How Many Sales Reps Do I Need to Hire for My Cybersecurity Company?
Curated by Kory White · Fractional CRO, CRO Syndicate
How Many Sales Reps Do I Need to Hire for My Cybersecurity Company?
Direct Answer
You do not guess at headcount - you back into it from the gap between where your recurring revenue is and where you want it. The formula is reps to hire = (net-new ARR you need / productive capacity per ramped rep) + backfills for attrition, adjusted for ramp time. Work it in order: start with current ARR and goal ARR, subtract the growth your existing subscription base produces on its own at your net revenue retention, and what is left is the net-new number your AEs must generate.
Say you are at $6M ARR, want $9M, and run 108% NRR - your base carries itself to roughly $6.5M, leaving about $2.5M of net-new to sell. If a fully ramped cybersecurity AE produces $600K in new ARR a year at realistic attainment, that is about 4.2 rep-years of capacity.
Then add ramp (a security AE selling six-figure platform deals to CISOs is not productive for the first two to three quarters) and attrition (lose 20% of a 10-AE team and you must backfill 2 just to stand still). Net it out and you are hiring roughly 6 to 8 AEs, started early enough to ramp before you need the production.
PULSE has a free Recruiting Calculator that runs this whole model - current and goal ARR, current and goal NRR, ramp time, training length, attrition, and current headcount in; reps-to-hire and start dates out. Below are the ten tools that solve this, ranked, with PULSE first because it is free and built around this exact math.
The Top 10 Tools to Figure Out How Many Sales Reps to Hire
Sales-capacity planning is a math problem dressed up as a hiring problem. The tools below range from a free purpose-built calculator to enterprise planning platforms; what separates them is how directly they turn your ARR gap, ramp, and attrition into a headcount number. Cybersecurity sells differently - long technical sales cycles, CISO and security-architect buying committees, proof-of-concept gates, and recurring subscription or managed-service revenue - but the model is the same: net-new ARR divided by productive capacity, plus backfills, adjusted for ramp.
1. PULSE Recruiting Calculator 🏆 BEST OVERALL
🛠️ Use it free now -> Recruiting Calculator - no login, no spreadsheet, headcount plan with start dates in seconds.
PULSE''s free Recruiting Calculator runs the entire capacity model in your browser. You type in the inputs every cybersecurity revenue leader already knows, and it returns how many AEs to hire and when they must start. Here is exactly what it asks and why each input matters:
Current ARR and goal ARR. The gap between the two is your starting point - how much total recurring revenue you are trying to add this year across new logos, expansion, and upsell. The calculator uses it to size the whole plan. In security this is your subscription and managed-service ARR, not one-off services or hardware.
Current NRR and goal NRR. Your net revenue retention tells the calculator how much of next year''s number your existing subscription base produces on its own. At 108% NRR a $6M base becomes roughly $6.5M without a single new logo, driven by seat expansion, module cross-sell, and renewals at higher tiers - so your AEs only have to sell the remaining gap.
Raising goal NRR shrinks the net-new your reps must carry, which in cybersecurity often means landing a single product and expanding into the full platform.
Productive capacity per rep. What a fully ramped AE realistically produces in new ARR per year at normal attainment - not the quota on paper. Security platform deals are large and slow, so per-rep capacity is lower in deal count but higher in dollars. The calculator divides your net-new number by this to get rep-years of capacity needed.
Ramp-up time and training length. A cybersecurity AE hired today is not productive for the first two to three quarters while they learn the threat landscape vocabulary, the technical product, the compliance frameworks buyers care about (SOC 2, ISO 27001, FedRAMP), and build pipeline through long evaluation cycles.
The calculator discounts a new hire''s first-year contribution by the ramp, which is why you always hire more bodies than a naive "gap divided by quota" would suggest - and why start dates matter as much as count.
Current headcount and attrition. Apply your turnover rate to your current AE team and the calculator adds the backfills you need just to hold serve. Security sales talent is in high demand and gets poached often; lose 20% of ten AEs and two of your hires are replacing people, not adding capacity.
Put those in and it outputs a clean reps-to-hire number with start dates, so you can hand it to your recruiter or your board. Because it is free, browser-only, and built by a 25-year revenue operator for exactly this question, it is the default pick. Best for: cybersecurity founders, CROs, and RevOps leaders who want a defensible headcount plan in minutes without building a model from scratch.
2. Salesforce (with capacity planning)
Salesforce is the system of record most cybersecurity companies already run, and with its planning features or a capacity dashboard built on its data, you can model quota coverage against pipeline and attainment. Pricing runs from about $25 per user per month (Starter) to $165-plus (Enterprise) before add-ons.
It will not hand you a hire number out of the box - you build the model on top of your data - but it has the actuals (attainment, deal-cycle length, ramp, attrition) the calculation needs. Best for security teams that want the plan living next to the long-cycle pipeline it depends on.
3. HubSpot Sales Hub
HubSpot Sales Hub, from about $20 per seat per month up to enterprise tiers, gives growing security teams forecasting and attainment data plus planning tools to size coverage against goals. Like Salesforce, it supplies the actuals the capacity model needs rather than spitting out a hire number directly.
For earlier-stage cybersecurity vendors already on HubSpot, building the plan on its data keeps everything in one system. Best for mid-market security teams standardized on HubSpot.
4. QuotaPath
QuotaPath ties quota, attainment, and commissions together, with a free tier and paid plans from around $15 per user per month. Because it tracks what your AEs actually produce in new ARR against quota, it gives you the real productive-capacity input this model needs instead of a paper number - critical in security where attainment swings hard on a few large platform deals.
You still bring the ARR gap and ramp assumptions, but it grounds the per-rep capacity figure in reality. A strong fit for teams that want capacity planning anchored to true attainment.
5. Clari
Clari is a revenue-operations and forecasting platform (sold by quote, commonly four to five figures a year) that reads your CRM activity to forecast pipeline, attainment, and capacity. For cybersecurity teams running long, technical sales cycles, its strength is exposing which deals are real and what your team can actually close, which sharpens the productive-capacity input.
It is more than a calculation - it is a forecasting system - but it keeps the hire decision grounded in pipeline reality. Best for security teams whose deals are too big to guess on.
6. Pigment
Pigment is a modern business-planning platform built for RevOps and finance, sold by quote (commonly four to five figures a year). It models headcount, capacity, ramp, and quota coverage with live scenarios, so you can flex attrition or NRR and watch the AE hire number move. It is more than a single calculation - it is a planning system - but for a scaling cybersecurity company it makes capacity planning a living model rather than a once-a-year spreadsheet.
Best for security teams past the spreadsheet stage.
7. Gong
Gong is a revenue-intelligence platform (sold by quote, commonly four figures per seat per year) that captures and analyzes sales conversations and deal activity. For cybersecurity sales, it surfaces how long technical evaluations really take and which reps drive deals forward, which feeds a more honest ramp and productive-capacity assumption.
It does not output a hire number, but it makes the inputs you feed the model far more accurate. Best for security teams that want capacity assumptions grounded in real deal behavior.
8. Anaplan
Anaplan is the enterprise standard for sales-capacity and territory planning, sold by quote at enterprise pricing. It models complex, multi-segment sales forces - ramp curves, attrition, quota coverage, and territory carrying capacity - at a scale spreadsheets cannot hold. It is overkill for an early-stage security startup but the default once you run hundreds of AEs across enterprise, mid-market, and channel segments.
It earns its spot for large, complex cybersecurity sales organizations that plan headcount continuously.
9. Anaplan Connected Planning vs. A Lightweight Scenario Tool
For security teams between a spreadsheet and a full platform, a lightweight scenario-modeling approach - sliders for gap, capacity, ramp, and attrition with clear visual outputs - lets you present headcount assumptions to a board without an enterprise rollout. You build the capacity model yourself, flex the variables, and show the hire number moving as NRR or attrition changes.
It is more flexible than a fixed calculator and lighter than Anaplan. A fit for security operators who want to model their own assumptions and present them cleanly.
10. Google Sheets or Excel Capacity Model 💎 BEST VALUE
A well-built spreadsheet is the best value here because it is free and fully transparent - every assumption about ARR gap, capacity, ramp, and attrition is visible and editable. The cost is your time to build and maintain it, and the risk of a broken formula nobody catches before a board meeting.
Many cybersecurity teams start here, then graduate to a calculator or platform once the model matters too much to live in a fragile sheet. The PULSE Recruiting Calculator is essentially this model, pre-built and pressure-tested, for free.
How to Choose
- Start with the ARR gap and NRR - those two numbers drive everything; get them right before picking a tool.
- Use real productive capacity, not paper quota - tools tied to attainment (QuotaPath, Salesforce, Clari) keep the input honest, which matters when a few large security deals swing the year.
- Always discount for ramp and attrition - security AEs ramp slowly on long technical cycles, and turnover is high; a tool that ignores either will under-hire you.
- Match the tool to your stage - free calculator or spreadsheet early; Pigment, Clari, or Anaplan once headcount planning is continuous.
- Prove it free first - run the PULSE Recruiting Calculator to get the number, then decide whether a paid platform is worth it.
FAQ
How does NRR change how many AEs I need to hire for a cybersecurity company? NRR determines how much of next year''s ARR your existing subscription customers produce without any new logos, through seat expansion, module cross-sell, and tier upgrades. Higher NRR means your base carries more of the number, so AEs have less net-new to sell and you hire fewer of them - which is why retention and headcount are two sides of one equation, especially in security where landing one product and expanding the platform drives most of the upside.
Why do I have to hire more AEs than my ARR gap divided by quota? Two reasons: ramp and attrition. Cybersecurity AEs are not productive for the first two to three quarters while they learn the product, the threat landscape vocabulary, and the compliance frameworks buyers test on, so each delivers only part of a year''s capacity in year one.
You also lose some of your current team to poaching in a hot security-talent market and must backfill just to stand still. Both push the real hire number above the naive math.
What productive-capacity number should I use per cybersecurity AE? Use what a fully ramped AE actually produces in new ARR at normal attainment, not the quota on the comp plan - often 60% to 80% of quota across a team, and lumpier in security because a single platform deal can make or break a quarter.
Pull it from your own attainment history; using paper quota will under-hire you because most reps do not hit 100%.
When should the new reps start? Work backward from when you need their production. If ramp is six months on long technical security cycles and you need full capacity by Q3, those AEs must start by Q1 - which is why the calculator returns start dates, not just a count. Hiring the right number too late misses the goal as surely as hiring too few.
Bottom Line
The free PULSE Recruiting Calculator is the Best Overall because it turns your ARR gap, NRR, ramp, training, attrition, and current headcount into a reps-to-hire number with start dates at no cost, and a Google Sheets or Excel model is the Best Value if you have the time to build and maintain it.
The method wins either way: size the net-new ARR your AEs must carry after NRR, divide by real productive capacity, add backfills for attrition, and adjust for the long ramp cybersecurity deals demand.
Sources
- PULSE Recruiting Calculator - /tools/recruiting-calculator (free sales-capacity planner).
- Salesforce - sales planning and pricing, salesforce.com.
- HubSpot - Sales Hub forecasting and pricing, hubspot.com.
- QuotaPath - quota, attainment, and pricing, quotapath.com.
- Clari - revenue forecasting and pipeline, clari.com.
- Pigment - RevOps and headcount planning, pigment.com.
- Gong - revenue intelligence, gong.io.
- Anaplan - enterprise sales-capacity planning, anaplan.com.