The 7 best cybersecurity skills assessment platforms

A few years ago I sat a Cyber Skyline assessment for a SOC analyst role at CrowdStrike. The product was functional. The UI was dated, the branding looked like a side project, but the core idea was right - stop pretending you can hire cyber security people from a CV alone.

A couple of years later I ended up on the other side of the table, sitting through a sales demo of the same platform for a SOC team I was building. The founder was pleasant, the product was the same. I could not build my own challenges, there was no AI to help me author them, and a friend who looked at the platform last year could not get a straight answer on pricing because the company had been acquired.

That experience is what this post is about. Hiring based on paper applications is CV astrology - it might be real, or it might be complete fiction, and you cannot tell from the document. Skills assessment platforms exist to give you something better. Here are the seven that come up most often, and an honest read on which one fits which problem.

The short version

If you are hiring cyber security people, the platform that fits your problem depends almost entirely on whether the underlying problem is hiring or training. HackerRank, Hack The Box, Immersive Labs and TryHackMe are world-class at parts of the wider cyber market, but none of them are built around the hiring decision. Cyber Skyline and TestGorilla sit closer to the hiring brief but each carries trade-offs. CyberHire is the only one of the seven built end-to-end for the cyber hiring use case - which is the bias you should expect from a comparison post we wrote.

How to evaluate a cybersecurity assessment platform

Before the platform list, the criteria. If your shortlist is being driven by brand recognition rather than fit, you are going to overpay and under-screen. Six things matter:

1. Built around the hiring decision. Not training, not CTFs, not workforce upskilling. Hiring is a different workflow with different telemetry, candidate experience and reporting needs.
2. Cyber-specific challenge library. Coding-test platforms with a cyber category bolted on do not assess SOC, IR, GRC or threat intel work properly.
3. Real environments. Live Linux boxes, packet captures, SIEM queries, Active Directory simulators, cloud consoles. MCQs alone do not separate strong candidates from confident ones.
4. Anti-cheat that matches the modern threat model. LLM use, paste detection, multi-screen telemetry, behavioural drift. The 2018 proctoring playbook does not work any more.
5. Speed to first test. A hiring manager should be able to spin up a custom challenge today, not wait six weeks for the vendor to build it.
6. Pricing visibility. If you cannot get a number out of the vendor without a procurement cycle, factor that in. Time-to-decision is a real cost.

Now the platforms.

1. CyberHire

A cyber-security-only hiring platform, built by someone who hired cyber people for years and got tired of CV theatre. Hands-on challenges across Linux, packet analysis, SIEM, Active Directory, cloud, code review and incident response. An AI Challenge Generator so a hiring manager can describe the role and get a custom test in minutes. Anti-cheat that catches LLM use, paste detection, multi-screen suspicion and behavioural drift.

Best for: SOC, IR, cloud, GRC, red team / pentest, blue team, threat intel and AppSec hires. The full cyber stack. The product makes one assumption - that you are hiring, not training.

Where we fall short: brand recognition. We launched into 2026 and most hiring managers have not heard of us yet. The product wins, the distribution catches up later. If you want a vendor with a household name in your procurement deck, see HackerRank.

Pricing: published. Starter, Pro and Enterprise tiers, with a free trial that does not need a sales call.

2. HackerRank

The household name in technical screening for software engineers. Bundled with most major ATSs (Greenhouse, Workday, Lever, SmartRecruiters), a deep library of algorithmic and language-specific coding problems, and several years of cyber assessment content layered on top.

Best for: hiring software engineers. If the role is software-shaped first and security-aware second (DevSecOps, security-focused application engineering), HackerRank can carry most of the screening load. The brand familiarity is a candidate-experience win.

Where it falls short: HackerRank’s DNA is coding interviews. The cyber assessment module is a bolt-on, not the spine. If the role is SOC, IR, threat intel, GRC or pentest first, you will be wedging a coding-test-shaped tool into a cyber-shaped problem. We wrote a longer head-to-head on exactly this.

Pricing: enterprise sales process. Plan for procurement.

3. Hack The Box for Business

Hack The Box is an icon. Their consumer CTF platform, training labs and red-team community are some of the best in the industry. Their enterprise tier - HTB for Business - layers hiring on top of training, talent search, CTF infrastructure, and dedicated AI ranges.

Best for: red team and offensive security hiring where the candidate is already active on the consumer HTB platform and you can use that public signal directly. Also strong if you want to bundle hiring with team training under one contract.

Where it falls short: HTB is fundamentally a cyber training company that also does hiring. Nine product surfaces in their navigation, hiring is one of them. If the problem is purely “screen this candidate,” a focused hiring tool fits the workflow better. We covered this in the CyberHire vs Hack The Box breakdown.

Pricing: enterprise quote.

4. Immersive Labs

Enterprise cyber resilience. Continuous skills development, cyber drills, board-level reporting. Used by government, financial services and large enterprises that need defensible, regulator-facing evidence of team readiness.

Best for: upskilling existing teams, not hiring new ones. Cyber drills, DORA reporting, workforce-wide security training. If you walk into a board meeting needing a number on cyber resilience, Immersive Labs is built for that conversation.

Where it falls short: it is not a hiring product. If a Head of Talent Acquisition asks Immersive Labs to screen 200 SOC applicants this quarter, the workflow does not bend that way. The platform is workforce-shaped. The full split is in CyberHire vs Immersive Labs.

Pricing: enterprise quote, six-figure entry point in most cases. Built for FTSE-100-shaped buyers.

5. TryHackMe for Business

Cousin to Hack The Box. Strong gamified training, CTF rooms, structured learning paths and a business tier for teams. Slightly more accessible to early-career candidates than HTB, with a friendlier UI.

Best for: training internal teams, gamified upskilling, and lightweight evaluation of junior or self-taught candidates.

Where it falls short: same shape problem as HTB. Hiring is a feature, not the spine. The candidate signal is “did they finish the room” rather than “would they make a good hire” - those are different questions with different telemetry. The platform is built for the first one.

Pricing: published team-tier subscriptions, with enterprise contracts on top.

6. Cyber Skyline

One of the longer-running cyber-specific assessment platforms, used by some large enterprises (CrowdStrike included, at one point) and powering the National Cyber League CTF in the US. Functional product covering forensics, networking, scripting and several adjacent cyber categories.

Best for: standardised, vendor-managed assessments where you do not want to author your own challenges and you trust the vendor’s library.

Where it falls short: I sat one of their assessments as a candidate and later had a vendor demo. Both were fine on functionality and weak on everything else. Dated UI. No self-serve challenge authoring - the vendor controls the content. No generative AI. The brand has been quiet, the company was acquired, and a friend who tried to buy from them last year could not get a clear price out of the new owners. If you need a platform that adapts to your role library on your timeline, it will not be Cyber Skyline.

Pricing: opaque. Plan accordingly.

7. TestGorilla

A generalist skills assessment platform with a wide test library across hundreds of skills, including a cyber category. Clean UX, transparent pricing, fast onboarding, designed for breadth rather than depth.

Best for: small-to-mid-sized buyers hiring across many roles who want one tool for everything from sales SDRs to junior IT admins.

Where it falls short: the cyber library is broad but shallow. It works for a generalist Cyber Awareness Officer or a junior IT-meets-cyber role; it does not work for “is this candidate actually a senior incident responder.” The tests skew MCQ-and-short-answer, which is the format LLMs eat for breakfast.

Pricing: published per-month subscription tiers.

At a glance

Platform	Built for	Cyber-hiring fit	Pricing
CyberHire	Cyber hiring, end-to-end	Excellent. Full-stack cyber library, real environments, self-serve authoring with AI assistance.	Published. Free trial, no sales call.
HackerRank	Coding interviews	Good for DevSecOps and security-shaped engineering roles. Cyber assessment is a bolt-on.	Enterprise sales.
Hack The Box for Business	Cyber training (hiring is one of nine product surfaces)	Strong for red-team and offensive hires. Weaker for SOC, IR, GRC, threat intel.	Enterprise sales.
Immersive Labs	Workforce upskilling and cyber drills	Not a hiring product. Built for board reporting and team readiness.	Enterprise, six-figure entry typical.
TryHackMe for Business	Gamified cyber training for teams	Hiring is a feature, not the spine. Best for junior or self-taught candidates.	Published team tiers, enterprise on top.
Cyber Skyline	Vendor-managed cyber assessments	Functional content. No self-serve authoring, no AI, dated UI, opaque pricing post-acquisition.	Opaque.
TestGorilla	Generalist skills assessment across many roles	Cyber library is broad but shallow. MCQ-heavy, which LLMs eat for breakfast.	Published per-month tiers.

How to choose between them

Three questions in this order.

Are you hiring or upskilling? If upskilling, you do not need a hiring product. Immersive Labs, Hack The Box and TryHackMe are world-class at training. Use the right tool for the right job.

Is the role cyber-first or coding-first? If the role is software-shaped (DevSecOps, security-focused engineering), HackerRank or a generalist platform like TestGorilla can carry most of the load. If the role is SOC, IR, threat intel, GRC, malware analysis or pentest, the platform should have been built for cyber hiring from day one.

How fast do you need to spin up a custom challenge? If the answer is “tomorrow,” you need self-serve authoring plus AI assistance. If the answer is “next quarter when our admin team has filed the request and the vendor has built it,” a vendor-managed content model is fine.

What to do next

The most honest thing a comparison post can do is admit which buyer it is not for. CyberHire is not for a CISO who needs DORA-compliant reporting on team training - that is Immersive Labs. We are not for a recruiting team that already runs every candidate through HackerRank because procurement signed it three years ago. We are for the cyber hiring manager who has burned a week of senior engineer time on a candidate that turned out to be CV astrology, and wants the next test to actually screen for the job.

If that is the problem, you know where the button is.