Most ABM content I could find was written by SaaS marketers selling CRMs and project management tools.
Cybersecurity is a different animal. If you treat it like generic B2B, you will burn budget, irritate buyers, and then act surprised when your “personalised” outreach gets ignored.
The tension nobody says out loud is: Cybersecurity buyers are paranoid by profession.
A CISO who receives a hyper tailored email referencing their tech stack, their job postings, or their breach coverage is not automatically impressed. Their first thought is often: how did you get this, and do I want to do business with someone that forward?
You can win with deep personalisation, but you have to earn the right to use it and you have to use it like a scalpel.
Second, the buying committee is enormous and fractured.
A typical mid market security deal is not one persona.
It is a CISO framing risk, a VP Security Engineering validating technical fit, IT leadership worrying about integration, Legal and GRC on compliance, Procurement on vendor risk, and increasingly the CFO wanting cyber risk translated into financial terms…
You are not selling to one person. You are running a coordinated campaign across 6-8 adults who talk to each other that you will never see.
Third, sales cycles are long, unpredictable, and event driven. An account can stay cold for 9 months, then a ransomware incident hits their industry and suddenly they are ready to buy in 3 weeks.
Your ABM programme needs to survive dormancy and then activate fast when the trigger fires.
With that reality accepted, here is how we actually run it.
Warning: it’s long.
Stage 1: Account selection that predicts revenue
The biggest mistake I see is teams building an ICP purely from their CRM history. That means you fit a curve to the deals you already won and call it science.
You should absolutely use your win loss data, but you also need to model the universe of deals you could win.
Build a tiered account list, not just a Tier 1 dream list
We run three tiers:
Tier 1: Strategic, about 50 accounts: White glove. Custom research, exec gifting, in person events, dedicated SDR coverage, bespoke content… We assume a 12 to 18 month cycle and we accept it because ACV makes the maths obvious.
Tier 2: Scalable, about 200 accounts: Light personalisation at company level. Same messaging framework as Tier 1, automated where possible. One SDR can handle 30 to 40 accounts with the right tooling.
Tier 3: Programmatic, about 1000 to 2000 accounts: Industry level personalisation only. Mostly automated. This is lead gen wearing an ABM badge, and that is fine. It feeds pipeline and occasionally a Tier 3 account surprises you and gets promoted.
Pro Tips: Signals that actually matter in cybersecurity scoring
Generic intent data is table stakes. In security, you get leverage when you layer in signals most teams ignore.
Funding and growth signals: Series B or C companies are about to spend on security. Recent IPOs get hit with new compliance pressure. Use alerts on your target list.
Breach and incident signals: Track incident reporting in the vertical. When a peer gets hit, fear spreads and it has a half life. Do not be ghoulish. Be helpful. Timing matters more than clever messaging.
Compliance deadlines: CMMC enforcement, NIS2 in Europe, SEC disclosure rules, state privacy laws with security implications.
If you sell anything touching posture or compliance, these deadlines are your calendar. Some organisations are not “in market” on G2, they are legally required to act, and timing becomes the entire game.
Open job postings: If an account is hiring for SIEM, cloud security, detection engineering, or a head of incident response, they are telling you their priorities. If they are hiring for a role your product can augment or eliminate, you have a clean conversation hook.
Tech stack signals: If you know they run Splunk and Azure Sentinel and just added CrowdStrike, you can infer what is redundant, what is missing, and where you fit.
This is how you avoid walking into discovery and asking basic questions that make you look unprepared.
M and A activity: Mergers create security nightmares. Two identity stacks, two endpoint tools, two perimeters. Post merger integration is a goldmine if your product helps consolidation.
Stage 2: The Account Intelligence Pack
Before an SDR touches a Tier 1 account, we build an Account Intelligence Pack.
Yes, it is expensive.
That is why it is Tier 1 only. Tier 2 gets a lighter version that can be done in under an hour with a structured template and AI support.
A full pack covers:
Buying committee map: Budget owners, technical evaluators, economic sign off, likely blockers. Built from LinkedIn, filings, new hire announcements, and any existing relationships.
Current posture assessment: What tools they run based on job posts and team profiles, external posture signals, public incidents, and frameworks they claim alignment to.
Business context: Their top business initiatives, and how your product maps to those. A CISO cares about risk reduction, a CFO cares about liability and insurance premiums, the board cares about ransomware. You need the right frame per person.
Competitive landscape: What they likely already use, where those vendors are weak relative to you, and where renewal cycles might exist.
Why now: A deadline, an incident, an executive hire, a funding event. You are looking for urgency that is real.
This pack is shared with the AE and SDR before outreach. It is not a PDF you forget. It is a living document that gets updated as you learn.
Stage 3: Multi channel outreach that does not embarrass you
The cardinal sin in security outreach is genericness.
“Hi [First Name], I noticed you are the CISO at [Company]…”
Gets deleted before line two. CISOs get 40 to 60 vendor emails a week. Your competition is not your category, it is the entire security vendor universe.
Here is the Tier 1 sequencing we actually use.
Phase 1: Warm the account before anyone reaches out, weeks 1 to 4
Run targeted ads to the buying committee before SDRs touch anyone. LinkedIn title and company targeting is blunt but good enough.
For Tier 1, use matched audiences with specific profiles or emails gathered carefully within platform terms.
At this stage the ads are not product ads. They are credibility plays.
A benchmark, a framework explainer, a study worth saving.
The goal is simple: your name feels familiar when the first email lands. It is not vanity. Reply rates improve when the brand is not a cold unknown.
Phase 2: Direct outreach, weeks 5 to 8
Our SDRs follow a strict model: Value before ask. The first touch is not a pitch. It is a gift.
Email 1: A specific insight tied to their situation, with zero ask. Example: a regulatory template, a peer benchmark, a checklist they can use. Useful, relevant, low pressure. 😉
LinkedIn connection and engagement: Connect, but do not pitch. Engage with what they post. Comment like a real person. This is slower than spray and pray. It works.
Email 2, a week later: Reference the first email, add new value. Sometimes this is a 2 minute video walking through a specific finding. Video works because it proves a human exists and it earns attention without demanding much time.
Phone call, around day 10: Short voicemail referencing the value you already sent and offering a tight conversation about a specific problem, not a demo.
Email 3, around day 14: A clean break up email. Respectful, direct, one last value offer. These often get the highest replies because people feel the loop closing.
No response does not mean abandon.
The account goes into nurture and watch mode. Continue ads. Keep monitoring triggers. Re engage after 90 days or when a trigger fires.
The LinkedIn DM play nobody admits they use
At CISO level, email open rates are low because executive assistants often manage the inbox.
LinkedIn DMs from someone credible with shared connections can convert better. VP Marketing or your own CISO should send personal notes to peer CISOs at Tier 1 accounts. C to C outreach cuts through noise in a way SDR outreach often cannot.
Direct mail is not dead, it is having a moment
For the top Tier 1 accounts where we can verify details, we send physical packages.
Not random swag. Useful resources, a relevant book with a handwritten note, a printed industry threat brief, an account specific assessment folder.
Thoughtful direct mail gets noticed precisely because most vendors stopped doing it well. Spend a couple hundred pounds on a package to support a six figure deal and the arithmetic is straightforward.
Stage 4: Content that converts in cybersecurity
Security buyers are deeply sceptical of vendor content, and for good reason.
Too many inflated threat reports, too many ROI calculators built on fantasy assumptions.
Your content has to be so obviously useful they would share it with a peer even if they never buy from you.
Content by buying stage
Early stage, problem aware:
Industry benchmarks, practical framework guides, board templates, compliance calendars and checklists.
No product mentions. Pure credibility.
Middle stage, evaluating options:
Technical deep dives that are honest, analyst research if relevant, case studies that are ruthlessly specific, and evaluation frameworks that help them buy the category while quietly favouring your strengths.
Late stage, internal justification:
Transparent business case templates, security questionnaire answers pre filled, reference customer intros, executive briefings that speak CFO and board language.
The secret weapon: the account specific risk brief
For Tier 1 accounts, we produce a 4 to 6 page brief: “[Company] Security Posture Assessment”.
It uses only public information. External posture signals, job posting analysis, public incident history, regulatory exposure, industry threat landscape. We are careful never to imply access to non public data.
This does 2 things. It shows you did enough homework to have an intelligent conversation.
And it changes the tone of the first meeting. When an AE walks in with this, the reaction is usually: nobody has ever done this for us before.
That is a moat no feature can replicate.
Stage 5: The tech stack, what we can actually use
CRM: Salesforce. If you are earlier, HubSpot can work up to a point. Zoho One if you are small and have a lot of patience…
ABM platform: 6sense or Demandbase. Use 6sense. Once it has enough historical win data, the account scoring becomes meaningfully predictive.
Intent: Bombora and G2 Buyer Intent(it works great for the US), layered with external posture data piped into scoring.
Sales engagement: Outreach for sequences, calls, analytics. You can lean hard into Clay for enrichment workflows. It replaces a lot of manual research and makes Tier 2 and Tier 3 personalisation feasible.
LinkedIn ads: Campaign Manager with matched audiences. Conversation formats can work better than you would expect for technical personas who want to self direct.
Video: Loom for prospecting, Vidyard for more polished mid funnel.
Direct mail: Sendoso or PFL. Sendoso makes it easy for AEs to trigger sends from CRM without dragging ops into everything.
Attribution: Marketo Measure.
Also, accept this: ABM attribution is fundamentally messy. If you use last touch, you will defund the very things that are working.
Content experience and web personalisation: Tools like Mutiny for tailoring landing pages by account, plus a content hub platform if you want structured journeys.
Sales intelligence: ZoomInfo, Sales Navigator, Gong. Gong summaries become useful input for keeping the intelligence pack current without relying on AE notes.
Stage 6: Measuring ABM properly
If you report ABM performance with MQLs, you will eventually lose the budget. ABM is account level. Measure it at account level.
Coverage: Percentage of Tier 1 accounts with at least one engaged contact. Aim for 70%+ before you obsess over conversion.
Account engagement score: Aggregated engagement across the buying group, not individual lead scores.
Pipeline from named accounts vs non named: If ABM works, ACV and close rates on named accounts beat inbound.
Velocity: Targeted accounts should move faster.
Win rate in named accounts: This is what a CFO cares about.
Penetration depth: How many unique contacts are engaged per account. In cybersecurity, depth is often the difference between stalled and closed.
Stage 7: Executive programmes nobody budgets for, but should
Once you have credibility, executive programmes become some of the highest ROI activity in your entire go to market motion.
Executive Briefing Centre
Bring a CISO prospect in for a half day. Custom threat briefing for their industry, product roadmap discussion, peer conversation with an existing customer, then deep technical sessions on what they care about.
It is not a pitch. It is a consultation. The trade is time for real intelligence and access.
CISO advisory boards
Recruit 10 – 15 CISOs across customers and non customers, non competing. Compensate properly.
Bring real product decisions to the table. The downstream effect is references, referrals, and market intelligence you cannot buy from analysts.
Exclusive field events
Invite only dinners and roundtables. Tight topics, not generic trends. Facilitate, do not pitch.
Bring one respected external voice. Give your perspective briefly at the end, then follow up with personalised notes and a legitimate reason to keep talking for months.
Stage 8: Operationalising ABM, the part that kills programmes
ABM programmes do not fail because the ideas are bad. They fail because operations and alignment are weak.
Sales and marketing alignment, the real kind
ABM fails when marketing warms accounts sales ignores.
It fails when sales pushes cold outreach while marketing is still running warm up.
It fails when CRM hygiene is poor so marketing cannot see what is happening.
Fix it with a formal account review every two weeks between marketing and sales leadership.
Tier 1 only.
What is engaged, what is cold, what happens next, who owns what.
Also put an SLA in writing.
Marketing commits to delivering engagement. Sales commits to following up within 48 hours of meaningful signals. Hold both sides to it in QBRs.
SDR structure
Generic SDRs working a broad list do not work for ABM in cybersecurity.
Match SDRs by account.
A Tier 1 SDR owns about 30 accounts and knows them properly. They are closer to an AE apprentice than a call centre.
This feels terrifying if you grew up on activity metrics. Ignore activity metrics. Track meetings booked in named accounts and time to first meeting.
Handling “we already have a solution“
In cybersecurity, everyone already has something. The conversation is rarely “do you need this”.
It is “is what you have actually working”.
Train SDRs to respond to “we have a SIEM” with:
I would love to understand how your current setup handles a specific emerging attack pattern in your industry. We have seen peers run into gaps around a narrow problem. Happy to share what we found.
That advisory posture is the difference between a hang up and a meeting.
Stage 9: What changed in 2024 to 2025 that many teams missed
AI powered personalisation at scale
Clay plus AI enrichment workflows changed Tier 2 and Tier 3. We can now pull recent press, executive posts, job listings, and relevant news, then generate a tailored opening paragraph that the SDR reviews and edits.
It is not perfect, but it is close enough to create leverage without creeping buyers out.
Dark social and community presence
CISOs trade recommendations and warnings in private slack groups, Discord servers, and LinkedIn communities.
You cannot buy your way into trust there.
You earn it by showing up as helpful, non promotional, and consistent. It is slow, unmeasurable, and exactly why it works.
The rise of the technical champion
More deals now start bottom up. A security engineer finds your tool via a trial, a GitHub repo, a conference talk, or a technical blog.
They become your internal champion before procurement even exists in the story.
For ABM, this means you need a technical track alongside the executive track, not one or the other.
Buying group marketing
Platforms have moved beyond account level to role based buying group tracking. Defining the core roles and measuring engagement across them is a material improvement if you can implement it properly.
The honest part: what does not work?
Generic intent data without context does not work. Surges can be students, journalists, competitors.
Intent is a signal, not a siren. Layer it with fit and recency.
ABM theatre does not work. A named account list plus standard campaigns is not ABM. If the programme looks the same as your normal demand gen with a new label, it is not ABM.
One person ABM teams do not work. ABM is coordination across SDRs, AEs, content, demand gen, field, customer marketing.
Hiring one ABM manager without leadership buy in is setting them up to fail.
Over personalisation without permission does not work. Anything that feels like surveillance triggers a negative reaction in security professionals.
Personalisation should feel like smart research, never like you have been watching them.
Putting it together: a high level 90 day plan
Read it fast.
Days 1 to 30: Define ICP with rigour. Build Tier 1, Tier 2, Tier 3 lists. Define buying committees. Set up your platform and enrichment. Build the intelligence pack template. Run alignment workshop and establish the biweekly review cadence.
Days 31 to 60: Launch Tier 1 only. Run thought leadership ads to the buying committee. Have SDRs warm accounts and build presence. Produce 10 account specific risk briefs for the top 10. Configure account level engagement tracking.
Days 61 to 90: Begin direct outreach with value before ask. Launch Tier 2 programmatic outreach with enriched sequences. Plan the first executive dinner in your strongest market. Review coverage, engagement, meetings booked. Adjust fast. The first version will be wrong in at least three important ways, and that is normal.
Final thought
ABM in cybersecurity is not a marketing programme. It is a revenue strategy that requires marketing to think like sales, sales to think like consultants, and leadership to commit to measuring outcomes over 12 months plus, not 90 days.
The vendors who win big enterprise security deals are rarely winning because their product is 40 percent better.
They win because they show up consistently, with intelligence and relevance, across the entire buying journey.
Before the RFP, during the evaluation, and often years before a formal process exists.
That is what ABM is for. Build it with that intention and it changes how your company grows.
PS: I don’t normally share things in this much detail, but please do let me know what you think.
Leave a Reply