Rotate Your Device

This site doesn't support landscape mode. Please rotate your phone to portrait.

Send is now live: multi-channel outreach, built into the agent. Included on all paid plans.
LinkedIn outreachCISOSOC analystB2B saleslead generationOrigamicold messaging

LinkedIn Outreach for CISOs & SOC Analysts in 2026: A Step-by-Step Playbook

Run a LinkedIn campaign targeting CISOs and SOC analysts with this 2026 playbook. Get the exact 3-touch sequence, list refinement tips, and send it all inside Origami.

Finn Mallery
Finn MalleryUpdated 10 min read

Founder @ Origami

LinkedIn Outreach for CISOs & SOC Analysts in 2026: A Step-by-Step Playbook

Quick Answer: If you already built a list of CISOs and SOC analysts in Origami (which includes a built-in LinkedIn sequencer), the hard part is done. Here’s the exact 3-touch LinkedIn sequence you can paste, and how to refine, send, and track it all from a single platform. This guide is your 2026 playbook for turning that list into booked meetings.

Step 1: Build Your Target List in Origami (Recap)

If you followed the guide on how to build a list of CISOs & SOC Analysts, you can skip this section. If not, here’s a quick-start.

In Origami, you only need one prompt to build a list. For example:

Find CISOs and SOC analysts at companies with 200+ employees in North America, using SIEM or XDR tools (Splunk, CrowdStrike, Sentinel), and active on LinkedIn. Return verified work emails, phone numbers, and LinkedIn profile URLs.

Origami’s AI agent scours the live web, cross-references data sources, and enriches contacts. In minutes, you get a spreadsheet with names, titles, company info, verified emails, phone numbers, and LinkedIn URLs. Even on the free plan (1,000 credits, no credit card), you can build a solid starting list. But the real power is what comes next.

Step 2: Refine and Qualify Your List Before You Send

A CISO’s world is different from a SOC analyst’s. And a VP of Security Operations at a 5,000-person bank has different triggers than a lone SOC analyst at a 100-person startup. Segment before you sequence.

  1. Split by role: Create separate sequences for CISOs / Directors / Managers vs. SOC analysts and threat hunters. Your messaging will differ — strategic outcomes vs. daily operational pain.
  2. Screen for company size and industry: Security leaders in finance and healthcare face stricter compliance pressures (SOX, HIPAA). Filter companies by revenue or employee count. In Origami, you can view tech stack, industry, and headcount right in the contact profile.
  3. Check for recent signals: Look for contacts whose companies have open security roles, recent breach mentions, or newly deployed tools. Origami’s enrichment often includes job postings and technology install data. These are warm triggers.
  4. Remove misfires: Delete anyone who changed roles or companies (Origami’s data updates may catch this, but double-check). Exclude consultants or vendors mistakenly listed as internal SOC.

What “qualified” looks like for this audience:

  • A CISO at a mid-market firm (200–2,000 employees) that uses multiple security tools and is struggling with integration or alert fatigue — they have budget and authority.
  • A SOC Manager at a larger org who is drowning in false positives, manual triage, and analyst churn — they need efficiency tools but can’t add headcount.
  • A Senior SOC Analyst who is active on LinkedIn, shares about burn-out, and influences tool decisions — they are often the internal champion for new tech.

Quality over quantity. A tight list of 150 highly targeted contacts will outperform 1,000 generic ones every time.

Step 3: Create the LinkedIn Sequence — With Copy-Paste Templates

Origami’s built-in LinkedIn sequencer lives right where your list is, so you don’t need to export anything. From the contact view, you can launch a sequence. You have two choices:

  • Paste your own templates: Write a 3-touch sequence (connection note + two follow-up messages), set the delays between each touch, and hit launch.
  • Let the AI agent generate: Ask Origami’s AI to write a personalized 3-day LinkedIn sequence for all contacts using their profile data (title, company, tools used). Every message will feel custom, and you can still review and edit before sending.

I’ll give you the exact templates I use for security leaders and analysts. These are battle-tested in 2026. Copy, personalize the bracketed fields, and paste them into Origami.

Sequence for CISOs / Directors of Security

Touch 1 – Connection Request (with note)
Note: LinkedIn limits connection notes to 300 characters, so keep it punchy.

Hi [First Name] — Saw you’re leading security at [Company]. I’m curious how your team is managing alert volume and false positives these days, especially with the mix of [Tool A] and [Tool B]. Would love to connect and follow your work.

Touch 2 – Day 3 (after connection accepted)

[First Name], thanks for connecting. I work with CISOs who’ve cut alert investigation time by 40% by automating triage and enriching signals without replacing their existing SIEM/XDR stack. No extra headcount required. I’d be happy to share how — open to a 15-min call this week?

Touch 3 – Day 7 (soft close)

[First Name], last note from me — I know your calendar is packed. If reducing SOC toil and shaving minutes off MTTR isn’t a priority right now, no worries at all. If it is, I’d love to chat for 15 minutes. If not, I’ll stay quiet and keep following your team’s work.

Sequence for SOC Analysts / Threat Hunters

Touch 1 – Connection Request (with note)

Hi [First Name] — I see you’re hands-on in the [Company] SOC. We’re helping analysts like you automate the low-value alerts and focus on real threats instead of chasing false positives. Curious if that resonates. Let’s connect.

Touch 2 – Day 3 (after connection)

[First Name], quick note — a lot of SOC analysts tell me they spend 30% of their day on triage that a good auto-enrichment engine could handle. Our platform classifies and prioritizes alerts in real time, freeing you up to do the high-skill work. Interested in seeing a 2-min demo?

Touch 3 – Day 7 (soft close)

Hey [First Name], just circling back. If you’re tired of drowning in alerts and want to see how other analysts halved their ticket triage time, I’ll drop a quick 10-min walkthrough link. No pressure either way. Thanks for the connection.

Each message is 50–100 words, avoids salesy jargon, and speaks directly to their daily reality. I recommend a cadence of Day 1 (connect), Day 3, Day 7. If your list is highly engaged, you can compress to Day 1, Day 2, Day 4.

Step 4: Send the Sequence Directly from Origami

Here’s where the magic happens. After pasting your templates (or letting the AI agent generate them), you simply launch from Origami. No CSVs, no syncing with other tools.

  • Configure delays: Set the interval between touch 1 and touch 2 (I use 2 days), and touch 2 to touch 3 (4 days). You can A/B test variations.
  • Click launch: Origami’s sequencer sends connection requests with notes automatically from your connected LinkedIn account (via secure session). It respects LinkedIn’s daily limits and throttles naturally, so your account stays safe.
  • Track everything in one dashboard: You’ll see connection acceptance rate, note opens, link clicks, and replies — right next to the enriched contact data that shows you exactly why you reached out. For example, while looking at a reply, you can also see the prospect’s company tech stack, job openings, or recent news — giving you instant context to craft an informed follow-up.
  • Automatic un-enrollment: If a prospect replies positively (e.g., “Would love to chat”) or even negatively, they are automatically removed from the sequence. You’ll never send an awkward “just checking in” after someone already booked a meeting or said no.
  • One platform, zero friction: You built the list in Origami, enriched it, launched the sequence, and you’re tracking results — all without leaving the app. The sequencer itself is free with any paid plan; you only pay for credits when you enrich leads.

What Response Rates to Expect (and When to Tweak)

From campaigns I’ve run targeting security leaders and analysts in 2026, here’s a realistic benchmark when using a well-refined list and the above messaging:

  • Connection acceptance rate: 30–45% for CISOs, 40–55% for SOC analysts (analysts are usually more open to networking).
  • Reply rate on follow-ups: 8–15% of those who accepted will reply (often asking for a demo or a 15-min chat). So, if you start with 200 contacts, you might book 6–12 meetings — not bad for a cold outreach campaign.

If your connection rate is low (<25% for this audience), check your list quality. Are you targeting too many Fortune 100 CISOs who get bombarded daily? Tighten filters. Or your connection note might be too generic — the AI-generated version can help because it pulls in company-specific details.

If you’re getting connections but few replies, iterate on Touch 2 messaging. Instead of a broad value prop, try a micro-case study or mention a relevant event (e.g., a recent breach in their industry). A/B test in Origami by launching slightly different templates to two halves of the same list.

Remember, LinkedIn outreach to security folks works best when you demonstrate you understand their world — alert fatigue, tool sprawl, reporting to the board, analyst burnout — without pitching from word one.

Related Articles

Lead411 vs LeadIQ: Which Sales Intelligence Tool Wins in 2026?

Comparing Lead411 and LeadIQ head-to-head: data quality, pricing, ease of use, CRM integrations, and which sales team each tool actually fits. Plus, see where Origami's prompt-based lead gen fits for 2026.

12 min read

How to Find MEP Contracting Companies in Dubai Projects: The 2026 Guide for B2B Sales

Find verified contacts at MEP contracting companies in Dubai using live web search — no more stale database lists. Get emails and phone numbers in minutes.

How to Find UK Angel Investors in AI Startups: A 2026 Prospecting Guide

Learn how B2B sales teams can find, verify, and reach UK angel investors focused on AI pre-seed deals. Tools, tactics, and real-world advice for 2026.