OT Security Account Expansion: Your 3-Touch Email Campaign Playbook (2026)
Tactical guide to running email campaigns for OT security contacts you already found. Includes a full 3-touch sequence, refining tips, and launching from Origami's built-in sequencer.
Founder @ Origami
You’ve built a targeted list of OT security contacts using Origami (see our guide on how to build a list of OT Security Contacts for Account Expansion). Now, run a multi-touch email campaign directly from Origami’s built-in sequencer — no exporting CSVs, no syncing tools, no separate ESP. This tactical guide walks you through refining your list, writing a 3-touch sequence that actually books meetings with industrial cybersecurity leaders, and launching it all from a single platform.
Step 1: Refine and qualify your OT security prospect list
The list you built in Origami is a starting point, not a finished product. Open your dashboard and do the following before you write a single email.
Remove obvious mismatches — anyone who isn’t a real decision-maker or influencer for OT security investments. For account expansion, you want roles like:
- CISO with OT/ICS oversight
- Director of Industrial Cybersecurity
- OT Security Manager / Lead
- Plant IT Manager (if they own OT security for a site)
Delete pure IT networking contacts who have never touched SCADA environments. Their pain points are different and your messaging will land flat.
Segment by account expansion signal. In Origami, create segments based on recent triggers you uncovered during list-building:
- Companies that opened a new manufacturing plant or substation in the last 12 months
- Mergers & acquisitions (an integrated OT environment almost always creates visibility gaps)
- Digital transformation announcements referencing Industry 4.0, smart factory, or IT/OT convergence
- Job postings for OT security engineers (a screaming signal they’re scaling the team)
Tag these leads so your sequence speaks directly to their current reality — not a generic “OT is tough” opener.
Qualify volume. For account expansion plays, a “qualified” contact is one where you already have a reason to believe they’re either:
- Expanding physical operations (new attack surface), or
- Already using a legacy ICS vendor like Siemens, Rockwell, or Schneider, and likely wrestling with patch cycles and air-gap headaches.
If a lead meets neither condition, park them for a nurture sequence, not your primary outreach.
Step 2: Create the email sequence (steal these templates)
Origami gives you two paths to build the sequence inside the platform.
Option A — Paste your own templates: Write your 3-touch cadence, paste each message into the sequencer, set delays between touches (Day 1, Day 3, Day 7 — whatever you want), and hit Launch. You have full control.
Option B — Let the AI agent write it: Ask Origami’s agent to generate a personalized 3-day email sequence for all your leads automatically. The agent reads each contact’s title, company, industry, and any enrichment fields (like tools used, news, pain points) to write custom messages that feel 1:1. You can then review and tweak.
Below is a full 3-touch sequence built specifically for OT security contacts in account expansion. Copy these directly into Origami, or ask the agent to adapt them further per lead.
Day 1: Initial cold email
Subject: Question about ’s OT expansion
Preview: Noticed your new facility in — any new security gaps?
Hi ,
Saw is expanding operations at . Every time you bolt a new plant onto the OT network, attack surface grows — and legacy ICS protocols like Modbus or DNP3 don’t help.
We help industrial security teams map new assets and segment OT traffic within weeks, not quarters, without touching production uptime. Happy to share how an energy client did it across three new substations.
Worth 15 minutes to compare notes?
Why it works: Opens with a specific expansion signal (you plugged in and from Origami enrichment), acknowledges ICS reality, and offers a concrete example.
Day 3: Follow-up (different angle)
Subject: Re: OT expansion security — real example
Preview: How closed visibility gaps
,
Following up — I won’t drag this out. A manufacturer similar to added three production lines this year. Their OT security team used passive network monitoring to find 14 undocumented devices (including a rogue engineering laptop) in the first 48 hours. No agents, no OT downtime.
Case study attached: [Link]
Would a 15-minute call to see if the approach fits your expansion be crazy?
Why it works: The second touch uses social proof and a tangible outcome (14 devices, 48 hours) instead of re-pitching. The “crazy” line is low-pressure but invites a response.
Day 7: Breakup email
Subject: OT security — closing the loop
Preview: If timing isn’t right, no worries
,
I know OT security expansion rarely jumps to the top of the list until an audit or incident forces the issue. If now isn’t the time, I’ll stop emailing.
But if you ever want to see how passive asset discovery and micro-segmentation can protect new OT environments without network changes, keep my info.
All the best.
Why it works: No guilt, no fake urgency. Respects their timeline while reinforcing value. If they’ve been quietly reading, this often triggers a “not now but stay in touch” — which keeps the door open for account expansion later.
Customization tip: If you’ve enriched leads with their existing OT tech stack (Siemens, Rockwell, Nozomi, Claroty), weave that in. Example: “I know you’re running Rockwell PLCs across those sites…” Origami’s agent can do this automatically if you choose Option B.
Step 3: Send the sequence directly from Origami
Set your delays (I like Day 1, Day 3, Day 7 for industrial prospects — they’re not inbox-shifting hourly), map each template to the correct day, and hit Launch. No export, no Mailchimp, no CSV passthrough. Origami’s email sequencer sends the multi-step sequence from inside the same dashboard where you built the list.
What happens next:
- Tracking: Opens, clicks, and replies appear in the contact timeline, right next to the enriched profile that shows you why you reached out (title, company tech stack, recent news). No tab-switching.
- Automatic unenrollment: If a prospect replies, the sequence stops immediately for that contact. You’ll never send a breakup email after someone agrees to meet.
- Context on demand: When a lead clicks your case study, you can see their full enriched record — their industry, size, tools used — so you know exactly what to reference if they reply.
- Sequencer included, sending free: The sequencer is built into all paid Origami plans. You only pay for credits to enrich new leads (the sequence running costs you nothing extra). Free plan gives you 1,000 enrichment credits — no credit card — so you can test the workflow before you spend a dollar.
Expected response rates for OT security audience: With a well-refined list and the sequence above, expect a 8–12% reply rate (positive or “not interested” combined). Clicks on case-study links often run higher, around 15–20%, because industrial buyers love seeing what peers did. If you’re below 5% after 50 sends, iterate on subject lines and opening lines before you touch the list. If bounce rate exceeds 3%, re-check your email verification — Origami already validates emails, but company departures happen.
When to iterate list vs. messaging: If reply rates are healthy but replies are “not now” without any engagement, your list is solid but the value prop isn’t landing. Tighten the follow-up. If opens are high and replies are zero, your list might be the right titles but the wrong context (IT people pretending to be OT). Go back to Step 1 and double-check that your enrichment fields show real OT responsibilities.
One platform, end-to-end: From typing a plain-English prompt to find the list, to seeing a reply land in the same dashboard, Origami removes the friction that kills cold outreach momentum. Find leads, enrich them, sequence them, send, track — no exporting, no syncing. That’s the playbook.