Maturing Email Sequences v6.7

Segment

Maturing

51-200 employees

Persona

IT Manager

cybersecurity on top of IT

Positioning

Independent layer

complement, not replace MSP

Framework

DIRECT-PASB

Hybrid per Echo S18

Timeline

19 days

5 emails

Variant A · Scorecard-Led

Every cold email offers the Compliance Blind Spot Score as the entry point (gift framing via lead magnet). Reply keyword: scorecard. Value-first psychology; Cialdini reciprocity. Meeting happens post-engagement in Hot Nurture.

Variant B · Advisory-Led (Raif's 30 Minutes)

Every cold email offers 30 minutes with Raif as a gift: listening + advising + sharing what's worked for similar teams. NOT a demo. NOT a walkthrough. Reply keyword: advice. Sourced from Raif's own draft + Partner Playbook.

E1 identity reframe: "supervising 750 financial institutions ... with one other person. Independent verification was structurally impossible at that ratio." replaced with Raif's preferred "I spent 20 years leading cybersecurity at the APRA equivalent with a small team. I know how it feels and what it takes." Tenure + role + comparable institution + empathy bridge — the 750/2 math wasn't relevant to the prospect.
E1 MSP intro warmer: "Your MSP says you're covered. You mostly believe them" → "Your MSP is probably doing fine on the day-to-day."
E1 close: "CyberHeed exists to fix that for you, and not by replacing your MSP" → "That gap, between what your MSP tells you and what you can independently verify, is what CyberHeed fills." Tighter; complement-don't-replace positioning preserved at sequence level via E3 + E4.
E3 firm size: 30-person → 50-person professional services firm (in-segment for 51-200 maturing target). Subject "12 people" → "50 people" (consistency fix).
E3 discovery verb: dropped "ran the scorecard" so the body works for both Variant A (scorecard CTA) and Variant B (advisory CTA) per Section 18 Move 5.

Previous v6.6 (22 April) reframes — MSP respect pass — preserved in version history below.

Email Sequence · 5 Emails over 19 Days

E1 Operating-Reality + Identity + Helping Intent

Day 0~95 words

Subject (spintax, 3 options)

the cybersecurity work nobody owns

ISO 27001 in weeks, your IT manager runs it

the $80K quote that didn't fit your budget

Hi {{firstName}}, You're carrying cybersecurity for {{company}} on top of everything else IT throws at you. Your MSP is probably doing fine on the day-to-day. But if a security consultant walked in next week and asked to see your evidence, how confident would you actually feel? I spent 20 years leading cybersecurity at the APRA equivalent with a small team. I know how it feels and what it takes. That gap, between what your MSP tells you and what you can independently verify, is what CyberHeed fills. [See CTA below per variant] Raif Bedewi Founder, CyberHeed

Variant A · CTA

The Compliance Blind Spot Score gives you a five-minute independent read of what's actually in place at {{company}}. Reply "scorecard" and I'll walk you through it. No signup, no rush.

Variant B · CTA

30 minutes, no pitch. Just listening to what you're carrying, sharing what's worked for teams in your spot, and pointing out what's worth doing first at {{company}}. Reply "advice" and the calendar's yours.

Strategy Opens with operating-reality acknowledgement (PASB-style) per Echo Section 8. Raif identity via scale-and-ratio (no regulator name per Discovery 9). Helping intent lands with "CyberHeed exists to fix that for you, and not by replacing your MSP." DIRECT-PASB Hybrid per Section 18.

E2 Insight Through Story · MSP Testing Gap

Day 3~100 words

Subject (spintax, 3 options)

what nobody has tested yet

you're covered, but nobody tested

the cybersecurity gap nobody talks about

Hi {{firstName}}, Your MSP is doing the work. MFA on, patches going out, backups running. You ask "are we secure?", they say "you're covered". Both of you are telling the truth as you see it. But neither has tested whether it would hold under an audit, a vendor question, or a real incident. That gap, between what's covered day-to-day and what you could defend under pressure, is where preventable problems live. [See CTA below per variant] Raif Bedewi Founder, CyberHeed

Variant A · CTA

The Compliance Blind Spot Score tests it in five minutes. Independent record, evidence-based. Reply "scorecard" if it'd help, happy to walk you through what it covers.

Variant B · CTA

If you'd like to talk it through for {{company}} specifically, reply "advice" for 30 minutes. No deck, no demo. Just listening to what's already in place, where the gap probably sits, and what's worth doing first.

Strategy Raif's "both telling the truth" framing (sourced from his sequence-b-advice-call.md draft) reframes the gap as STRUCTURAL (no one tested it) rather than MSP failure. MSP-respect per Section 12 Rule 1.1 — preserves the channel-partner story while surfacing the verification gap.

E3 Real Proof · Peer Anchored

Day 7~110 words

Subject (spintax, 3 options)

50 people, no consultants, ISO certified

the cybersecurity brain that outlasted the consultant

they got certified in weeks

Hi {{firstName}}, You probably trust your MSP. The IT manager at a 50-person professional services firm trusted his too, but wanted independent verification before the next audit. He saw three areas worth tightening before the auditor arrived, used the platform to close them in weeks, and now has something to point to when the CEO asks. He didn't replace his MSP. He added the independent layer that took the personal risk off himself. The same layer is here for your situation at {{company}}. [See CTA below per variant] Raif Bedewi Founder, CyberHeed

Variant A · CTA

Reply "scorecard" and I'll set yours up. Happy to point out where you're already strong, not just where the gaps are.

Variant B · CTA

If you want to hear how he did it (and what you could do this quarter at {{company}} without spending consultant money), reply "advice" for 30 minutes. Happy to walk through what worked for him and what would fit your situation.

Strategy Peer proof from Tier 1 trust source (12-person firm IT manager, not founder testimonial) per Section 13. "Didn't replace his MSP" reinforces complement-don't-replace positioning. "Saw three areas worth tightening" (not "MSP wasn't covering") per MSP-respect sub-rule.

E4 Exact Value · Vendor Questionnaire + Two-Part Platform Offer

Day 12~120 words

Subject (spintax, 3 options)

the Friday vendor questionnaire trap

200 questions, due Monday

the answers your team already has

Hi {{firstName}}, The vendor security questionnaire arrives Friday, due Monday. 200 questions. Some are MSP territory. Some are yours. Nobody could answer all 200 with the evidence to back it inside a weekend. That's where CyberHeed fits. The platform gives you an independent view of what's actually in place at {{company}}, day-to-day. When something specific comes up, audit prep, a customer questionnaire, a board report, expert hours sit on standby for {{company}}. You don't replace your MSP. You add the independent layer that takes the risk off you personally. [See CTA below per variant] Raif Bedewi Founder, CyberHeed

Variant A · CTA

Reply "scorecard" and I'll send the five-minute starting view. Happy to talk through how the standby hours work for the moments you can't predict.

Variant B · CTA

If you'd like 30 minutes on what's exposed at {{company}} and what's worth doing first, reply "advice". No deck, no demo. Just your situation and the priority moves, mapped together.

Strategy Vendor questionnaire scramble opens (Section 7 Pain #7, validated). Two-part platform offer per Section 18 (e) Move 3: "the platform gives you the independent view day-to-day. When something specific comes up, expert hours sit on standby." Anchors CyberHeed as the right-sized investment for 51-200 segment orgs (vs $80K consultant trap).

E5 Clean Exit · Standing Offer + Warm Exit

Day 19~75 words

Variant A subject (spintax, 3 options)

standing offer, {{firstName}}

when the next trigger hits

no worries if not now

Variant B subject (spintax, 3 options)

30 minutes stays here

when cybersecurity hits your desk

last note from me

Variant A · Body + CTA

Hi {{firstName}}, No worries if the timing isn't right. The Compliance Blind Spot Score stays here for whenever you need an independent read of what's actually in place at {{company}}. Whether that's a client requirement, a tender, a vendor questionnaire, an insurance renewal, or just wanting to know for yourself before someone asks. Reply "scorecard" whenever it lands. No rush, all the best either way. P.S. Reply 'stop' to drop off. Raif Bedewi Founder, CyberHeed

Variant B · Body + CTA

Hi {{firstName}}, Last note on this. When you next need to talk through what's actually in place at {{company}}, whether that's a client requirement, a tender, a vendor questionnaire, an insurance renewal, or just wanting to know for yourself before someone asks, reply "advice" and the calendar's yours. 30 minutes stays here for whenever you need it. No rush, all the best either way. P.S. Reply 'stop' to drop off. Raif Bedewi Founder, CyberHeed

Strategy Warm exit per Section 12 Rule 3 ("no rush, all the best either way" — Raif's own phrasing from sequence-b-advice-call.md). Trigger map referenced explicitly (Section 11). Active reply CTA preserves the reply-first deliverability rule.

Campaign Rules

Zero links in E1-E5 · reply-keyword gates lead-magnet delivery (Variant A) or calendar (Variant B)
Full-arc A/B split · same body content across all 5 emails, CTA architecture differs only
Lead filter: target_persona: it-manager-maturing + targeting_scope: it-manager-only
No DFSA / regulator-name in cold copy (Discovery 9). APRA-equivalent framing allowed (Discovery 13).
No SmartPrep-as-session/walkthrough (Discovery 14 + Section 12 Rule 2). "The platform" generically.
Complement-don't-replace MSP positioning + MSP-respect sub-rule (Section 12 Rules 1 + 1.1)
Every CTA wrapped in helping intent (Discovery 18 + Section 16)
You/I sequence ratio ≥ 5:1 (Maturing-A 7.8:1, Maturing-B 21.5:1 in v6.7)
Zero em/en dashes in email body (writing-style-guide rule)

Version History

v6.7 23 Apr 2026 Raif feedback pass (P2.9.K). E1 identity reframed per Raif's preferred wording: tenure + role + comparable institution + empathy bridge ("20 years leading cybersecurity at the APRA equivalent with a small team. I know how it feels and what it takes."). E1 MSP intro warmer. E1 close tightened ("what CyberHeed fills"). E3 firm size 30 → 50-person + subject "12 people" → "50 people" (consistency). E3 dropped "ran the scorecard" so body works for both variants. Section 18 Direct Identity per-stage note + Section 12 Rule 1 enforcement scope updated in Echo persona.
v6.6 22 Apr 2026 MSP-respect pass (P2.9.I). E2 + E3 + E4 reframes + E2 subject line softened. Raif's "both telling the truth" framing woven into E2. MSP-respect sub-rule baked into Echo persona + playbook + SalesCommand-wide writing-style-guide.
v6.5 22 Apr 2026 P2.9.H emotion CTA infusion + Variant B advisory reposition. Variant A CTAs wrapped in helping intent ("happy to walk you through it. No signup, no rush."). Variant B repositioned from meeting-led (ADR-067) to advisory-led (Raif's 30-minute gift framing). Reply keyword changed "walkthrough" → "advice".
v6.4 22 Apr 2026 P2.9.G fundamental reframe per Raif Partner Playbook script. Dropped "AI-powered cybersecurity governance platform for enterprise GRC teams" brochure language. Repositioned around "we add INDEPENDENT VERIFICATION of what your MSP delivers, NOT a replacement." Dropped SmartPrep-as-session hallucination.
v6.3 22 Apr 2026 P2.9.F mid-course corrections. APRA-equivalent framing allowed (Discovery 13). SmartPrep description refreshed per website update (Discovery 14). Outcome-focus pass (Discovery 15). IT-Manager-only frontmatter (Discovery 16).
v6.2 22 Apr 2026 P2.9 foundation reframe + you-focus pass. E1 identity reframed to scale-and-ratio (no regulator name per Discovery 9). You/I ratio lifted sequence-wide to 5:1+ (Discovery 10). SPEAK Story + IT Manager Section 12 + 18 updated to enforce.
v6.1 18 Apr 2026 P2.3.5 copy fixes. Em dashes scrubbed. Platform-introduction bridge added to E1. Discovery 7 anti-restriction guardrail applied (bridge names both enterprise + maturing).
v6.0 17 Apr 2026 Echo-powered rebuild (ADR-069 / 070 / 071). E1 opening shifted to DIRECT-PASB Hybrid per Echo Section 18. E2 MSP testing gap added. E4 vendor questionnaire scramble opens. Cybersecurity-led vocabulary throughout (Section 12).
v5.1 15 Apr 2026 A/B axis pivoted from service-vs-product to scorecard-led (A) vs meeting-led (B). Content unchanged.
v5.0 15 Apr 2026 SmartPrep depth pass. E3/E4 upgraded with SmartPrep positioning (later deprecated in v6.4).
v4.0 14 Apr 2026 CTA psychology overhaul (ADR-060 outcome-selling). 5 distinct outcome angles across sequence. Permission gates eliminated.
v3.0 13 Apr 2026 Initial DIRECT framework sequences.