Hack The Box announced today that its Defensive Operations Analyst (DOA) certificate has been approved through the Department of Defense (DOD) Chief Information Officer’s Cyber Workforce Framework (DCWF) 8140 review process.
This certificate recognizes Hack The Box as a DOD 8140-approved residential training and exercise platform, and as the issuer of a DOD 8140-approved DOA Certificate mapped to specific DCWF work roles.
The approval comes as agencies continue implementing DCWF 8140 workforce requirements, which emphasize role-based qualifications and skills validation for cyber personnel. The certificate provides a skills-based pathway for assessing cyber defense, incident response, and forensic analysis capabilities through practical exercises rather than traditional exam-based testing.
Under the approval, the DOA Certificate aligns with DCWF work roles for Cyber Defense Forensics Analyst (212) and Cyber Defense Analyst (511) at the intermediate proficiency level, and Cyber Defense Incident Responder (531) at the advanced proficiency level.
Hack The Box provides role-based cybersecurity training and exercises across offensive, defensive, and general cybersecurity disciplines. The company said the approval recognizes both its training platform and incident response credential within the DCWF 8140 framework.
“For many years, organization leaders have talked about skills-based training. Hack The Box has now demonstrated that our certificate program can meet the standards established by the DCWF,” said Keith Gologorsky, Senior Vice President of Public Sector at Hack The Box.
Aligning training with DCWF 8140 requirements
Unlike many traditional cybersecurity certifications that focus on knowledge-based testing, the DOA Certificate evaluates candidates through practical cyber defense, forensics, and incident response scenarios designed to reflect operational environments.
“The biggest gaps among defensive cyber teams are often in applied analysis: moving from alert triage to deeper investigation, correlating activity across systems, understanding attacker behavior, and turning findings into response actions,” Gibb Witham, President of Hack The Box said.
The approval reflects a broader shift toward skills-based assessment models that evaluate a candidate’s ability to investigate alerts, analyze artifacts, conduct forensic analysis, and respond to cyber incidents under realistic conditions.
Government cyber missions require personnel who can investigate alerts, analyze evidence, conduct forensic analysis, and respond effectively under operational conditions. Supporters of skills-based certificate models argue that practical assessments provide agencies with stronger evidence of workforce readiness than traditional exam-based approaches alone.
“Traditional certifications often emphasize knowledge recall or exam performance. Our model assesses whether learners can apply skills in realistic environments,” says Gologorsky. “That matters for government agencies because cyber defenders are not evaluated in the real world by how well they memorize concepts; they are evaluated by whether they can identify, analyze, and respond to threats. An assessment-based model gives agencies stronger evidence of practical readiness.”
DCWF 8140-aligned certificates and certifications are intended to help agencies connect workforce roles, skills, and proficiency levels through a common framework. For agencies managing civilian, military, and contractor cyber workforces, the framework can support workforce planning, qualification tracking, and compliance efforts.
Hack The Box’s training and exercise model is built around practical labs, exercises, and assessments that mirror defensive cyber operations. The DOA Certificate focuses on cyber defense analysis, digital forensics, and incident response activities that require participants to investigate, analyze, and respond to simulated threats.
“Industry should help the government move faster by providing current, realistic, and measurable training pathways,” Gologorsky said. “That means aligning with federal workforce frameworks like DCWF 8140, grounding content in real-world threat activity, and giving agencies practical ways to assess readiness.”
“The goal should not be to replace government standards, but to help operationalize them with training and certification models that keep pace with the threat environment”, he said.