Rotate Your Device

This site doesn't support landscape mode. Please rotate your phone to portrait.

Send is now live: multi-channel outreach, built into the agent. Included on all paid plans.
email outreachsaas founderssecurity solutionscold emailb2b sales

The 2026 SaaS Security Sales Email Playbook: A 3-Touch Sequence You Can Steal

A no-nonsense guide to turning your Origami prospect list into meetings with new SaaS founders. Includes a full 3-touch email sequence—subject lines, copy, and cadence—ready to use.

Charlie Mallery
Charlie MalleryUpdated 10 min read

GTM @ Origami

Quick Answer: Use Origami to find and qualify SaaS founders who need security help, then copy/paste the 3-touch email sequence below directly into Origami's built-in email sequencer. No exporting CSVs, no syncing tools—the same platform that built your list sends the emails and tracks replies, all from one place. The sequencer is free on all paid plans, you only pay for the credits used to enrich your leads. Let's walk through exactly how to run a campaign that gets meetings.

You already know how to build a list of new SaaS founders who are prime prospects for security solutions—if not, grab this guide on building a list of How to Sell Security Solutions to New SaaS Founders first. Now we're going to turn that list into a conversation.

I've run this exact playbook for a cybersecurity startup targeting early-stage B2B SaaS companies. The founders are heads-down on product, often ignoring security until a customer asks about SOC 2, a prospect's security questionnaire derails a deal, or they read about a breach in their niche. The email sequence below hits those pain points without scare tactics. It's a consultative, 3-touch flow that I've tested and refined. You can lift it wholesale, and I'll show you how to send it inside Origami.

Step 1: Build the list in Origami (recap)

You don't need more than a sentence to get a targeted prospect list. Open Origami and type something like:

"Find SaaS founders at US-based companies with 5–50 employees, funded or bootstrapped, that handle customer data. Exclude big enterprises and security companies themselves."

Origami's AI agent searches the live web, chains data sources, enriches contacts, and qualifies leads. Within minutes you get a list with verified names, email addresses, phone numbers, job titles, company details, and tech stack indicators. You can start on the free plan (1,000 credits, no credit card) to test this, then upgrade for ongoing campaigns.

If you need the full walkthrough on sourcing and building this list, refer back to the parent post. For now, assume you have that list in your Origami dashboard.

Step 2: Refine and qualify the list

Dumping 300 contacts into an email sequencer and hitting send is a great way to get marked as spam. You need to qualify and segment. In Origami, you can filter directly on the list or select contacts individually.

Here's what I do for this audience:

  • Remove obvious bad fits: agencies, consultancies, dev shops that don't build their own SaaS, and security vendors themselves. A dashboard company with no sensitive data isn't a security prospect.
  • Segment by stage: I separate Seed/Angel from Series A/B. Seed founders worry about speed and burn rate; Series A founders are suddenly fielding enterprise RFPs and hiring a CISO part-time. Messaging should acknowledge those differences.
  • Look for triggers: Origami surfaces tech stack signals (e.g., AWS Cognito vs. Auth0, no WAF detected, no DLP tool). I flag companies using compliance-gated tools like Datadog or Vanta competitors—that suggests they're already feeling pressure.
  • Title matters: The ideal target is CEO/CTO/CPO at a 5–50 person company. A VP of Engineering isn't the decision-maker for security spend early on; you want the person who wakes up at 3 a.m. worrying about a breach.
  • Qualified means: They have real customer data, they're growing (or about to), and they don't already have a security lead listed. If Origami enriches a profile and I see a “Head of Security” title, I skip them—they've already bought the pain.

Once I've filtered, I end up with 80–120 solid contacts per batch. That's my working list.

Step 3: Create the email sequence

Now for the engine: the actual messages. In Origami, you can do this two ways:

  1. Paste your own templates: Write your sequence, plug it into the sequencer, set delays between touches (Day 1, Day 3, Day 7—or whatever cadence works), and launch. You keep full control.
  2. Let the AI agent write it: If you prefer, ask Origami's AI agent to generate a personalized 3-day email sequence for all your leads automatically. The agent writes messages based on each lead's profile data (title, company, industry) so every message feels custom. This is useful when you're testing multiple angles or scaling fast.

Below I'm giving you the exact templates I've used successfully. They're written for a security solution that helps early-stage SaaS companies get compliant (SOC 2, ISO 27001) and build a security posture without a dedicated team. Tweak them to match your specific service.

3-Touch Sequence: Copy & Customize

Touch 1 (Day 1) — The Enlightening Opener

Subject: security blind spot?

Preview: Not trying to scare you, but...

Body: Hey ,

Saw that is growing fast. When my team triages early-stage SaaS security, the pattern is always the same: founders realize a prospect's security questionnaire is 10 pages, not 10 questions.

We built so teams like yours can get SOC 2–ready without hiring a security lead. It handles evidence collection, vendor reviews, and policy templates—all automated.

Mind if I share a 2-minute video of how a similar-stage company used it to close their first enterprise deal?

Best,

Touch 2 (Day 3) — The Proof Point

Subject: the 2 days that saved a deal

Preview: Quick story—worth 30 seconds.

Body: ,

Last month a Series A fintech founder was about to lose a $200K deal because they couldn't produce a penetration test and a vendor security whitepaper. Our platform got them from zero evidence to a complete compliance pack in 48 hours. The deal closed.

I know isn't there yet, but the requests start earlier than anyone expects. Would it be useful to see a redacted version of that pack?

No pressure—happy to just send it over.

Touch 3 (Day 7) — The Respectful Breakup

Subject: one last thing

Preview: In case security is on your horizon.

Body: ,

I realize security might not be top of mind at right now. Totally get it.

In case it becomes relevant later, here's a free security checklist we put together: "10 Things Every SaaS Founder Should Do Before Their First SOC 2 Audit." It's self-service, no call needed.

[Link to resource]

If it's not a fit, no worries. If you ever hit a security questionnaire that stings, just reply here.

Why this sequence works:

  • It's short and skimmable. No big mission statements, no buzzwords.
  • Touch 1 names the exact moment of pain (security questionnaire) without being alarmist.
  • Touch 2 offers a concrete proof story with a time-based result—our product isn't theory.
  • Touch 3 leaves them with something useful and a clean exit. The resource positions you as a helper, not a pusher.

You can replace the video, the proof story, and the resource with your own material. Keep the tone curious and low-pressure.

Step 4: Send the sequence directly from Origami

Here's where Origami separates itself from a list-building tool. Once your templates are ready, you launch the sequence from the same dashboard where your list lives. No CSV export, no Mailshake, no hub sync.

  1. Select your refined list in Origami.
  2. Click Create Sequence → paste your Day 1/3/7 messages.
  3. Set your delay schedule—standard is Day 1 → 3 business days → 5 business days, but you can adjust.
  4. Hit Launch.

What happens next: Origami's built-in email sequencer fires off each touch with the configured delays. Your dashboard updates with opens, clicks, and reply rates in real time. While you're looking at a contact's activity, you can still see their full enriched profile (title, company, tech stack), so you remember exactly why you reached out to this person.

Automatic un-enrollment: If someone replies—even a "Not interested"—they exit the sequence immediately. You never risk sending a breakup email after a positive reply.

Sending is free on paid plans. You only pay for the credits used to enrich leads. No hidden email-sending costs. This makes it economical to test different lists or sequences without paying twice.

What response rates to expect

For cold email to SaaS founders about security, I typically see 2–5% reply rate on a clean list. Booked meetings are lower, around 0.5–1.5%, but the leads that convert are high-intent because they're actively facing a pain point. If you're below 2% replies, check:

  • Your subject lines aren't getting opened. Iterate on those first.
  • Your list contains too many companies that aren't yet feeling security pressure. Refine your signals.
  • Your email body is too generic. Personalize with a company-specific note (Origami's AI agent can do this at scale).

If you're getting high opens but low replies, the sequence copy isn't compelling enough—swap in new angles for Touch 1 or Touch 2 before rebuilding the list.

Related Articles

How to Find Hospitality Operators Expanding in DACH (2026 Prospecting Guide)

The best tools and tactics to find hospitality operators in Germany, Austria, and Switzerland that are opening new locations — from live expansion signals to verified contact data.

How to Build a Real-Time List of Companies Hiring Graphic Designers (2026)

The fastest way to find companies actively hiring graphic designers in 2026 — live job signal data, verifiable contact lists, and outreach tools that work.

Lusha vs Lead411 LinkedIn Outreach: A 3-Touch Sequence to Book More Meetings (2026)

Run a LinkedIn outreach campaign targeting buyers evaluating Lusha vs Lead411. Steal our exact 3-touch sequence, refine your list, and send from Origami's built-in sequencer.