Rotate Your Device

This site doesn't support landscape mode. Please rotate your phone to portrait.

How to Run an Email Campaign to CISOs in Munich Manufacturing (2026 Edition)

Step-by-step guide to cold emailing CISOs in Munich's manufacturing sector. Includes a full 3-touch sequence you can steal, list refinement tips, and how to send it all from Origami's built-in sequencer.

Charlie Mallery
Charlie MalleryUpdated 13 min read

GTM @ Origami

Quick Answer: Once you’ve built your list of CISOs in Munich manufacturing, the fastest way to convert them is with a 3-touch campaign sent straight from Origami. The platform’s built-in email sequencer handles everything—sending, tracking, and automatically un-enrolling replies—so you never leave the dashboard. Below, I’ll show you how to refine that list, write (or let the AI write) a sequence that speaks directly to industrial cybersecurity leaders, and launch it for booked meetings.


From Prospect List to Live Campaign: The Missing Piece

You’ve done the upfront work—dumped a plain-English prompt into Origami and walked away with a targeted list of CISOs inside Munich’s manufacturing ecosystem. Names, direct email addresses, phone numbers, titles, company profiles. All enriched from the live web and chained data sources. But a list sitting in your account is just potential energy.

The real value kicks in when you move from finding to communicating. And the best part? You don’t need a separate email tool or a messy CSV export to another platform. The same Origami workspace that built your list now lets you sequence, send, and track multi-touch campaigns. Whether you prefer writing your own copy or letting the AI agent generate messages from each lead’s profile, the sequencer is included on all paid plans (you only pay for the credits used to enrich the contacts).

Here’s the exact workflow I use, refined through months of targeting industrial CISOs across DACH, and specifically tuned for Munich’s vibrant manufacturing scene.


1. Refine and Qualify Your List for Email

Before a single message goes out, you need to treat your list like a precision instrument, not a spreadsheet. The quality of the contacts determines 70% of your response rate. Since you built your base list in Origami following the guide above, you’re already ahead—no scraped, generic data. But even a handpicked list can be sharpened.

What to Look For in the Dashboard

Open your list in Origami’s prospect view. You’ll see each contact’s enriched profile: full name, verified email, job title, company, company size, industry tags, LinkedIn URL, and sometimes technology stacks. Start by scanning for:

  • Title variations. For CISOs in manufacturing, you might see “Director of Information Security”, “Head of IT Security”, or “Leiter IT-Sicherheit”. All are valid if the organization places them at the top of the security hierarchy. Remove anyone who is visibly a mid-level specialist (e.g., “IT Security Analyst”)—you want decision-makers, not practitioners.
  • Company size filters. In Munich, manufacturing covers everything from 50-person hidden champions to global automotive groups. For a cold email campaign to work, target companies with >200 employees and ideally >€50M revenue. [Origami often enriches with employee count estimates; you can filter by that field.] In my tests, CISOs at smaller Mittelstand firms respond better to messages that mention practical OT security; larger enterprises want to hear about regulatory compliance (NIS2, GDPR) and board-level reporting.
  • Location nuance. Not every relevant contact will show “Munich” in the city field. Many manufacturing plants are in suburbs or surrounding towns like Unterschleißheim, Garching, or Freising. Use Origami’s region filter to include postal codes 80xxx–85xxx. Don’t waste a slot on a CISO based in Berlin just because the company HQ is in Munich.
  • Industry subsectors. Refine by tags like Automotive, Mechanical Engineering, Industrial Automation, Aerospace, Electronics Manufacturing. A CISO at a luxury car manufacturer has different daily threats than one at a chemical plant. You’ll use that segmentation later to tailor your message angle.

Prune and Segment

Remove:

  • Duplicate entries (same email appearing twice).
  • Contacts whose email bounced in a previous campaign (if you’ve tried before).
  • Anyone with a generic catch-all email (info@, contact@)—Origami prioritizes direct addresses, but always verify.

Then create two or three segments in your list. I typically split by:

  • Enterprise (1,000+ employees): Hyper-focused on NIS2, supply chain risk, and SOC integration.
  • Mittelstand (200–1,000 employees): Concerned with OT/IT convergence, limited budget, and pragmatic defenses.
  • Machinery/Automation-heavy: Companies where even a 4‑hour production halt costs millions.

Now you have a qualified, segmented list ready for outreach. You’ll use these segments to decide which variant of the email sequence to send—or let the AI agent do the segmenting for you.


2. Create the Email Sequence That Gets Replies

Origami gives you two routes to craft the sequence that will land in inboxes.

Option A: Paste Your Own Templates

If you have a tested message or prefer full control, you can write a 3-touch sequence and copy it into the sequencer field. Set the delays between touches (e.g., Day 1, Day 3, Day 7) and hit Launch. Origami will send each message from your connected mailbox, track opens and clicks, and automatically un-enroll leads who reply.

Below is the exact sequence I’ve used for Munich manufacturing CISOs. It’s short, direct, and references pain points that matter in 2026. I’ve included subject lines and preview text you can steal. Replace , , and `` with your variables—Origami has a simple merge-tag system for that.

Day 1 – Initial Icebreaker

Subject: OT security gaps in Munich’s manufacturing?
Preview text: A quick note on protecting connected production lines.

Hi ,

NIS2 enforcement is hitting German manufacturers in 2026 — and OT systems are finally in scope. I took a look at ’s security profile and noticed you’re leading infosec there. Given Munich’s dense manufacturing network, how prepared are your production floors for targeted OT attacks?

We help industrial CISOs close the gap between IT and OT without disrupting operations. Worth a 15-minute call?

Best,

Why it works: It hooks with a regulatory deadline, shows you’ve done specific homework (“looked at ’), and poses a question about a pain point every plant security head worries about.

Day 3 – Different Angle: Social Proof + Result

Subject: How a Bavarian machinery firm cut OT risk
Preview: And sped up incident response by 80%.

Hi ,

Last week I shared thoughts on NIS2 readiness. Quick example: a Munich‑based manufacturer in the machinery sector (similar to ) used our approach to map their entire plant network and drop incident response time from days to hours. They’re now meeting audit requirements without a massive budget hike.

Would it make sense to show you how that applies to in a brief walkthrough? I’ll keep it to 15 minutes.

Regards,

Why it works: It doesn’t repeat the first email; it adds a concrete, local case study (even if anonymized). “Map their entire plant network” is language a manufacturing CISO understands immediately.

Day 7 – Final Breakup

Subject: Should I close your file, ?
Preview: One last thought on OT security.

,

I haven’t heard back, so I’ll assume the timing isn’t right. I’ve attached a 2-page briefing on the top 3 OT security shortcuts for Munich’s manufacturing CISOs — no pitch, just what we’re seeing in the field. If you’d prefer a live version, reply and we’ll schedule a quick call. Otherwise, I’ll leave you with the resource.

Thanks,

Why it works: It respects the prospect’s silence, offers value without pressure, and gives a low-friction path to re-engage. Many replies come from this third touch.

To use these in Origami, paste each message into the appropriate sequence step, assign the delay, and map your merge fields. The tool will handle the rest.

Option B: Let the AI Agent Write the Sequence for You

Maybe you don’t want to tweak copy, or you have a segmented list with too many contextual differences. In that case, you can simply tell Origami’s AI agent: “Write a personalized 3-day email sequence for all leads on this list, focusing on OT security and NIS2 compliance.”

The agent reads each lead’s profile—title, company, industry, sometimes technology stack—and generates a custom email series that feels personal. A CISO at a automotive tier-1 supplier might receive a message referencing factory line data flows, while the CISO at a mechanical engineering firm gets one about securing design IP. The result is the same 3-touch structure, but each message is auto‑written and unique.

This is not a generic mail merge. It’s conditional, context-aware copy generated in seconds. You can review the drafts in the sequencer before sending, or go fully hands-off. Either way, the sequencer is built-in and included with your plan.


3. Send the Sequence Directly from Origami

No exporting CSVs. No syncing with an external tool. No copying email addresses one by one.

Once your sequence is ready (whether you pasted templates or generated them via AI), you click Launch inside your list view. The process is entirely self‑contained:

  • Delays between touches are controlled by you. Day 1, Day 3, Day 7 is standard; you can adjust to Day 1, Day 5, Day 10 if you prefer a slower cadence.
  • Sending and tracking happen in the same dashboard where you originally built your list. Each contact shows open, click, and reply metrics. That’s far more usable than jumping between windows.
  • Prospect context lives next to activity. While looking at a contact’s recent opens or clicks, you can still see their enriched profile—title, company details, LinkedIn activity, tech used—so you remember exactly why you reached out. That context makes handling replies drastically easier.
  • Automatic un‑enrollment. The moment a lead replies, they exit the sequence. You’ll never accidentally send a breakup message to someone who already booked a meeting. Origami’s sequencer detects reply threads and pauses the follow‑ups immediately.

This “one platform” approach matters more than you think. When I used to build lists in one tool, enrich in another, and sequence in a third, data skew and sync lag killed campaigns. With Origami, the flow is: find → refine → enrich → sequence → track. All from a single prompt that describes your ideal customer.

What Response Rates Should You Expect?

Based on campaigns targeting CISOs in Germany’s manufacturing sector in 2026, my observed averages (not promises) land around:

  • Open rates: 35–45% for well‑crafted subject lines and a clean sender reputation.
  • Reply rates: 7–12% across a 3‑touch sequence, often skewed toward the second and third touches. Yes, the breakup email frequently gets more replies than the first.
  • Meeting bookings: Roughly 15–20% of positive replies convert to a scheduled call within two follow‑up messages.

These numbers assume you’ve properly refined your list and used the specific pain‑point language shown above. Generic “we help improve security” blasts will get half that response.

When to Iterate on Messaging vs. Iterate on the List

If you’re not seeing opens above 30%, revisit your subject lines and preview text. A/B test one variable at a time—maybe try a fully localized German subject line versus English, or lead with a known industry event (e.g., Hannover Messe).

If opens are healthy but replies are low, your message angle might be off. Check that you’re hitting a genuine trigger for Munich CISOs right now: NIS2 preparation, supply chain audits, conference season fatigue, or even the ongoing skills shortage. Switch the value proposition and run a small 50‑lead batch before scaling.

If bounce rates are above 5%, go back to the list and re‑verify email addresses. [Origami enriches in real time, but no platform can guarantee 100% delivery to expired mailboxes.] The free plan gives you 1,000 credits with no credit card, so you can always re‑run enrichment on a segment.


Frequently Asked Questions