How to pick recruitment agencies for your Cyber Security PSL

How to pick recruitment agencies for your Cyber Security PSL

For cyber security and other fast-moving industries, a traditional PSL can sometimes hinder rather than help says Mary Pearson, Sanderson Cyber Security Delivery Manager. She offers up her alternatives.

A Preferred Supplier List (or PSL for short) has been a business essential for many years, enabling companies to source a mix of industry-dependant products and services. These lists can be beneficial but can also be seen as too traditional when it comes to the more fast-moving, modern industries we’ve been encountering in the last few years.

Cyber security is one of those industries.

Cyber security is a thriving field in the UK, experiencing incredible growth and advancement:

Even though this industry has grown massively over the course of time, unfortunately the supply and demand balance has been disrupted; of the c1.32 million UK businesses, it’s estimated that 710,000 have a basic technical cyber skills gap and that 407,000 have high-level skills gap. Some key affected areas include forensic analysis, penetration testing, security architecture, and threat intelligence.

So, if you’re wanting to bolster your cyber security staffing, how do you do so in such a tough recruiting climate?

Companies are becoming increasingly aware of the importance of cyber security professionals within their own staff and for those unaware of the niche nature of the roles, are turning to their trusted PSLs. This is because they’re tried and tested and supply a good range of candidates but two problems become apparent when recruiting for cyber security professionals:

  • The organisation have yet to fully grasp the magnitude of cyber security and think that these roles are already covered by their IT departments. This may be the case but more often than not, some all-encompassing IT departments don’t have the specialist knowledge to carry out the necessary role.
  • Revising PSLs is a company-dependant operation, an action that can take place after every recruitment drive, each year, or not at all. This means that for some organisations wanting to bolster their resourcing with cyber security specialists, they might not be looking to the right, up-to-date agencies.

What can be done about this?


Newer PSL models have been coming into effect as the modern workplace evolves to accommodate new industries. A two-tier system is one such option – having a specialist service as your first port of call before turning to your generalist supplier if the former doesn’t produce the expected candidates.

With that, if you’re looking for a cyber security agency, there are some key traits to look for before making your decision:

  • Personal development – knowledge is the name of the game when it comes to niche vertical market recruitment. Ensure that your recruiters are continually attending events, keeping up-to-date on the latest industry topics and news.
  • Specialist knowledge - Cyber security is just not focussed on technical security professionals. It encompasses three pillars; people, processes and technology. Having a recruiter who knows the intricacies of this diverse industry sector is a vital resource when building your cyber security team.
  • Agile response – The one-size-fits-all approach that can be used by a generalist rather than a specialist recruiter can result in inappropriate candidates for your team. This ultimately leads to a long-winded and often frustrating recruitment process, for all parties. Using an agile approach to recruitment for the more niche roles in highly sought-after sectors ensures that you are sending out the correct message to candidates from the off, dealing with them on a case-by-case basis.

By specialising your PSL list or prioritising a specialist before your generalist, you will have a smoother recruitment process with appropriately selected individuals. For a lot of organisations, whether they are growing an existing team, building a new one or just trying to compete in a highly candidate-driven market, having a specialist recruiter working with them to advise around market trends, salary bandings, job specifications and titles can be invaluable to securing the right people.

If you’re looking to strengthen your cyber security resource, you can get in touch with Mary to find out more or visit our website for more information.

View our Cyber Jobs