How to Hire Cybersecurity Sales Talent That Actually Closes

Finding account executives, BDMs and SDRs who understand both the technology and the sales process is one of the hardest hiring challenges in the industry. Here’s what the best MSPs, MSSPs and security vendors do differently.

Published by Husaria Consulting · 8 min read

The cybersecurity industry has a sales talent problem. There are thousands of qualified engineers, analysts and architects — but finding a salesperson who can walk into a CISO’s office, credibly discuss threat landscapes, and close a managed detection and response contract is genuinely rare. For MSPs and MSSPs scaling their commercial teams, this gap is one of the biggest constraints on growth.

At Husaria Consulting, we specialise exclusively in placing sales professionals into cybersecurity and IT services firms across the US, UK, Canada and Europe. This guide distils what we’ve learned about why cybersecurity sales hiring fails — and how to get it right.

Why Cybersecurity Sales Hiring Is So Hard

Most sales recruitment agencies treat cybersecurity roles like any other technology sales position. They search for anyone with “SaaS sales” experience, skim the CV for quota attainment numbers, and send across three candidates within a week. The result is almost always a mis-hire — someone who can sell software but can’t hold a credible conversation about zero trust architecture, endpoint detection, or the difference between MDR and MSSP.

The core challenge is that cybersecurity sales sits at the intersection of two very different disciplines. Your ideal candidate needs:

That combination is scarce. And because most generalist recruiters don’t know what they’re looking for, the wrong candidates fill the pipeline and the right ones get overlooked.

“The best cybersecurity salespeople didn’t come from sales — they came from pre-sales, solutions engineering, or even the SOC. They learned to sell because they understood the product deeply. That’s a very different search than looking for an AE who once sold marketing software.”

What Good Cybersecurity Sales Talent Actually Looks Like

Before you engage a cybersecurity recruitment agency or post a job listing, get precise about who you’re hiring. The criteria vary significantly depending on your go-to-market model.

For cybersecurity vendors selling direct

You need an enterprise or commercial account executive who has sold a technical security product — ideally in the same category: endpoint, SIEM, identity, or cloud security. Look for candidates who have sold to a security buyer (CISO, VP Security, Head of IT) rather than a general IT buyer. Quota attainment matters, but so does average deal size and sales cycle length. Someone who closes fifty £20k deals a year is a very different profile to someone who closes five £200k deals.

For MSPs and MSSPs building sales teams

This is where the candidate pool gets particularly narrow. You need someone who understands the managed services model — recurring revenue, MRR growth, churn, and the reality that you’re often selling to an SMB owner or IT manager who doesn’t have a dedicated security team. Former MSP employees who moved into sales, or candidates from the vendor community who have sold through the channel, are your best bet. Avoid candidates who have only sold one-time licence deals — the mindset is fundamentally different.

For SDRs and BDRs entering the market

At the junior end, genuine curiosity about technology and security matters more than deep knowledge. Look for candidates who can demonstrate they’ve self-educated — certifications like CompTIA Security+, reading industry publications, or time spent in a technical support or helpdesk role. The commercial skills can be trained; the intellectual interest in the product cannot.

Recruiter’s tip: Ask candidates to walk you through how they’d explain your core product to a non-technical SMB owner. The answer reveals both their technical comprehension and their sales instinct in one question. The best candidates simplify without dumbing down.

Where Cybersecurity Sales Talent Is Actually Hiding

One of the biggest mistakes companies make is searching only among people with “Account Executive” in their job title on LinkedIn. The best cybersecurity sales talent often comes from adjacent roles:

A specialist cybersecurity recruitment agency will have pipelines into all of these talent pools. A generalist agency will only look at the top of the LinkedIn search results.

Contingency vs Retained Search: Which Model Is Right for Your Hire?

When engaging a cybersecurity sales recruiter, you’ll typically choose between two models. Understanding the difference matters — the wrong choice for the wrong role wastes both time and money.

Contingency search

You pay a fee only when a placement is successfully made, typically 15–20% of the candidate’s first-year base salary. This model works well for mid-level roles — commercial account executives, BDMs and SDRs — where the talent pool is large enough that multiple recruiters can work the role simultaneously. The risk is that contingency recruiters can prioritise speed over precision, and if the role is particularly niche or senior, you may receive quantity rather than quality.

Retained search

You pay a portion of the fee upfront — typically in three stages: briefing, shortlist, and placement — securing the recruiter’s exclusive focus on your role. This is the right model for senior hires: VP of Sales, Head of Enterprise Sales, or your first sales hire at a startup, where the wrong decision costs far more than the additional fee. Retained search is a genuine headhunting service — the recruiter proactively approaches candidates who aren’t applying to job boards.

Our recommendation: For your first hire with a new recruitment partner, start with a contingency arrangement and use the process to evaluate the quality of candidates and the recruiter’s knowledge of your market. If the partnership works, move senior and critical hires to a retained model.

Five Questions to Ask Any Cybersecurity Recruitment Agency

Not all specialist recruiters are genuinely specialist. Before you engage a cybersecurity sales recruitment agency, ask these five questions:

  1. What cybersecurity sub-sectors do you focus on? A good answer names specific areas — endpoint security, SIEM, MDR, MSSP, cloud security — not just “cybersecurity broadly.”
  2. Can you name companies in our space you’ve placed sales talent into recently? They should be able to answer immediately, even if they can’t share client names publicly.
  3. How do you source candidates who aren’t actively looking? The best talent is passive. If the answer is “we post to job boards,” find a different recruiter.
  4. What is your typical shortlist size and how do you qualify candidates before we see them? Three to five deeply qualified candidates is better than fifteen mediocre ones.
  5. What’s your replacement or rebate policy if a placement doesn’t work out? Any reputable agency offers a rebate period of at least three months.

Red Flags in Cybersecurity Sales Candidates

After placing sales professionals into technology and security firms, these are the warning signs that consistently predict poor performance:

The Cybersecurity Sales Talent Market in 2026

The market for cybersecurity sales talent has tightened considerably over the past two years. The MSSP sector is growing at a 17–18% compound annual rate, driving sustained demand for channel and direct sales professionals who understand the managed security model. At the same time, a wave of Series A and B cybersecurity startups are building out their first commercial teams, competing for the same small pool of proven AEs who have sold security products before.

Compensation benchmarks have risen sharply as a result. A strong mid-market account executive with three to five years of cybersecurity sales experience now commands a base salary of £70–95k in the UK and $100–140k in the US, with on-target earnings of 1.8–2.2x base. Companies that anchor their offers to 2021 benchmarks are losing candidates at the final stage.

Remote and hybrid work has also changed the talent pool geography. A strong cybersecurity AE in Manchester or Edinburgh is now accessible to a US-headquartered vendor, and vice versa. Companies that insist on fully on-site roles are significantly restricting their addressable candidate pool without a compelling reason to do so.

Finding exceptional cybersecurity sales talent is hard — but it’s not impossible when you know what you’re looking for, where to find it, and how to evaluate it. The companies that build the best commercial teams in this space share one thing in common: they treat sales hiring with the same rigour they apply to technical hiring. They define the profile precisely, they use specialists to find passive candidates, and they move quickly when they find the right person.

If you’re building a cybersecurity or IT sales team and want to discuss your requirements, get in touch with Husaria Consulting.

Husaria Consulting is a specialist recruitment agency placing sales talent into cybersecurity vendors, MSPs and MSSPs across the US, UK, Canada and Europe. We work on both contingency and retained mandates.

Nick Paduchowski Avatar

Posted by

Nick Paduchowski

Leave a Reply

Discover more from Husaria Consulting

Subscribe now to keep reading and get access to the full archive.

Continue reading