Authority LinkedIn Sequences

Segment

CISO

100+ employees, regulated

Persona

CISO / VP Security

Head of InfoSec

Product Hook

Article

Compliance vs Capability

LinkedIn Timeline

25 days

CR + 4 DMs

LinkedIn Sequence — CR + 4 DMs over 25 Days

CR Connection Request

Day 0145 chars

Hi {{firstName}}, I've been writing about the gap between compliance certification and genuine security capability from a regulatory perspective. Good to connect.

Thought leadership positioning. No product. Regulatory perspective = authority.

DM1 Article Insight

Day 448 words

Thanks for connecting, {{firstName}}. I published a piece recently on the difference between compliance and capability. The finding that surprised people most: highly regulated industries perform nearly 200% better on cybersecurity. Not because regulation is perfect, but because it forces uncomfortable conversations. Curious whether you're seeing the same at {{company}}?

200% stat as hook. "Uncomfortable conversations" = provocative. Question invites reply.

DM2 Framework Offer

Day 946 words

{{firstName}}, the piece introduces a framework that a few people have found useful. It maps where organisations sit on two axes: compliance maturity and genuine security capability. The danger zone is top left: certified but not capable. Passed the audit, but the underlying posture didn't change. Happy to send it through if useful.

Two-axis framework teased. "Danger zone" = sticky label. Soft permission offer.

DM3 Social Proof

Day 1539 words

{{firstName}}, a government official I shared the piece with said the framework helped their team articulate something they'd been struggling to communicate to the board. If that distinction between "audit-ready" and "genuinely secure" matters at {{company}}, the article might be worth a read.

Government social proof. Board communication angle = relevant for CISOs.

DM4 Breakup

Day 2524 words

Last one from me, {{firstName}}. Timing might not be right, and that's fine. If the compliance vs capability question comes up later, the offer stands.

Clean exit. Article as standing offer. References the core question.

Campaign Rules

Article URL NEVER in cold DMs — reply-first rule
Raif sends all messages manually — no HeyReach automation
20-contact test only — existing connections from Raif's network
Cross-campaign exclusion: CISO contacts excluded from CEO/MD and maturing campaigns
No product mention in LinkedIn messages — thought leadership only
If 5+ replies → scale via HeyReach automation