

AI Outreach for HR-Tech Companies Selling into Cybersecurity: 55 Meetings, $1.4M Pipeline in 120 Days

How signal-based outbound built $1.4M pipeline for a Series A HR-tech company
A Series A HR-tech company came to us with a specific goal: a steady flow of qualified meetings with HR decision-makers at cybersecurity firms. The product was strong — workforce intelligence and compensation benchmarking built for security-intensive organizations, where the average SOC analyst lasts 26 months and generic HRIS tools can't track cleared-personnel requirements. The problem was reaching the buyer. CHROs and Heads of People at security companies sit inside organizations built to evaluate threats, and they turn that same instinct on cold outreach. Their two SDRs were booking 2–3 meetings a month, most with the wrong people.
We rebuilt their outbound from infrastructure to targeting, and added a signal layer that told us when a security company actually needed what they sold. Here's what 120 days produced.
Results:
~55 qualified held meetings (from 2–3 a month)
$1.4M in pipeline across 17 active opportunities
6.8% reply rate on an HR-buyer audience in cybersecurity (from under 1%)
89% of meetings with verified decision-makers (from ~40%)
Bounce rate from 22% to under 2%
SDR time on manual prospecting from two-thirds of the week to under 10%
Why it wasn't working: a diagnostic
The client came in with one symptom: 2–3 meetings a month, most with people who couldn't buy. Before touching messaging or lists, we ran a diagnostic. We found three problems, and each one was undermining the others.
The infrastructure was burned — and nobody was watching
Sequences were going out from the company's primary domain to lists built in Sales Navigator. Bounce rate had reached 22%, sender reputation was damaged, and a meaningful share of emails was never reaching an inbox. There was no deliverability monitoring at the domain level — so everything the team believed about its messaging was hypothetical. They didn't know how many people were actually receiving the emails.
They emailed everyone — not the people ready to listen
The list was built on static firmographics: cybersecurity companies, 100–1,000 employees, a funding stage. In this vertical that's a costly mistake, because the same CHRO is a completely different buyer depending on timing. A company mid-way through a SOC restructuring after a ransomware event, a contractor that just won a federal award and now has a cleared-workforce problem, a team hemorrhaging senior engineers to a competitor — these are three different conversations. None of those signals were tracked, and all three buyers got the same email.
Emails talked about the product, not the buyer's situation
A typical message led with the feature set: "We help cybersecurity companies reduce attrition, benchmark compensation, and manage their cleared workforce, and we integrate with your HRIS in under two weeks. Open to a 20-minute demo?" It asked for 20 minutes before giving any reason those 20 minutes were worth it, and it showed no sign the sender understood security-workforce specifics — clearance cycles, cleared-vs-non-cleared pay variance, the compliance weight of SOC attrition. A security-company HR buyer pattern-matches that to "not for us" and closes it.
Methodology: signals, archetypes, infrastructure
Before writing the first email, we built a system that wouldn't break at scale. Three things made that possible.
Infrastructure built with redundancy
All outbound moved to secondary domains — the primary domain was removed from campaigns on day one and kept for transactional and customer mail only. We built with surplus: 14 secondary domains, 42 inboxes with full DNS authentication (SPF, DKIM, DMARC) on each, a 30-day warm-up cycle before a single prospecting email went out, and EmailBison handling rotation, deliverability scoring, and blacklist monitoring. If one sending stream gets blocked, traffic redistributes without pausing the rest. Bounce rate on the first real sends came back at 1.3%.
Signals instead of lists — built around three buyer archetypes
We don't build campaigns around contact lists. We monitor what's happening inside target accounts and reach out only when there's a real trigger. Pulling the client's closed-won data, three buyer archetypes emerged, each with its own signals, its own pain, and its own objections — and the previous outreach had treated all three as one audience.
The Scaling CHRO. Companies that grew from 100 to 250+ people in 18 months and hit the analytical blind spots that come with fast headcount growth. Signals: 20%+ headcount growth, a new CHRO or VP People, a Series B/C round.
The Security-First CPO. Companies with government contracts, FedRAMP, or clearance requirements, where HR carries compliance obligations around cleared personnel. Signals: DoD and federal IT contract awards (USASpending.gov, SAM.gov), FedRAMP authorizations, CMMC milestones, new cleared facilities.
The Attrition-Crisis VP People. Companies visibly losing senior talent. Signals: senior departures tracked on LinkedIn, Glassdoor review spikes, competitor poaching.
Government procurement data turned out to be the most underused source of all: USASpending.gov and SAM.gov are public, real-time, and almost nobody in B2B outbound watches them. A company winning a federal contract is about to scale a cleared workforce — a specific, free, timely reason to talk.
One narrative across all channels
Email, LinkedIn, and calls ran as a single sequence around each prospect, not three parallel campaigns. LinkedIn prepared the ground before the first email. Email arrived with a specific trigger. A call happened only after interest was confirmed, and the SDR entered it with the full context of everything that came before.
Tech stack & channels
Channels
Email. Signal before pitch, always. Every email opened with the specific trigger that prompted it, framed against the pain that trigger usually precedes. No HTML, no templated opener. For a VP People at a company that had just earned FedRAMP Ready: a note on the milestone, a factual observation about the cleared-personnel reporting it creates, and a credible line that this is a problem we'd solved before — no demo ask yet.
LinkedIn. A familiar face before the first email. Profile view, a substantive comment on something the prospect actually posted about security-workforce or HR, then a connection request referencing a recent company milestone. In this vertical, domain-literate engagement builds credibility faster than any other channel, because these buyers can assess in seconds whether the person reaching out understands their world.
Stack
Tool | Role |
|---|---|
n8n | Workflow orchestration: signal routing, archetype classification, data flow |
Exa | Neural search across security trade press, procurement news, analyst reports |
ZenRows | Scraping USASpending.gov, SAM.gov, FedRAMP marketplace, Glassdoor, CMMC registry |
Clay | Enrichment orchestration and archetype-specific AI prompt chains |
FullEnrich | Primary waterfall enrichment — verified email and direct mobile |
Leads Magic | Secondary enrichment for low-footprint, security-cleared contacts |
Blitz API | Real-time contact validation before campaign entry |
EmailBison | Cold-email infrastructure: warm-up, rotation, deliverability monitoring |
Salesforge | Pipeline visibility: every prospect, message, reply, and meeting tied to a signal |
The 120-day timeline
Month 1 — foundation, no outreach
No prospect received a message in Month 1. We provisioned 14 secondary domains with full DNS authentication, connected 42 inboxes to a 30-day warm-up, built and tested every n8n workflow, and removed the primary domain from all outbound. Signal monitoring went live: federal contract awards, FedRAMP and CMMC events, funding rounds, headcount growth, and attrition signals. By month-end we had a signal-qualified prospect pool across all three archetypes — every contact in it because of a trigger, not a firmographic filter.
Month 2 — enrichment and soft launch
Waterfall enrichment reached 86% verified email and ~74% verified direct mobile; test sends came back at a 1.3% bounce. We tuned a separate prompt chain per archetype — a different signal reference, pain framing, and opening register for each — before going live. First meetings landed mid-month, starting with a FedRAMP buyer. Around 8 qualified held meetings, reply rate near 4.9%.
Month 3 — multichannel scale
We brought LinkedIn and calls into the sequence. Early data flagged the Security-First CPO as the strongest segment: compliance events create urgency the other archetypes don't feel, and reply rate there ran noticeably ahead of the rest. We shifted weight toward compliance signals without abandoning the other queues. Roughly 20 held meetings that month; blended reply rate to 6.8%.
Month 4 — predictable flow
The system settled into a rhythm: Clay refreshed the queue daily with high-signal targets and disqualified poor-fit accounts automatically. Around 27 held meetings — the peak for the period — at an ~87% show rate, twice the market average. By the time a meeting happened, the prospect had seen us on LinkedIn, received a relevant email, and spoken with an SDR who knew their situation. The meeting wasn't a surprise.
What we adjusted
The clearest lesson came from the archetype split. We had assumed the Scaling CHRO — the broadest, highest-volume segment — would carry the engagement. It didn't. The Security-First CPO converted faster and further, because a compliance event (a FedRAMP authorization, a new federal contract) carries a built-in deadline, and a deadline creates urgency that growth-driven curiosity never matches. We rebalanced outreach toward compliance signals mid-engagement. The takeaway: in this vertical, which signal you target changes the economics more than how many emails you send.
Results
After 120 days the system was running as a predictable flow of qualified meetings — no manual prospecting, no burned domains, no meetings with the wrong people.
The $1.4M is open pipeline: 17 active opportunities with confirmed ICP fit and a meeting with a decision-maker. We're not reporting closed revenue here, and that's deliberate — enterprise HR-tech sales into security run long, and the first closes from this pipeline land beyond the 120-day window. What we can stand behind at the 120-day mark is the quality of what's in the pipeline: 89% of meetings were with verified decision-makers, against roughly 40% before. The volume improvement mattered; the quality improvement mattered as much.
"We'd worked with an agency before that filled the calendar with meetings nobody showed up to. The first thing that surprised us with RevSculpt was the opposite problem — almost everyone showed, around 87% of them. The second was that the people on those calls already knew why we were reaching out. One VP of People at a government contractor spent the first two minutes of the call explaining her own cleared-workforce reporting headache to us, before we'd said anything. That had never happened on a cold-sourced meeting."
— Ivan M., Head of Sales
Key lessons
Infrastructure is the first question, not a technical one. A 22% bounce on a damaged primary domain meant a large share of the previous outbound never reached anyone, and no one knew. Setting this up in-house is a separate discipline: which domains to warm, at what rate, how to spread volume, when to rotate, how to monitor blacklists in real time. One wrong send and reputation drops for weeks.
Buyer archetypes need separate signals and separate messaging. A compliance-driven CPO at a government contractor and a scaling CHRO at a VC-backed startup are not one audience. Treating them as one produces the average of two approaches, which is worse than either. Each archetype here had its own observable signal, its own pain framing, and its own objections.
Government procurement data is a free, specific signal almost no one uses. USASpending.gov and SAM.gov are public and real-time. A company winning a federal contract is about to scale its cleared workforce and needs HR infrastructure generic platforms can't provide. That's a precise reason to reach out, at the exact moment it becomes true.
A wrong-buyer meeting is worse than no meeting. It consumes SDR time, inflates pipeline confidence, and produces nothing. Archetype-based targeting fixes meeting quality before the first email goes out — which is why decision-maker rate moved from ~40% to 89%.
Specificity beats features. A security-company HR buyer evaluates noise for a living. The only first sentence that earns a reply is one that proves, immediately, that you understand the situation they're in right now.
When this approach doesn't apply
Signal-based outbound built on regulatory and hiring triggers is a precise instrument. It works under specific conditions and doesn't replace other approaches where those conditions don't exist.
The product hasn't found PMF. If the ICP is still shifting every couple of months, outbound only amplifies the noise. Meetings will happen; conversions won't.
ACV is too low to carry the infrastructure. Fourteen domains, 42 inboxes, and five enrichment tools justify themselves at enterprise deal sizes. Below that, the math doesn't work.
The vertical generates no observable signals. This worked because security companies emit public, timely events — federal contracts, FedRAMP, CMMC, departures. In markets without that signal density, the model runs at lower intensity.
Deliverability is already healthy. If domains are clean and the team already works with signals, you need optimization, not a rebuild.
FAQ
Why is signal-based outreach effective for HR tech selling into cybersecurity? Cybersecurity is a signal-rich vertical. Federal contract wins, FedRAMP authorizations, CMMC milestones, funding rounds, and senior departures are public events that directly precede specific HR needs. Targeting those moments lets you reach a skeptical HR buyer at the one time they'll engage with a vendor they haven't heard of: when the need is already real. Generic, untimed outreach to the same buyer gets pattern-matched to noise and deleted.
What makes cybersecurity a hard vertical to cold-reach? Three things compound. Security professionals are trained to dismiss anything that looks like social engineering, and weak cold outreach fits that pattern. The culture is skeptical of unsolicited vendor contact. And the market is loud — every HR vendor claims to fix attrition and benchmark pay. Only signal-based, archetype-specific outreach consistently cuts through, because it leads with a real event rather than a claim.
How many buyer archetypes should an HR tech company target? Three at most in one program. Each must have a distinct, observable signal set, its own core pain framing, and its own objection landscape. If two archetypes share more than one of those, merge them. More than three dilutes the signal monitoring and the messaging work without a proportional return.
Does this work for HR tech with long sales cycles? Yes, if the signal framework is calibrated to existing urgency. Long cycles usually come from reaching buyers who know the problem but feel no pressure to act. Timing outreach to a compliance deadline or a funding event reaches them when the pressure already exists — which is also why compliance-driven buyers advanced fastest in this engagement.
How do you know if outbound is the right investment right now? The clearest signal is SDR efficiency. If your reps spend more than a quarter of their week on list-building and data entry, you're paying sales salaries for prospecting mechanics. A signal-based system removes that work and redirects the same headcount to live conversations with qualified buyers.
What's a realistic timeline to first qualified pipeline? Infrastructure and warm-up take the first 30 days. A soft launch in Month 2 produces the first meetings — in this case mid-Month 2. Full volume and consistent contribution land around Month 3, with peak throughput by Month 4.
Ready for consistent pipeline?
Book a 30-minute strategy call. We'll review your outbound, find what's missing, and show you what a signal-based system could deliver for your market.

Spots are now available
Ready for consistent pipeline?
Book a 30-min GTM audit. We'll review your outbound, spot what's missing, and show you what a signal-based system could deliver for your market.






