A pipeline plan for the Senior SDR Mid Market seat

Prepared for the team at Huntress

By Vincent Hembrick

[email protected] · LinkedIn · (334) 524 1887

About me

Ambitious Scientist

Materials science engineer with patents at J&J MedTech and Aptar. Moved into sales to get closer to the buyer.

Top BDR

Self sourced $6M in pipeline in 15 months at Certara selling into technical buyers within the life sciences industry.

Why Huntress

My experience building a business as well as my science career give me a unique edge when it comes to selling a highly technical solution.

Opening

Why I built this

I built this for the Senior SDR role at Huntress specifically. What makes this seat distinctive is the dual motion: the SDR feeds two parallel AE conversations, prospecting both VARs and Internal IT decision makers in the 100 to 3000 employee band. Below is how I would quickly ramp, a breakdown of the ICP, five high fit accounts, a four touch point sequence, and three plays I would run in the first 90 days. Everything is framed against the Huntress GTM strategy and voice. If any of it lands, I would value 15 minutes to compare notes.

ICP

Two ICPs the role hits in parallel

The JD names both buyer types in the same paragraph. Most outbound roles have a single ICP. The dual call here is earned, not forced.

ICP A. VARs, MSPs, and IT solution providers serving mid market commercial books

Firmographics

50 to 500 employee MSPs, MSSPs, and VARs
Regional or super regional, with cybersecurity practice or one in active build out
Eastern Time concentration to match the seat coverage
Recurring services revenue mix at or trending past 60 percent

Buyer titles

Owner, President, Founder
VP Sales, VP Service Delivery
Practice Lead Cybersecurity
Director of Channel

Pains and triggers

Margin compression on hardware resale, pressure to build recurring services revenue
Customers asking for 24/7 monitoring they cannot deliver in house
Losing deals to MSPs already partnered with managed security vendors
Cyber insurance carriers pushing commercial customers to bring evidence of monitoring
Hiring for a security analyst role open more than 60 days, signal that they cannot fill the gap themselves

ICP B. Internal IT departments at mid market companies, 100 to 3000 employees

Firmographics

Heavy in regulated or breach sensitive verticals: hospitals and regional health systems, commercial and community banks, AmLaw 200 and large regional law firms, defense contractors and mid market manufacturers, regional insurance carriers
One to three person internal security function
Cyber insurance policies with renewal cycles tied to questionnaire compliance
Eastern Time geographic weighting

Buyer titles

Director of IT, IT Manager
Information Security Officer, Director of Information Security, vCISO
CISO at the higher end of the band
COO or Executive Director at law firms (where IT reports up to operations, not finance)

Pains and triggers

One or two person security team that cannot staff overnight or weekend coverage
Alert fatigue from current EDR plus identity plus SIEM, no human filtering layer
Cyber insurance renewal pressure, broker asking for evidence of monitoring not just deployment
Audit findings from FFIEC, NYDFS, HIPAA, ABA Rule 1.6, or CMMC depending on vertical
Board scrutiny following a peer breach in the same vertical
M&A integration creating new endpoint surface and identity sprawl
Open Senior Security Engineer requisition older than 60 days

ICP A firmographic sizing and buyer titles are inferred. The JD names VAR/reseller community but does not specify size or role. ICP B verticals are inferred from public Huntress case studies (heavy MSP and dental, plus the Hospitality Group case) rather than directly stated in the JD. Worth a five minute check with the AE team to confirm vertical priority.

Targets

Five accounts I would stack rank day one

Best fit selection across both ICPs, not a forced 3+2 split. Four direct (ICP B) plus one channel partner (ICP A) reflects the actual mix of work in this seat, where most outbound is direct and channel runs in parallel. Each candidate was checked against the public Huntress customer presence before listing.

Eastern Bankshares (Boston, MA). Roughly 2,100 employees post Cambridge Bancorp merger, $24B in assets, FFIEC and Massachusetts DOB exam exposure, integration risk window from a recent close. Bank consolidations create a 12 to 18 month endpoint and identity reconciliation window where a managed SOC removes a reportable risk.

Chesapeake Regional Healthcare (Chesapeake, VA). Independent regional health system, roughly 2,500 employees, single acute care hospital plus outpatient clinics. HIPAA exposure, post Change Healthcare scrutiny on third party connectivity, board risk committee likely asking for evidence of 24/7 coverage on the EHR perimeter.

Cozen O'Connor (Philadelphia, PA). AmLaw 200 firm, roughly 1,200 attorneys and staff across 30+ offices. Big 4 and big bank client questionnaire pressure, ABA Model Rule 1.6 exposure, M&A advisory practice drawing concentrated attacker interest. Law firms typically have a one or two person security function, ideal Huntress profile.

Mercury Systems (Andover, MA). Defense electronics, roughly 2,400 employees, NASDAQ listed. CMMC 2.0 Level 2 compliance window closing, SPRS score is a contract gate, prime contractor flow downs forcing endpoint and identity monitoring evidence.

GreenPages (Kittery, ME). Mid market technology solutions provider, roughly 250 employees, cybersecurity practice plus cloud and workplace. Eastern Time, regional New England commercial book, the exact VAR profile the JD names. Channel partner, not direct.

All five are illustrative best fits. I verified each one is not a current customer of the hiring company (homepage, case studies, recent press) before listing. I would still dedupe against the existing CRM and pull in real time triggers (job postings, funding, M&A, breach proximity, partner announcements) before adding any to a sequence.

Cadence

A four touch sequence to a Director of Information Security at an AmLaw firm

Persona: Director of Information Security at a mid market AmLaw firm, 500 to 1500 employees, Eastern Time. Example target: Cozen O'Connor (illustrative only, would swap for whichever AmLaw firm the AE assigns). Cadence: 4 touches over 12 days, mixing email, LinkedIn, and phone. Voice calibrated to Huntress's public copy (direct, plain spoken, peer to peer, low on jargon).

Touch 1: Day 1, email pattern interrupt

T.I.P.S. structure, ~125 words, 5th grade reading level

Subject: Law Firm Coverage

Looks like Cozen has expanded to 30+ offices, with the M&A advisory practice growing alongside it. Imagine after hours endpoint and identity coverage across that footprint is a real priority for the security team. Most AmLaw 200 firms run a one or two person security function covering business hours only, with nothing live at 2am on a Saturday when most ransomware actors strike. Three peer firms got hit this year. All had EDR deployed. None had a managed SOC watching it. Huntress layers a 24/7 human led SOC on top of the EDR you already run, with plain English incident reports your COO can hand directly to a Big 4 questionnaire reviewer instead of translating from a SIEM dashboard. Worth a peek?

Touch 2: Day 3, LinkedIn connection with note

Relevant Message variant with permission ask and personalization P.S.

Hey [first name], dropping you a connect. Curious how the Big 4 and big bank client questionnaire stack is landing this year. Saw the question count keep climbing across AmLaw 200 firms. Mind if I ask a few questions about how you're handling it? P.S. Saw the firm's recent Construction Practice Group of the Year recognition, congrats.

Touch 3: Day 6, cold call with voicemail

Direct to email structure, 30 to 40 seconds when read aloud

Hey [first name], I noticed Cozen has had a Senior Security Engineer req open for about 60 days. Most AmLaw 200 security leaders I talk to in that situation get pulled into off hours coverage themselves while the seat sits empty. I emailed you a few ideas. The subject line is "Law Firm Coverage." No need to call back, but worth 30 seconds to read it. Speak soon.

Touch 4: Day 12, break up email

Thoughtful Bump with case study, no apology, no aggressive close

Subject: Quick Bump

Two AmLaw 200 firms moved to a managed SOC over the last 12 months after a Big 4 client questionnaire flagged the after hours coverage gap. Both kept their existing EDR and stacked Huntress on top. No rip and replace, no full migration project, no displacement of the tools the analyst team already trusts. What changed for the security team: a human led SOC closed out the noise before it reached the queue, so alert volume on the analyst side dropped meaningfully. Both firms ended the year with an audit ready incident log they could hand directly to client questionnaire reviewers without translation from a SIEM dashboard. If a similar setup would help at Cozen with the next questionnaire round, mind if I share the full case study? If the timing is off, no problem at all.

Plays

Three plays I would run in my first 90 days

These are tactical, specific to Huntress, and not generic SDR advice.

PLAY 01

The VAR ammunition loop play

The JD names "team composition, territories covered, and ICP" as things the SDR learns from the VAR. That is intake. Most SDRs in dual motion roles stop there and never close the loop by feeding the partner anything actionable back. The VAR walks away from the call with no new ammunition, and the SDR has no reason to follow up.

Once a VAR like GreenPages has shared their ICP and territory, run two motions in parallel. On accounts the VAR is already working, monitor real time triggers (cyber insurance renewal windows, FFIEC exam timing, open Security Engineer reqs older than 60 days, peer breach proximity, M&A integrations) and surface them to the partner rep so they walk into the next call with a concrete reason to reach out. On accounts the VAR is not currently working, prospect net new mid market companies inside the VAR's footprint and route those over as channel friendly opportunities. The VAR keeps the customer relationship, Huntress provides the air cover, and the One Team narrative shows up in the field instead of only on the marketing site.

PLAY 02

The webinar to demo, same day play

The JD names monthly educational webinars as something the SDR must understand. That tells me they convert and are a valuable asset to pipeline. Most reps treat the post webinar list as a single MQL drop and begin outreach on the next business day. To address this, I would develop motions and sequences to work the list immediately.

Build two outbound motions on top of the registration list, segmented by ICP. Internal IT registrants who attended at least 50 percent of the session get a personalized email within four hours, referencing a specific moment from the webinar plus the Huntress case study most relevant to their vertical. VAR registrants get a different track focused on the partner program. Same input, two specialized SDR motions, faster pipeline conversion than the AE team can run on their own.

PLAY 03

The cyber insurance renewal trigger play

This ties to a market reality affecting Huntress's ICP B directly. Carriers like Travelers, Beazley, Coalition, and Chubb send the renewal questionnaire 60 to 90 days ahead of the policy date, asking for evidence of 24/7 monitoring, MFA enforcement, and incident response capability. The buyer is already on the hook to answer.

Build a quarterly cadence framed in carrier requirement language, not Huntress feature language. Subject lines reference the carrier ask ("Coalition renewal 24/7 evidence") not the product. The hook is timing: 60 to 90 days before a known policy renewal cycle, when the security director is already drafting the response. Huntress becomes the easy answer to a question they have to answer anyway.

Closing

If any of this is in the ballpark of how the Mid Market team is thinking, I would value a 15 minute conversation to compare notes on what is working, what is not, and where I would plug in fastest. If the plan above misses the mark, that is also useful feedback for me. Either way, thank you for reading.

Vincent Hembrick

[email protected] · LinkedIn · (334) 524 1887