition is its high-quality content. The platform provides a wealth of challenges - in the form of virtual machines - simulating real-world security issues and vulnerabilities that are constantly provided and updated by the community. While the company started to generate this content on its own, over the years, our players have contributed to Hack The Box’s library of content and are now compensated for it.
Users submitting machines are our number one candidate pool when hiring Content Engineers (the people who design and test our hacking content) at HTB because they have proved their skillset and passion by completing the unique technical task of building and submitting hacking content.
From a recruitment standpoint, it was important to establish a close partnership with the owners of the submission process and align it with recruitment. Identification and engagement of potential candidates were the two main pillars that needed to be clearly defined.
After realizing this, I had a conversation with the Training Lab Architect who owned the content submission process back then. The idea was to encourage more people to submit machines by sharing helpful resources and guides. The thinking behind this?
More submissions → more capable people developing content→ bigger candidate pool → great talent to hire (and more content for HTB).
From a recruitment perspective, we also talked about:
How we would identify potential hires.
How a person submitting content could share their availability.
Who should reach out initially to express interest in hiring/being hired.
How to gauge the customer/user experience for anyone who submitted content.
(In this case, I wanted the people submitting content to have a great experience and generally avoid losing potential hires or customers due to a bad candidate experience.)
The end result was a structured reward and submission process in place with a how-to guide and Ask-Me-Anything (AMA) session to further enable content creators and sustain a stronger pipeline for talent.
For projects or tasks that require extreme specialization, we’ll often partner with external contractors who work closely with an HTB employee until a project or piece of work is delivered. These contractors are usually fans of the HTB platform.
This type of partnership has turned into full-time employment in the past and is an approach that creates benefits for both, the contractor/potential employee, and the organization because:
It gives potential employees the opportunity to experience the job.
We can effectively assess a potential employee's technical skillset.
Our staff get to work with a potential employee and have the chance to assess the individual’s ability to collaborate with our team.
Tip: As a recruiter, it’s important to know what kinds of positions are usually filled this way. The big idea here is to have contractual employment as a recruitment solution, especially for positions that are hard to fill. Meaning, hiring managers that have trouble filling a certain position could build a network of contractors that would be working on the tasks or deliverables of the related position. And when a position opens, these contractors could become a candidate pool from which hiring managers can hire.
This conversation can be initiated by the recruitment team, which could share success stories from contractors becoming employees. This way, recruiters can add more value to the recruitment process and truly own their role as talent advisors.
HTB is the largest hacking community! We constantly promote community, knowledge sharing, and good communication. Of course, our employees are also part of this community. Many are active players on the platform and often engage with users. This gives them insights into how other users think, perceive the brand, and means they’re familiar with the skills that others possess - making them a great source of information for talent acquisition and recruitment teams.
Having our employees on the field, interacting directly with the product and its users, naturally leads to our employees referring community members. The users that get referred are people that have demonstrated a passion for cybersecurity upskilling, a strong technical skillset, and most importantly, an ability to collaborate.
For this reason, we often directly ask our employees to refer or recommend future hires.
Building awareness around a job is a major thing. A great candidate might readily join a certain company, but that doesn’t necessarily mean they’re aware of a position that’s a fit for them.
Given that HTB users are a great candidate pool for certain positions, and many of them are passionate about what we do, it only made sense to incorporate available jobs into certain communications. So we now relay job openings to our global network of HTB ambassadors to share within community meetups. We also include an open jobs section in one of our newsletters.
Bear in mind that we’re not sharing all our open positions with the community, that would be spammy. We only share those that require technical or product-specific expertise.
This post would not be complete without mentioning HTB’s very own job board. It’s one more place, where we publish any cybersecurity job post. This way we ensure that people that are actively looking for jobs, whether they are players of the platform or not, are aware of our vacancies.
Do your homework and review past hiring data. For example, ask your employees in a poll whether or not they were a customer or were familiar with your product.
Start by mapping the roles that could be filled by your customers. Different roles might have different customer personas.
Connect with stakeholders. If you're considering tapping into your user base to hire for technical or product-specific roles, for example, the marketing team is a good starting point. They’ll be able to provide you with customer personas that might connect you with potential employees who are already product experts. Regardless of which department you tap on the shoulder, it’s important to stress the need to onboard people that are familiar with and inspired by what your organization does.
Trust your stakeholders and develop a system. Know what roles you’re hiring for and why; then document how you’ll reach ideal candidates. This will help you get buy-in from stakeholders and decision-makers.
Companies like Amazon Web Services, NTT, Verizon, Daimler, DAZN, and Context Information Security use Hack The Box to optimize cybersecurity recruitment by directly accessing skilled security professionals.
Hassassin, Mar 16, 2023