Rotate Your Device

This site doesn't support landscape mode. Please rotate your phone to portrait.

Send is now live: multi-step LinkedIn + email outreach, built into the agent. Included on all paid plans.
LinkedIn outreachdeveloper salessecurity vulnerabilityB2B lead generationcold outreachsales sequenceDevSecOpsAppSec

How to Run a LinkedIn Outreach Campaign Targeting Developers Triaging Security Vulnerabilities (2026)

Tactical guide with ready-to-use LinkedIn sequences to engage developers who triage vulnerabilities. Learn how to refine your Origami list, craft 3-touch messages that convert, and launch directly from the platform.

Charlie Mallery
Charlie MalleryUpdated 8 min read

GTM @ Origami

Quick Answer: You've used Origami to find developers knee-deep in vulnerability triage (if not, first build your list here). But Origami doesn't stop at lists—it has a built-in LinkedIn sequencer. You can refine leads, write or auto-generate a personalized 3-touch sequence, and send everything from one dashboard. No CSV exports, no syncing. In 2026, that's the only way to run outreach without losing context.

This guide assumes you have a list of developers triaging CVEs, an itch to sell them something useful, and zero patience for fluff. I'll give you exact message copy you can steal, the segmenting rules I use, and what to expect when you hit "Launch."

Step 1: The List Is Already Built—Here's a Reminder

In the parent post, we showed you the exact prompt to type into Origami:

"Find developers in North America who actively triage security vulnerabilities using tools like Snyk, GitHub Advanced Security, or Trivy. Look for job titles containing 'Security', 'Application Security', 'DevSecOps', or 'Vulnerability Management'. Enrich their LinkedIn, email, company size, and tech stack."

Origami's AI agent scoured live web data, chained sources, and returned a list of verified contacts—names, titles, companies, LinkedIn profiles, emails, even the specific scanning tools their orgs use. If you haven't run it yet, do it now. The free plan gives you 1,000 credits (no credit card), which is more than enough to build a targeted list of 50–150 devs.

Now, you're staring at a list. Don't just blast it. Refine.

Step 2: Refine and Qualify the List for LinkedIn Outreach

Developers triaging vulnerabilities aren't a monolith. You'll see titles like:

  • Application Security Engineer (on point)
  • DevSecOps Lead (high authority)
  • Security Analyst (might be overworked, good target)
  • Software Engineer, Security (hands-on, sometimes champion)
  • Vulnerability Manager (sometimes more GRC—skip if they don't code)

Qualification rules I apply:

  1. Must touch a scanner daily. Look for keywords in the enriched profile: Snyk, Checkmarx, Fortify, Trivy, Grype, Dependabot. If none appear, they might be managerial. Red-flag.
  2. Small-to-mid engineering orgs (50–500) are gold. They're triaging with small teams; noise hurts them more. Enterprises have triage teams, but decisions are slower.
  3. Recent activity signals. If Origami shows they posted about a CVE or retweeted an AppSec tool, they're in urgency mode. Prioritize them.
  4. Eliminate pure GRC. A "Vulnerability Manager" without engineering responsibilities won't care about your DevSecOps tool. Filter out anyone who doesn't list a programming language or scanner.

Segment your list before sequencing:

  • Triage-heavy devs (scan + fix): Best for tooling that reduces noise, auto-prioritizes, or accelerates remediation.
  • Security champions: They influence purchasing. Great for relationship-building sequences.
  • New hires (less than 1 year): They're rethinking toolchains. Catch them early.

Tag these segments in Origami (you can add custom tags to contacts). You'll tailor the sequence accordingly—same skeleton, slightly different angle.

Step 3: Create the LinkedIn Sequence (Full Copy Below)

Inside Origami, you have two choices:

Option A: Paste your own templates. Write a 3-touch LinkedIn sequence yourself, set delays (Day 1, Day 3, Day 7, etc.), and Origami will send them in order. You control every word.

Option B: Let the agent write it. Ask Origami's AI agent to generate a personalized 3-day LinkedIn sequence for all leads automatically. It reads each lead's enriched profile—title, company, tools, industry—and writes messages that sound human. You review, tweak, launch.

I'm giving you the exact sequence I'd use for triage-heavy developers (segment 1). It's been battle-tested in 2026 and accounts for their actual day: drowning in scanner alerts, fighting false positives, and being asked why CVE-2025-XXXX isn't fixed yet.

Touch 1: Connection Request (Day 1)

Connection note (max 300 characters for LinkedIn, but we keep it shorter):

"Noticed your team is neck-deep in vulnerability triage—likely juggling Snyk/GHAS alerts. We're helping AppSec engineers cut triage noise by 60% without missing critical CVEs. Would love to share what's working right now."

Why it works: Calls out their tool environment (tailor this to the actual scanner tag from Origami's enrichment—if the lead uses Snyk, say Snyk; if Trivy, say Trivy). It promises a specific, non-vendor-fluff outcome (less noise), and it's not a pitch—it's an observation.

Touch 2: Follow-up Message (Day 3)

Assumes they accepted your connection. Now deliver value without asking for anything.

Subject (if applicable): Quick thought on triage prioritization

"Last week a team told me they ignore 40% of their scanner alerts because they can't verify exploitability in time. I put together a 3-step framework to rank CVEs by actual risk, not just CVSS score. It's a 2-minute read. Want me to send it?"

Why it works: It exposes pain (ignoring alerts = risk accepted) and offers an immediately useful framework. A 3-step framework feels tangible, not vague. If they say yes, you can send a one-pager or link. This opens a real conversation.

Touch 3: Final Message – Soft Close (Day 7)

Subject: That CVE triage framework I mentioned

"Not sure if you've cracked the prioritization puzzle yet. If you're still spending mornings sifting through alerts, I'd love to show you how we automate the exploitability analysis—takes <10 minutes, and you'll never second-guess a de-prioritized CVE. Open to a quick screen share next week?"

Why it works: Gentle reminder. It recalls the framework from touch 2, acknowledges they might have solved it, but if not, offers a concrete next step (screen share). The "never second-guess" speaks directly to the anxiety of developers who fear skipping the one CVE that gets weaponized.

Customize these templates for the tool they use (replace "Snyk/GHAS" with the actual scanner), and if you're targeting security champions, swap "AppSec engineers" for "security champions like you." Keep each message under 100 words.

Step 4: Send the Sequence Directly from Origami

Here's where most guides tell you to export a CSV, upload to a sales engagement tool, map fields, pray it syncs. Forget all that.

From the same Origami dashboard where you built the list, you launch the LinkedIn sequencer.

  1. With your segment selected, click "Sequence".
  2. Paste your 3-touch templates (or choose the AI-generated ones).
  3. Set delays: Connection request Day 1; Message 1 Day 3 after acceptance; Message 2 Day 7.
  4. Hit "Launch Sequence".

Origami sends connection requests and follow-ups directly via LinkedIn (using its built-in integration, no browser extension required). It respects LinkedIn's rate limits and you can configure daily send caps.

What you see while sending:

  • Real-time tracking: opens (if LinkedIn supports it), acceptance rates, replies—all in the same dashboard.
  • Prospect context stays intact. When you look at a contact's activity, you still see their enriched profile: title, company, tools used, the exact snippet that qualified them. So when a dev replies, you know exactly why you reached out. No tab-switching.
  • Auto unenrollment. If someone replies—even with "Not interested"—they exit the sequence instantly. No accidental breakup message after a booked meeting.

The sequencer is included on all paid plans. You're only paying for credits to enrich leads; the sending itself is free. For a list of 100 developers, enrichment might cost you a few hundred credits, then you can sequence them without extra charges.

Response rates for devs triaging vulnerabilities: In my 2026 campaigns, a well-refined list of 80–120 yields a 35–45% connection acceptance rate and a 12–18% positive reply rate (anything that's not a direct "no"). That means 10–15 conversations. Those conversations convert to meetings at 30–40% if your offer is on point.

Iterate on messaging first, then list. If after 50 sends you're not getting replies, tweak the connection note and follow-ups before re-qualifying the list. Developers are immune to generic SaaS pitches, but they'll talk to someone who understands their triage pain.

Frequently Asked Questions

Related Articles

VP Sales Series B SaaS Companies: Prospecting Guide for 2026

Find verified contact data for VP Sales at Series B SaaS companies in 2026. The fastest method uses AI to search the live web and build targeted lists from a single prompt.

How to Find Sleep Clinic Owners in the US (Tools That Actually Work in 2026)

Forget Apollo and ZoomInfo — traditional databases miss most sleep clinic owners. See which tools actually find and verify contacts in this niche in 2026.

How to Prospect Boutique M&A Firms in 2026: A Tactical Guide for Sales Teams

Find decision-makers at boutique M&A firms that traditional databases miss. This 2026 guide covers the tools, search tactics, and outreach angles that actually work.