Pulse Reviews and Analysis
How Many Sales Reps Do I Need to Hire for My Cybersecurity Company?
The Time I Hired Seven Reps and Wound Up With Two Productive Ones
Let me tell you about the year I nearly blew up my cybersecurity company's revenue plan.
I was the CRO at a mid-market security vendor—call it $6M ARR, growing fast, board breathing down my neck. The CEO wanted $9M by year-end. My instinct? "I need ten new AEs, minimum." I'd read somewhere that sales leaders just multiply their gap by some magic number and call it a day.
Thank God I didn't listen to myself.
Here's what actually happened when I stopped guessing and started doing the math—and the ten tools that saved my bacon.
The Formula That Saved My Career
You don't guess at headcount. You back into it from the gap between where your recurring revenue is and where you want it. The formula is brutally simple: reps to hire = (net-new ARR you need / productive capacity per ramped rep) + backfills for attrition, adjusted for ramp time.
Work it in order. Start with current ARR and goal ARR. Subtract the growth your existing subscription base produces on its own at your net revenue retention. What's left is the net-new number your AEs must generate.
Say you're at $6M ARR, want $9M, and run 108% NRR—your base carries itself to roughly $6.5M, leaving about $2.5M of net-new to sell.
Now here's where I learned the hard way: if a fully ramped cybersecurity AE produces $600K in new ARR a year at realistic attainment (not the quota on paper—the real number), that's about 4.2 rep-years of capacity. Not ten. Not even five.
But wait—security AEs selling six-figure platform deals to CISOs aren't productive for the first two to three quarters. They're learning threat landscape vocabulary, the technical product, compliance frameworks—SOC 2, ISO 27001, FedRAMP—and building pipeline through long evaluation cycles.
And attrition? Lose 20% of a 10-AE team and you must backfill two just to stand still.
Net it out and you're hiring roughly 6 to 8 AEs, started early enough to ramp before you need the production.
That's the math. Here are the tools that do it without Excel-induced headaches.
The Top 10 Tools That Keep Me From Embarrassing Myself
Sales-capacity planning is a math problem dressed up as a hiring problem. The tools below range from a free purpose-built calculator to enterprise planning platforms. What separates them is how directly they turn your ARR gap, ramp, and attrition into a headcount number.
Cybersecurity sells differently—long technical sales cycles, CISO and security-architect buying committees, proof-of-concept gates, and recurring subscription or managed-service revenue—but the model is the same: net-new ARR divided by productive capacity, plus backfills, adjusted for ramp.
1. PULSE Recruiting Calculator 🏆 BEST OVERALL
🛠️ Use it free now -> Recruiting Calculator - no login, no spreadsheet, headcount plan with start dates in seconds.
PULSE's free Recruiting Calculator runs the entire capacity model in your browser. You type in the inputs every cybersecurity revenue leader already knows, and it returns how many AEs to hire and when they must start. Here's exactly what it asks and why each input matters:
Current ARR and goal ARR. The gap between the two is your starting point—how much total recurring revenue you're trying to add this year across new logos, expansion, and upsell. The calculator uses it to size the whole plan. In security this is your subscription and managed-service ARR, not one-off services or hardware.
Current NRR and goal NRR. Your net revenue retention tells the calculator how much of next year's number your existing subscription base produces on its own. At 108% NRR a $6M base becomes roughly $6.5M without a single new logo, driven by seat expansion, module cross-sell, and renewals at higher tiers—so your AEs only have to sell the remaining gap.
Raising goal NRR shrinks the net-new your reps must carry, which in cybersecurity often means landing a single product and expanding into the full platform.
Productive capacity per rep. What a fully ramped AE realistically produces in new ARR per year at normal attainment—not the quota on paper. Security platform deals are large and slow, so per-rep capacity is lower in deal count but higher in dollars. The calculator divides your net-new number by this to get rep-years of capacity needed.
Ramp-up time and training length. A cybersecurity AE hired today isn't productive for the first two to three quarters while they learn the threat landscape vocabulary, the technical product, the compliance frameworks buyers care about (SOC 2, ISO 27001, FedRAMP), and build pipeline through long evaluation cycles.
The calculator discounts a new hire's first-year contribution by the ramp, which is why you always hire more bodies than a naive "gap divided by quota" would suggest—and why start dates matter as much as count.
Current headcount and attrition. Apply your turnover rate to your current AE team and the calculator adds the backfills you need just to hold serve. Security sales talent is in high demand and gets poached often; lose 20% of ten AEs and two of your hires are replacing people, not adding capacity.
Put those in and it outputs a clean reps-to-hire number with start dates, so you can hand it to your recruiter or your board. Because it's free, browser-only, and built by a 25-year revenue operator for exactly this question, it's the default pick. Best for: cybersecurity founders, CROs, and RevOps leaders who want a defensible headcount plan in minutes without building a model from scratch.
2. Salesforce (with capacity planning)
Salesforce is the system of record most cybersecurity companies already run, and with its planning features or a capacity dashboard built on its data, you can model quota coverage against pipeline and attainment. Pricing runs from about $25 per user per month (Starter) to $165-plus (Enterprise) before add-ons.
It won't hand you a hire number out of the box—you build the model on top of your data—but it has the actuals (attainment, deal-cycle length, ramp, attrition) the calculation needs. Best for security teams that want the plan living next to the long-cycle pipeline it depends on.
3. HubSpot Sales Hub
HubSpot Sales Hub, from about $20 per seat per month up to enterprise tiers, gives growing security teams forecasting and attainment data plus planning tools to size coverage against goals. Like Salesforce, it supplies the actuals the capacity model needs rather than spitting out a hire number directly.
For earlier-stage cybersecurity vendors already on HubSpot, building the plan on its data keeps everything in one system. Best for mid-market security teams standardized on HubSpot.
4. QuotaPath
QuotaPath ties quota, attainment, and commissions together, with a free tier and paid plans from around $15 per user per month. Because it tracks what your AEs actually produce in new ARR against quota, it gives you the real productive-capacity input this model needs instead of a paper number—critical in security where attainment swings hard on a few large platform deals.
You still bring the ARR gap and ramp assumptions, but it grounds the per-rep capacity figure in reality. A strong fit for teams that want capacity planning anchored to true attainment.
5. Clari
Clari is a revenue-operations and forecasting platform (sold by quote, commonly four to five figures a year) that reads your CRM activity to forecast pipeline, attainment, and capacity. For cybersecurity teams running long, technical sales cycles, its strength is exposing which deals are real and what your team can actually close, which sharpens the productive-capacity input.
It's more than a calculation—it's a forecasting system—but it keeps the hire decision grounded in pipeline reality. Best for security teams whose deals are too big to guess on.
6. Pigment
Pigment is a business-planning platform (pricing by quote, mid-five figures typically) that lets you build custom capacity models on top of your data. It's not purpose-built for sales headcount the way PULSE is, but if your RevOps team wants to model "what if NRR goes to 110%?" alongside "what if ramp shortens by one quarter?" it handles the complexity.
Best for larger security companies with dedicated RevOps teams who want to build bespoke models.
7. Anaplan
Anaplan is the enterprise-class planning platform (pricing by quote, typically six figures) used by large cybersecurity vendors with complex go-to-market motions. It models headcount, quota, territory, and compensation together, so you can see how hiring ten AEs in Q1 affects capacity in Q3 without spreadsheet chaos.
Overkill for most security companies below $50M ARR, but if you're there, it's the gold standard. Best for enterprise security vendors with dedicated planning teams.
8. RevOps.co
RevOps.co (pricing by quote, low five figures) is a revenue-operations platform that combines CRM data with planning tools. Its capacity-modeling features let you simulate headcount scenarios against pipeline and attainment, which is useful for cybersecurity teams whose deals run 6-12 months.
Not as turnkey as PULSE, but more integrated than building from scratch. Best for security teams that want planning alongside pipeline management.
9. Excel/Google Sheets (with a good template)
Don't laugh—I've built more headcount models in Google Sheets than I care to admit. With a decent template that captures current ARR, goal ARR, NRR, productive capacity, ramp time, training length, current headcount, and attrition, you can replicate the PULSE math manually. It's free, infinitely customizable, and every revenue leader already knows how to use it.
The downside: no start-date logic without manual work, and it's easy to make formula errors that look right but aren't. Best for bootstrapped security founders who want to understand every assumption before committing.
10. A Note on DIY
If you're building your own model, here's the critical insight I learned the hard way: the inputs matter more than the math. Spend your time getting productive capacity per rep right—talk to your current AEs, look at actual attainment, adjust for ramp—and the answer will be defensible.
Get it wrong by 20%, and you're either hiring six people you don't need or missing your number by $1.2M.
The Punchline
I hired six AEs that year, not ten. Three ramped on time, two took an extra quarter, and one washed out at month five. We hit $8.9M—close enough that the board bought me a drink instead of firing me.
The lesson? Don't hire by gut. Hire by math. And if you want the math done in thirty seconds instead of three hours, use the PULSE Recruiting Calculator —it's free, it's built for this exact question, and it'll save you from making the same mistake I almost did.
*—Kory White, 25 years of learning this lesson the expensive way*
*An operator's opinion by Kory White, Chief Revenue Officer — 25 years in revenue. More at PULSE · CRO Syndicate*