Book a Chemistry Call

3 More Outreach Tactics Cybersecurity Buyers Hate (+ the Alternative)

ciso relationship capital sales outreach Jul 13, 2022
3 More Outreach Tactics Cybersecurity Buyers Hate (+ the Alternative)

I’ve received 50 examples of bad outreach emails from cybersecurity practitioners. Here are 3 tactics that stood out to me (and the security pros that submitted them) + the better approach.

Since I launched WTF Did I Just Read? in April, I’ve received 50 examples of bad sales outreach emails sent to cybersecurity practitioners.

Every month, I've been carefully curating (and anonymizing) each message submitted.

Bonus: I’ve been providing the alternatives recommended by real cybersecurity practitioners.

Why is this important to the industry?

It’s not enough for buyers to bitch about what isn’t working, right?

That isn’t fair to you or me.

We need to understand the alternative.

We need to fix the problem.

How will this help you?

Upon submission, I've asked each security professional who flagged “bad behavior”, as they put it, to provide me a clear explanation of what not to do (the shitlist, if you will) and the alternative approach + simple tips to engaging with them.

  1. You’ll learn effective methods to outreach high-consideration cybersecurity buyers.

  2. You’ll be able to more authentically build real relationships with cybersecurity buyers that will boost your long-term career.

  3. You’ll improve your (and your company’s) reputation as a marketer or a salesperson.

Below, you will find three examples from the latest batch from June’s submissions.

Happy reading. 🔥

Check out the full list and alternatives in the Vault

WTF Did I Just Read: June’s Shitlist (+ The Alternative)

The “I Just Want to Learn From You” Lie 

In the above example, this sales rep reached out to a CISO on LinkedIn claiming they wanted to learn from them.


They then proceeded to email them the same day with the above templatized email - a poor example of a cold sales pitch.

How could you improve this approach?

Do not lie about your intentions.

If you want to learn from your prospect, explicitly say that and explain what you need help with.

Here’s a proven structure you could use to engage a prospect to learn more from them:

“Hey, [Name], I am looking to [insert your personal goal].

Before I [insert what you were originally going to do to reach your goal], could I get some more feedback on [insert one (max two) things you want to take away from your conversation with your prospect]?

I want to make sure I’m not [insert challenge prospect is experiencing in relation to your request].”

When I wanted to learn and understand how I can improve my campaign messaging, I reached out to a prospect and said:

“Hey, [Name], I am looking to create some content on vulnerability management to help teams get context and better identify and prioritize vulnerabilities that pose the greatest risks.

Before I invest time and energy building out my content and website, could I get some more feedback on some of the challenges you’re experiencing and run some copy by you?

I want to make sure I’m building content that is actually useful and not adding to the noise.



What this does is show your audience:

  • You are trying to validate your work and improve yourself

  • You have done some homework on them

  • You are interested in learning about their challenge

  • You are trying to improve your work to be useful

  • You trust and value their knowledge

  • You won’t waste time pursuing trivial tasks

The Opt-Out-Of-Email-But-We’re-Still-Going-To-Call Play

In the above example, this sales rep continued to email AND call a CISO despite the CISO opting out of all communication from the vendor.

To add the cherry on top, the privacy policy in this email was a broken page, which explicitly shows that privacy is not a priority for this company.

How could you improve this approach?

  • Respect a person’s request to leave them alone.

Do not email people who have not explicitly opted in to receive marketing or sales communications.

Do not under any circumstances call people who have not shared their phone numbers with you.

  • Research your prospect to validate if they even have a need for your product or solution.

In the example above, the rep was looking for a CISOs time to talk about procurement. A CISO does not have a need for or challenge with procurement. They are neither able to influence the purchase of a payment processing tool. To add to that, using them as a stepping stone to reach a purchasing manager or CPO will add you to their blacklisted book.

  • Make sure your privacy policy is accessible and not a broken page.

Make sure you have a TL;DR version of your privacy policy on that page that highlights the important points on how you are keeping their data secure and private.

The “Here’s My Client List on a Silver Platter” Tactic

Context is critical. But so is your client’s privacy.

In this example, a sales rep reached out to a CISO to pitch them products that, while might be relevant to the company, have no use in solving this practitioner's challenge.

Additionally, they listed clients that purchased their products.

How could you improve this approach?

  • Refrain from listing your clients, particularly ones that have not given you legal approval to use their corporate name as a reference.

It is not good practice. 

This is rule number one in the CISO Manifesto: Rules for Vendors - 2022 Edition by Gary Hayslip

 A disgruntled security professional could potentially target you, break into your system, and use you as a stepping stone to take out your clients.

“Giving me your client list so I know to target you, break into you and use you as a stepping stone to take them out, isn’t a good thing to do.” - CISO

TL;DR - tips to successfully outreach cybersecurity buyers:

  • Do not lie about your intentions.

  • Take a moment to work out what your prospect does.

  • Do some digging and ask to understand what they need.

  • Call out that you have a new and innovative approach to X. Say you'd love to run it by your prospect and get their feedback.

  • Take a little bit of time to write out a thoughtful, contextual email - not a templated email with a different one-sentence intro pasted into the template.

  • Add an unsubscribe link to your emails so your prospect can opt-out of communication.

  • Make sure your privacy policy is accessible and not a broken page.


Join Audience 1st Today

Join 700+ cybersecurity marketers and sellers mastering security buyer research to better understand their audience and turn them into loyal customers.