How Nez & Pez Built a Signal-Based Pipeline Engine for RSA & Black Hat Buyers
See how Nez & Pez used signal-based GTM systems to engage cybersecurity buyers before RSA and Black Hat competitors did.
FAQ
What is a signal-based GTM strategy?
A signal-based GTM strategy uses real-time buyer intent indicators such as funding rounds, hiring activity, conference participation, and leadership changes to identify companies entering a buying cycle early.
How did Nez & Pez increase pipeline before RSA and Black Hat?
Nez & Pez used a signal-based outbound engine developed by getGTM.ai to monitor cybersecurity companies for exhibitor intent, funding rounds, leadership changes, and social intent signals.
Why are buyer intent signals important in B2B outbound?
Buyer intent signals improve outbound timing and relevance by engaging prospects when internal momentum already exists.
TL;DR: Nez & Pez partnered with getGTM.ai to build a signal-based GTM engine targeting cybersecurity companies preparing for RSA Conference and Black Hat.
5.2× increase in pre-event pipeline
3,800+ cybersecurity ICPs tracked continuously
71% outreach-to-meeting conversion on hot signals
140+ actionable social intent alerts monthly
6 new retainer clients from Series B–C cybersecurity vendors
Most Creative Agencies Enter the Conversation Too Late
By the time a cybersecurity company starts looking for booth design, conference creative, or brand refresh support, the shortlist already exists.
Budgets are partially committed. Procurement discussions are active. And the conversation shifts away from strategic value toward pricing comparisons.
That was the challenge Nez & Pez faced.
The agency already had deep cybersecurity expertise, strong creative capabilities, and clear positioning inside the security ecosystem. But pipeline growth still depended heavily on referrals, networking, and inbound demand around RSA Conference and Black Hat.
The issue was not capability.
It was timing.
The Hidden Problem With Event-Driven Markets
Cybersecurity conferences create compressed buying windows.
Most vendors begin preparing for RSA Conference and Black Hat months before the market sees any visible activity.
Behind the scenes, companies are already planning booth design, messaging updates, product launches, website refreshes, category positioning, and event campaigns.
But most agencies only react once exhibitor lists become public or inbound demand appears openly.
Instead of Prospecting Accounts, They Started Tracking Signals
getGTM.ai designed a signal-based GTM system built specifically around the cybersecurity event calendar.
The objective was simple:
Identify cybersecurity companies entering a pre-event planning cycle before competitors even knew they were in-market.
event participation signals
funding activity
leadership changes
website decay signals
lookalike ICP patterns
social intent conversations
Signal #1: Conference Participation
The first signal layer focused on early exhibitor intent.
Instead of waiting for public exhibitor lists, getGTM.ai monitored exhibitor registration databases, press release wires, event participation announcements, and cybersecurity event activity signals.
The goal was to identify companies confirming RSA or Black Hat participation 10–18 weeks before the events.
Signal #2: Funding Rounds
Cybersecurity companies raising Series A, B, or C rounds frequently revisit their market positioning immediately after funding.
New capital changes expectations:
investors expect maturity
buyers expect credibility
founders want stronger positioning
leadership teams prepare for larger market visibility
Signal #3: New CMOs and Marketing Leaders
When a new CMO or VP Marketing joins a cybersecurity company, one of the first areas they evaluate is brand quality:
messaging
website positioning
visual identity
conference presence
category differentiation
Signal #4: Brand Staleness
Many cybersecurity vendors showed outdated websites, inconsistent branding, weak visual positioning, and mature products paired with immature brand presence.
The system surfaced companies whose product maturity had outgrown their brand maturity.
The Outreach Changed Completely
Most outbound fails because it lacks timing and relevance.
Instead of sending generic agency messaging, every outreach sequence referenced the exact trigger that activated the account.
The outreach only existed because the signal existed.
Then They Added a Lookalike Engine
The system prioritised companies with:
Series A–C funding
20–200 employees
RSA or Black Hat participation history
strong technical credibility
weak brand expression
crowded cybersecurity positioning categories
The Final Layer Was Social Intent Monitoring
The system tracked conversations related to:
rebranding initiatives
RSA preparation
Black Hat planning
booth challenges
agency frustrations
event creative
messaging changes
Why the System Worked
Most outbound systems optimise for scale.
This system optimised for timing.
Instead of asking “Who should we prospect?”, the better question became:
“Which companies are most likely entering a buying window right now?”
The Outcome
5.2× increase in pre-event pipeline
71% outreach-to-meeting conversion on hot signals
3,800+ cybersecurity ICPs tracked continuously
140+ actionable social intent alerts generated monthly
6 new retainer relationships signed with Series B–C cybersecurity vendors
The Bigger GTM Lesson
Most companies still treat outbound as a volume problem.
But modern GTM is increasingly a signal-detection problem.
The companies winning today are not necessarily sending more emails.
They are identifying intent earlier.
Because when outreach happens during moments of internal momentum — funding events, leadership changes, event preparation, expansion phases, and repositioning cycles, outbound stops feeling like outbound.
It starts feeling relevant.
And relevance is what creates pipeline.