CYBERSECURITYMULTICHANNELC-level

Cybersecurity cold email sequence — 54% response rate

9 steps over 30 days. Email, phone calls and LinkedIn. 270 prospects contacted.

Charles Perret

Founder of devlo.ch · March 2026

270

Prospects contacted

81%

Open rate

54%

Response rate

Interested prospects

The 9 keys in the sequence

6 emails, 2 phone calls, 1 LinkedIn message — over 30 days.

EmailDay 1— Introduction

Subject: A] Our call {{firstName}} – cyber-resistance\nB] cyber-resistance – our call {{firstName}}

Hello {{firstName}}, {{Icebreaker — e.g.: Your background and qualifications in IT security are impressive — I’ve had a look at your LinkedIn profile.}} {{PainPoint — e.g.: As you’re no doubt aware, the number of cyberattacks in Switzerland doubles every year, and most of them target Active Directory. Our clients in the {{industry}} sector have turned to our solution to improve their cyber resilience and better withstand the next ransomware attack.}} In a (very) nutshell, our solution: - identifies and prioritises all attack vectors so you can focus your attention on the most dangerous ones - provides prioritised, actionable recommendations to reduce risks associated with your access configurations - maps your entire AD (and/or Azure AD) to provide you with a continuous risk score Time and resources are limited, but with our solution, you know what to prioritise to improve your resilience to attacks. We suggest the actions that require the least effort for the greatest improvement. If reducing your attack surface is a priority, would you be willing to discuss this with our CEO [CEO_first_name]? Kind regards, Charles PS: All our partners have reduced their internal attack surface by over 60% thanks to [CompanyName].

Email3 days later— Proposal

Subject: (same item)

Hello {{firstName}}, Given the importance of {{CompanyName}}’s cyber resilience, I would like to make a proposal and provide further background on [CompanyName]. We would be happy to carry out a security audit of your internal environment (AD, Azure AD). Instead of paying consultants between CHF 20,000 and CHF 100,000 for a pentest or a limited, one-off audit, we are offering you a 30-day trial at a fraction of that cost to continuously analyse your entire attack surface. From experience, the results are guaranteed. Before using [CompanyName], our clients were faced with thousands of recommendations based on qualitative compliance. It took time to understand where to start and identify the most critical issues within the context of their organisation. Now they know where to focus their attention and which actions to take first, thanks to simple, prioritised and context-specific recommendations. [CompanyName] is a Swiss company based in Lausanne and part of Trust Valley. We offer on-premises or cloud deployment in Switzerland or across Europe. Could you spare 45 minutes to discuss your cyber resilience? You can book a time of your choice directly in [CEO_first_name]’s calendar (but if you prefer, I can also send you two or three suggestions). Thank you in advance for your reply, Kind regards, Charles PS: Here’s a little virtual coffee to help you get on with your day :)

Email4 days later— Share brochure

Subject: (same item)

Hello {{firstName}}, I imagine you’re quite busy at the moment? The offer in my last message to trial our solution for 30 days at a very competitive price still stands. I invite you to read our short brochure to understand how graph theory and machine learning techniques enable our solution to continuously map an organisation’s attack surface, identify the most likely attack paths and suggest remedies. Please also note that if your environment is hybrid, our solution analyses not only Microsoft Active Directory, but also Azure Active Directory and the relationship between the two. Does your organisation use AD, Azure AD, GCP, AWS, or an internal directory? Have a good day, Kind regards, Charles

Email5 days later— Contact a colleague

Subject: (same item)

Hello {{firstName}}, I hope you are well. I haven’t heard back from you, so I was wondering whether I should contact you or your colleague {{colleague_name}}? Thank you in advance for your reply, Kind regards, {{salesRep}}

Call4 days later— First call

If the prospect replies: "Hello {{firstName}}, this is {{salesRep}} from [CompanyName]. I’ve sent you some emails about our solution, which can help you improve your cyber resilience, particularly by saving you time and money. Would you have two minutes to spare to see if we could be a good fit for you?" If so: "As you are no doubt aware, in Switzerland the number of cyberattacks doubles every year, and in 80% of audits carried out in 2020, the IT system was compromised within 24 hours (according to Wavestone). In light of this, 53% of large enterprises and SMEs have an AD security project in place. Our solution addresses three common issues: 1) prioritising the actions to be taken, 2) an audit that never stops, 3) a very affordable cost. Our clients have reduced their internal attack surface by over 60% in just a few months." If interested → Qualification questions + schedule a demo. If not interested → Rephrase the problem, handle objections politely. If voicemail: "Hello {{firstName}}, this is {{salesRep}} from [CompanyName]. I hope you’re well. I’ve been trying to get hold of you as you might be interested in finding out how our clients have reduced their attack surface by over 60%. Would you have a minute to discuss cybersecurity? You can call me back on this number or email me. Have a good day."

Email1 day later— After the call

Subject: (same item)

Hello {{firstName}}, I hope you’re well. I tried to reach you by phone yesterday regarding our attack prediction solution (my mobile number is [Number]). Would it be possible for me to call you back at a more convenient time to discuss whether our solution is the right fit for you? Thank you in advance for your reply, Kind regards, {{salesRep}}

Call3 days later— Second call

Same approach as Touch #5. Second attempt to call prospects who didn’t answer the first time. Objective: to speak to the prospect in person. Vary the time of the call from the first attempt (if the first call was in the morning, try again at the end of the day).

Email1 day later— Last email (breakup)

Subject: (same item)

Hello {{firstName}}, I tried to get in touch with you again yesterday, but it seems you have a busy schedule. If there’s a better time, or if you’re not interested in finding out how our solution can add value, please do let me know so that I can stop contacting you. I believe our solution might be of interest to you, as it replaces numerous audits and penetration tests with a single continuous analysis tool, covering the entire internal attack surface at a significantly lower cost. Alternatively, could you let me know if I should speak to another of your colleagues? Perhaps {{colleague_name}}? You’ll find our brochure here just in case, but I’m always available if you have any questions or would like to discuss protecting your infrastructure against the most damaging attacks. Thank you in advance for your reply, and I wish you all the best for the future. Kind regards, {{salesRep}}

LinkedInOn the same day— LinkedIn login

Hello {{firstName}}, this is [CEO_first_name] from [CompanyName]. I look forward to connecting with you and learning about the projects and insights you’re working on at {{companyName}}. See you soon

Why this sequence works

The 54% response rate is down to a carefully orchestrated multi-channel campaign. The six emails do not simply repeat the same message: each touchpoint offers a new angle of value. The introduction sets out the problem (cyberattacks via Active Directory), the second email proposes a concrete action (a 30-day audit), the third shares a technical resource (the brochure), and the fourth activates a powerful psychological lever: redirecting the recipient to a colleague. This technique elicits a response in 70% of cases, either to confirm that this is the right person to contact or to provide the correct contact details.

The decision to make a phone call at Touch #5 (after four emails) is a deliberate one. By this stage, the prospect has already seen the sender’s name four times in their inbox. Even without having opened every email, a sense of familiarity has been established. The cold call is no longer really ‘cold’—it’s a semi-warm call. The script includes specific data (Wavestone statistics on AD compromises, 53% of companies with an AD security project) which immediately positions the conversation at the decision-maker’s level, not the salesperson’s.

Two subtle elements boost the results. A/B testing on the subject line of the first email helps optimise the open rate right from the start — simply placing the first name before or after “cyber resilience” can generate an additional 10–15 percentage points in the open rate. And the “virtual coffee” PS in Touch #2 humanises the exchange in a sector where communication is often highly technical and impersonal. This contrast creates a positive surprise effect that encourages a response.

What you can learn from this campaign

Organise 30 days into 9 sections. The follow-up schedule is staggered: 3 days between the first emails, then 4–5 days, with calls concentrated in the second half of the fortnight. This gradual build-up prevents the prospect from becoming overwhelmed too soon.
Using a variety of channels increases reach. A CISO might ignore emails but answer the phone. Or vice versa. The combination of email, phone calls and LinkedIn covers all three professional communication channels and triples the chances of reaching the prospect.
Quantitative social proof instantly lends credibility. "A 60% reduction in the attack surface" is concrete and verifiable. Compare this with "we help our clients improve their security" — the quantified version generates three times as many clicks on the CTA.
The breakup email (Touch #8) wins over the undecided. By announcing that you’re going to stop contacting the prospect, you create a sense of scarcity. This final email often generates a lot of responses, either saying “not right now, but get back to me in three months” or finally agreeing to a call.
Make the call after four emails, not before. Touch #5 is the first call. By this stage, the prospect has had four opportunities to see your name. The drop-out rate is significantly higher than for a first-contact cold call.

When to use this sequence

Targeting CISOs and security decision-makers

Your ICP includes CISO, CIO, DPO, CTO and other similar roles. These professionals receive a high volume of communications — the multi-channel approach is designed to reach them.

Sales of cybersecurity or IT solutions

Whether your product focuses on access management, threat detection, security auditing, compliance or infrastructure protection, the value proposition can be easily adapted.

Regulated industries

Finance, healthcare, the public sector, energy — organisations in these industries face compliance obligations that make cybersecurity a top priority. The urgency is already there.

Sales cycle of 3 to 6 months

The 30 days of this sequence cover the initial engagement phase. For complex deals involving multiple decision-makers, it is used to secure the first meeting.

Who can use this sequence?

Cybersecurity sales teams

If you sell IT security solutions (SIEM, PAM, IAM, penetration testing, GRC), this sequence is your starting point. Tailor the value proposition to your product.

SDRs aimed at IT security professionals

The call script includes qualification questions and objection-handling techniques specific to the cybersecurity sector. Ready to use.

Cybersecurity channel partners

System integrators, resellers, security consultants — if you represent a software vendor, this guide will help you structure your sales approach from start to finish.

Any B2B publisher selling to CISOs

Even outside the realm of pure cybersecurity, if your buyer persona is the CISO (e.g. backup, cloud, compliance), the structure and timing of this sequence still apply.

Frequently Asked Questions

How many keystrokes are required in a cybersecurity sequence?

Our data shows that a sequence of nine touchpoints over 30 days is the most effective way to reach CISOs and IT security decision-makers. CISOs receive an average of 50+ emails a day and attend numerous internal meetings. You therefore need enough touchpoints to make an impact without becoming intrusive. The combination of 6 emails, 2 calls and 1 LinkedIn message allows you to vary the channels and increases the chances of a response by 3x compared to an email-only sequence.

When is the best time to contact a CISO?

Based on our campaigns, the best time to make a cold call to a CISO is between 8.30am and 9.30am or between 5pm and 6pm, midweek (Tuesday to Thursday). Avoid Mondays (weekly planning) and Fridays (weekend mindset). In this sequence, the first call comes at Touch #5, after four emails — the prospect has already seen your name and your proposal, which increases the pick-up rate by 40%.

How can I tailor this sequence to my business?

Three elements to adapt: (1) the icebreaker — replace it with a reference to a real event in the prospect’s background (certification obtained, article published, conference). (2) The value proposition — replace the metrics with your own (detection time, avoided costs, reduced attack surface). (3) The proof point — cite a client in the same industry as the prospect, with a quantified result. Do not change the structure or the timing between touchpoints — these have been optimised over 270 mailings.

Want a customised sequence for your industry?

devlo designs and executes bespoke B2B cold email campaigns. ICP, buying signals, multi-channel sequences — we take care of everything.

Book a consultation See our services

View all 25 sequences

Last updated: March 2026