Cyber security recruitment agency vs in-house screening

If you have an open cyber security role and you are weighing whether to hand it to a specialist recruitment agency or run the hiring in-house with an assessment platform, you are asking the right question. The two options solve different parts of the hiring problem. Most teams who get the buying decision wrong are conflating sourcing (finding candidates) with screening (deciding who to hire), and the answer changes depending on which problem is actually biting.

This post is the practical buyer’s read on cyber security recruitment agencies versus in-house screening platforms. What each one actually does, where each one earns its fee, what the real cost looks like, and how to decide between them in five minutes.

The short version

A cyber security recruitment agency is a sourcing and shortlisting service. They find candidates (often passive ones who are not actively job-hunting), screen against your role brief, and present you with a curated shortlist. Their fee is typically 20-25% of the candidate’s first-year salary, paid only on a successful hire.

An in-house screening platform is a technical-assessment tool. It does not source candidates - it tests them. You bring the candidates (from your own job-board posts, LinkedIn outreach, agency referrals, employee referrals, the company careers page), and the platform produces evidence-based scoring on whether they can actually do the job.

The two are not substitutes for each other. They solve different problems. The right buying decision depends on which problem is harder for your specific situation:

• If your problem is finding candidates, a recruitment agency earns its fee.
• If your problem is filtering candidates, an assessment platform pays for itself.
• If your problem is both, you usually need both.

What a cyber security recruitment agency actually does

A specialist cyber recruitment agency adds value through three things, in roughly this order of importance:

1. Active sourcing. They reach passive candidates who are not on the major job boards. Senior cyber security people are often not actively job-hunting, but a good agency knows who is open to a conversation. This is the part that genuinely cannot be replicated by a job-board posting.
2. Network effects. A specialist agency knows who is on the market right now, what they are paid, what they will accept, and where the talent for a specific niche (cloud security in financial services, IR for an MSSP, a CISO who has done a UK regulated environment) actually lives.
3. Screening against the role brief. They have a phone call with each candidate, confirm fit on the basics (right to work, salary range, role-fit at a high level, motivation, notice period), and present a shortlist that has cleared those gates.

What a recruitment agency does not do well, even at the top end of the market:

• Deep technical screening. Most cyber recruiters are not cyber security practitioners. They cannot meaningfully evaluate whether a candidate can read a packet capture, write a SIEM query, or reason through an incident. They rely on certifications, employer logos and self-reported skill levels - the same signals you can read off a CV.
• Calibrated scoring across candidates. Each candidate is screened in isolation. There is no comparable assessment that lets you rank ten candidates against each other on the same scale.
• Defensible evidence for the hire. When the board asks why you hired this person, the recruiter’s word is not evidence. A scored hands-on assessment is.

The fee structure tells you what they are optimising for: 20-25% of the candidate’s first-year salary, payable only on a successful hire. That aligns the agency’s incentive with making a hire (any hire) within your budget. It does not align with making the right hire.

Where in-house assessment platforms win

An in-house screening platform takes a different slice of the problem:

• Same calibrated test for every candidate. Whether the candidate came from a job board, a LinkedIn message, a referral or an agency, they all go through the same hands-on assessment. The scoring is comparable across candidates, defensible to the board, and produces evidence rather than vibes.
• Senior engineer time saved. A 60-minute calibrated assessment screens out the candidates who clearly cannot do the job, before a senior engineer spends a full hour on them in interview. For high-volume hiring (MSSPs, fast-growing security teams) this is the single biggest cost reduction in the funnel.
• Hiring decisions you can defend. Compliance frameworks (ISO 27001, SOC 2, NIS2, DORA) increasingly want documented evidence that security personnel are competent. An assessment platform produces that evidence as a byproduct of the hire.
• Repeatable, scalable, your own data. The platform builds a library of every candidate you ever assessed, every score, every integrity flag. Over time that data becomes the most valuable thing in your hiring funnel.

What in-house screening platforms do not do:

• Source candidates. You still need a way to fill the top of the funnel. The platform does nothing if no candidates apply in the first place.
• Replace the relationship layer. A recruiter who has known a CISO candidate for five years can put a different conversation on the table than a job-board reply ever will.

The real cost comparison

The numbers are usually decisive. A worked example for a typical mid-market cyber hire.

Scenario: hiring one mid-level SOC analyst at £55,000 base salary.

Recruitment agency route:

• Agency fee at 20% = £11,000 per hire, paid on placement
• Multiplier: every hire pays the fee again
• 5 hires in a year = £55,000 in agency fees

In-house assessment platform route:

• CyberHire Pro at £799/month annual = £9,588/year, flat
• Multiplier: zero - the platform handles unlimited hires inside the plan limits
• 5 hires in a year = still £9,588

The crossover point is roughly one hire per year. Above that, the assessment platform is cheaper, and the gap widens fast. By five hires a year an in-house platform has saved roughly the cost of a full-time recruiter.

That math gets even sharper at higher salaries. A senior cloud security engineer at £85K costs £17K in agency fees per hire. Three of those hires in a year would have cost £51K in agency fees, vs £9,588 in platform subscription.

What the math does not capture:

• The agency might find candidates you cannot. For a niche role (CISO with UK regulated experience, specialist red team lead, AI security specialist) the agency’s network is sometimes the only way to fill the seat. The fee buys access to candidates who do not exist in any database you have.
• Bad-hire risk is the real cost. A bad cyber hire costs around 30% of first-year salary in lost productivity, plus any breach risk that follows. The platform reduces bad-hire risk in a way the agency does not, because the agency’s incentive is to close placements, not to filter rigorously.

How to decide

Three questions, in order. Five minutes.

Are you struggling to find qualified candidates, or to filter qualified candidates?

• Cannot find them: agency wins. Their sourcing network is the value you cannot replicate.
• Cannot filter them: platform wins. The shortlist already exists; you need to know who in it can actually do the job.
• Both: use both. Agency for sourcing, platform for screening. Even agency-sourced candidates run through your assessment.

How many cyber hires will you make this year?

• One or two: agency math works. The platform might still be cheaper, but the agency relationship may earn its keep on senior hires.
• Three to ten: platform pays for itself. Even if you keep one or two agency relationships for senior or specialist roles, the rest go through the platform.
• Ten or more: platform is structural. Per-hire economics with agencies become punishing at this volume, and you need defensible scoring across the whole pipeline.

How specialist is the role?

• Generalist (mid-level SOC, junior pentest, GRC analyst): your own sourcing channels are usually enough. Platform handles the rest.
• Specialist (CISO, niche cloud security, red team lead with TS clearance, M&A integration security architect): agency network adds real value. Platform still scores them when they arrive.

When CyberHire fits

CyberHire is built for the screening side of this picture, not the sourcing side. We do not run a recruitment agency, do not maintain a candidate marketplace, and do not put candidates in front of you. What we do is take whoever you bring (from any source - job board, LinkedIn, agency, referral, careers page) and produce calibrated, hands-on, evidence-backed scoring that lets you decide who to hire and defend the decision.

Pricing is on the website at /pricing. Starter from £299/month, Pro at £799/month, Enterprise from £1,499/month, 14-day trial without a sales call. Crossover with agency-fee math happens at one hire a year and tilts hard from there. The wider screening process this fits into is covered in How to screen cybersecurity candidates without wasting 6 weeks.

If you keep an agency relationship for senior or specialist roles (which most teams do, sensibly), the platform still scores agency-sourced candidates the same way it scores everyone else. Agency relationships and assessment platforms are not in competition - they are stacked.

One honest sentence

Cyber security recruitment agencies earn their fee when sourcing is the hard problem. Assessment platforms earn theirs when screening is. Most teams have both problems, and the right buying decision is usually both - not either-or.