🎯 GuardsArm Sales Command Center

📞 STANDARD COLD CALL OPENER

"Hi [NAME], this is Fel calling from GuardsArm on behalf of Chuks Awunor. I'm reaching out because we specialize in cybersecurity for [VERTICAL] organizations. With attacks up 55% this year, I wanted to see if you have 2 minutes to discuss how you're handling security monitoring?"

Tip: Pause after your name - let them process who's calling.

🤝 REFERRAL OPENER

"Hi [NAME], this is Fel from GuardsArm. [REFERRER NAME] at [REFERRER ORG] suggested I reach out - they mentioned you might be looking at your security posture. Do you have a quick minute?"

Tip: Always use referral if you have one - 4x higher connect rate.

📧 EMAIL FOLLOW-UP CALL

"Hi [NAME], Fel from GuardsArm. I sent you an email last week about cybersecurity for [ORG]. Wanted to follow up personally - did you get a chance to look at it? I can give you the 30-second version right now if that helps."

Tip: Reference specific email subject line if possible.

🔄 SECOND/THIRD ATTEMPT

"Hi [NAME], Fel from GuardsArm again. I know you're busy - I've tried a couple times. I'll keep this to 30 seconds: we help [VERTICAL] organizations with 24/7 security monitoring. If that's not a priority right now, just let me know and I'll close your file. But if it is, I'd love 5 minutes on your calendar."

Tip: The "close your file" line often triggers a response.

💥 POST-BREACH (Recent Incident)

"Hi, this is Fel from GuardsArm. I saw the recent security incident at [ORG]. First - I'm not calling to sell you anything today. I know you're probably in recovery mode. I just wanted to offer a resource: we've helped organizations in similar situations, and I have a post-incident checklist that might help. Would that be useful?"

Timing: Call 7-14 days post-breach. Too early = chaos. Too late = already contracted.

👔 CISO/CIO VACANCY

"Hi, I noticed [ORG] is searching for a [CISO/CIO]. During leadership transitions, many organizations partner with us for interim vCISO coverage - it keeps security strong while you find the right permanent hire. Who would be the right person to discuss that with?"

Ask: "How long has the position been open?" Longer = more pain = more urgency.

⚖️ SETTLEMENT/LAWSUIT ANNOUNCED

"Hi [NAME], Fel from GuardsArm. I saw [ORG]'s recent settlement announcement. I'm sure you're focused on preventing anything like that from happening again. We specialize in exactly that - helping organizations implement the controls that would have prevented the original incident. Would it help to discuss what that looks like?"

Stat: "Settlements often include mandatory security improvements - we can help you meet those requirements."

📄 SEC 8-K FILING

"Hi, this is Fel from GuardsArm. I noticed [ORG]'s SEC filing regarding a cybersecurity incident. With the new SEC disclosure rules, I imagine you're under pressure to demonstrate improved security controls. We help public companies implement and document those controls for future filings. Is that something you're working on?"

Hook: SEC now requires material incident disclosure within 4 days - board-level visibility.

🔗 SUPPLY CHAIN/VENDOR BREACH

"Hi [NAME], Fel from GuardsArm. I'm reaching out because I saw that [VENDOR NAME] was breached, and I understand [ORG] may have been affected. We're helping organizations assess their exposure from that incident and implement vendor risk controls to prevent this in the future. Would that be helpful to discuss?"

Examples: TriZetto, Change Healthcare, MOVEit, SolarWinds - mention the specific vendor.

👋 NEW LEADERSHIP (CIO/CISO/CEO Just Hired)

"Hi [NAME], congratulations on your new role at [ORG]! I'm Fel, calling from GuardsArm on behalf of Chuks Awunor. I wanted to reach out because new security leaders often do a 90-day assessment of their environment. We offer a complimentary security posture review that could help inform your roadmap. Would that be valuable as you get settled in?"

Timing: Best 30-90 days after start. They're assessing vendors and making changes.

🏥 HIPAA/42 CFR Part 2 DEADLINE (Feb 16)

"Hi [NAME], this is Fel calling from GuardsArm. Quick question - has [ORG] updated your Notice of Privacy Practices for the February 16th deadline? With HIPAA penalties now up to $2 million per violation, we've been helping healthcare orgs with emergency compliance assessments. Do you have 2 minutes to discuss?"

Stat: 42 CFR Part 2 changes affect ALL orgs handling substance use disorder records.

💳 PCI-DSS 4.0 (March 2025 Deadline)

"Hi [NAME], Fel from GuardsArm. I'm reaching out to organizations handling payment data. With PCI-DSS 4.0 enforcement starting in March, many retailers and financial services companies are scrambling to update their controls. How's [ORG]'s compliance roadmap looking?"

Changes: Stronger MFA requirements, targeted risk analysis, enhanced encryption.

🇨🇦 ALBERTA REGULATION 84/2024

"Hi [NAME], I'm Fel, calling from GuardsArm on behalf of Chuks Awunor - we're based in Alberta. I'm reaching out because Regulation 84/2024 now requires specific cybersecurity controls for government and municipal organizations. We're helping Alberta municipalities meet those requirements. Would it help to discuss what compliance looks like?"

Local angle: Mention GuardsArm is Alberta-based - local expertise matters.

📊 CYBER INSURANCE RENEWAL

"Hi [NAME], Fel from GuardsArm. Quick question - when does [ORG]'s cyber insurance renew? I ask because insurers are now requiring specific controls like EDR, MFA, and 24/7 monitoring before they'll issue or renew policies. We help organizations implement exactly those controls - often we can get premiums reduced. Is that something you'd want to discuss before renewal?"

Tip: Find renewal dates via broker relationships or annual reports.

🏥 HEALTHCARE (Hospital/Health System)

"Hi [NAME], Fel from GuardsArm. I specialize in healthcare cybersecurity. With 27 ransomware attacks hitting healthcare just in January, and the Feb 16 HIPAA deadline approaching, I wanted to check - how confident is [ORG] in your current security posture? We provide 24/7 SOC monitoring specifically designed for healthcare environments."

Stats: $10.9M avg healthcare breach cost | Healthcare is #1 targeted sector.

🏦 FINANCIAL SERVICES (Bank/Credit Union)

"Hi [NAME], Fel from GuardsArm. I work with financial institutions on cybersecurity. Given you're regulated by [NCUA/OCC/FDIC], I imagine security is always top of mind. We help credit unions and banks with continuous monitoring between exams. What does your current security coverage look like, especially after hours?"

Hook: "Examiners are now asking about 24/7 monitoring capabilities."

🎓 EDUCATION (K-12/Higher Ed)

"Hi [NAME], Fel from GuardsArm. I work with educational institutions on cybersecurity. With 56% of schools hit by ransomware last year - and student data now a prime target - I wanted to check how [SCHOOL/DISTRICT] is handling security monitoring. Do you have dedicated security staff, or is IT covering everything?"

FERPA angle: Student records have real regulatory implications now.

🏛️ GOVERNMENT/MUNICIPAL

"Hi [NAME], I'm Fel, calling from GuardsArm on behalf of Chuks Awunor. We're an Alberta-based firm helping municipalities and government organizations with cybersecurity. After what happened to [Atlanta/Baltimore/recent example], many cities are realizing they need 24/7 monitoring. What's [CITY/COUNTY]'s current approach to security?"

Procurement tip: Ask about cooperative purchasing agreements - NASPO, Sourcewell.

🏭 MANUFACTURING/OT

"Hi [NAME], Fel from GuardsArm. I work with manufacturers on cybersecurity, specifically the IT/OT boundary. With ransomware groups specifically targeting production environments now, I wanted to check - does [ORG] have visibility into what's happening on your operational network, or is it mostly air-gapped?"

Pain point: "Average manufacturing ransomware = 21 days production downtime."

⚖️ LEGAL/LAW FIRMS

"Hi [NAME], Fel from GuardsArm. I work with law firms on cybersecurity. Given the sensitivity of client data you handle - M&A details, litigation strategy - law firms are now prime targets for hackers. Are you seeing corporate clients send security questionnaires? We help firms pass those assessments."

Hook: "Big corporate clients now require security certifications from outside counsel."

🛒 RETAIL/E-COMMERCE

"Hi [NAME], Fel from GuardsArm. I work with retailers on payment security. With PCI-DSS 4.0 coming and Magecart attacks targeting e-commerce sites, I wanted to check - when was [ORG]'s last security assessment? We help retailers maintain continuous PCI compliance."

Current event: "BridgePay ransomware is affecting merchants nationwide right now."

📞 STANDARD GATEKEEPER

"Hi, this is Fel calling from GuardsArm. I'm trying to reach [NAME] regarding cybersecurity. Is [he/she] available?"

Tip: Sound confident, like you're expected. Don't over-explain.

❓ "WHAT IS THIS REGARDING?"

"I'm following up on a security matter. [NAME] will know what it's regarding." OR "It's regarding their cybersecurity posture - [he/she]'ll want to take this."

Alternative: "I sent an email last week and wanted to follow up personally."

🔀 "LET ME TRANSFER YOU TO SOMEONE ELSE"

"That would be great - who handles cybersecurity decisions there? I want to make sure I'm talking to the right person." (Get the name before transfer)

Always ask: "What's their direct line in case we get disconnected?"

📵 "[NAME] IS NOT AVAILABLE"

"No problem. When would be a good time to catch [him/her]? I'll call back then." OR "Could you put me through to [his/her] voicemail?"

Ask: "Is there a direct line I could use to reach them?"

📞 STANDARD VOICEMAIL

"Hi [NAME], this is Fel calling from GuardsArm on behalf of Chuks Awunor, 587-821-5997. I'm reaching out about cybersecurity for [ORG]. With attacks up 55% in healthcare, I wanted to share how we're helping similar organizations. I'll try you again, or feel free to call me back at 587-821-5997. Thanks."

Rule: Say phone number twice - beginning and end. Speak slowly.

🔥 URGENT/BREACH VOICEMAIL

"Hi [NAME], Fel from GuardsArm, 587-821-5997. I saw the recent security incident at [ORG] and wanted to offer assistance. We specialize in post-incident response. Please call me at 587-821-5997 - I may be able to help."

Tone: Helpful, not salesy. They're in crisis mode.

📧 EMAIL + VOICEMAIL COMBO

"Hi [NAME], Fel from GuardsArm. I just sent you an email about cybersecurity for [ORG]. Take a look when you get a chance - I think you'll find it relevant. Happy to discuss anytime at 587-821-5997."

Best practice: Leave VM immediately after sending email for highest response.

📅 BOOKING THE MEETING

"Great, let's find 30 minutes to dive deeper. I have availability [Tuesday at 2 PM or Thursday at 10 AM] - which works better for you? I'll send a calendar invite with a Zoom link."

Tip: Always offer 2 specific times - don't say "when are you free?"

📧 SENDING INFORMATION

"I'll send that over right now. What's the best email? And to make sure it doesn't get lost - can we schedule a quick 15-minute call for [day/time] to walk through it together?"

Never: Just send info without scheduling follow-up. Info gets ignored.

🤝 WARM HANDOFF

"You mentioned [OTHER PERSON] handles security decisions. Would you be able to introduce me via email, or should I reach out directly and mention we spoke?"

Best: Ask them to CC you on an intro email. Second best: Get permission to name-drop.

📞 CALENDLY CLOSE

"Perfect. I'll text you my calendar link right now - just pick whatever time works for you. What's the best number to text? Great, you'll get that in the next 30 seconds."

Booking link: outlook.office.com/book/Guardsarm@guardsarm.ca/

"We already have a security team/vendor."

→ "That's great! Many of our clients have internal teams. We typically complement existing capabilities - especially for 24/7 monitoring or specialized compliance work. What does your current coverage look like for after-hours threats?"

"We're not interested / too busy right now."

→ "I completely understand you're busy. Can I ask - if a ransomware attack hit tomorrow, how confident is your team in the response plan? I only ask because we've seen 55% more attacks this year."

"Send me information via email."

→ "Absolutely, I'll send that over. To make sure I send the most relevant information - are you more focused on compliance readiness, 24/7 monitoring, or incident response capabilities? And what's the best email?"

"We don't have budget for this."

→ "I hear that often. Here's the math though: average breach cost is $4.88M across industries, and ransomware recovery averages 8 weeks of downtime. Our services run about 1-2% of that. It's really risk management - would a quick ROI analysis help make the case internally?"

"We need to talk to [someone else] first."

→ "Of course. Would it be helpful if I sent you a one-page summary you could share with them? And who would be the right person for me to follow up with directly - is that your CISO, CIO, or someone else?"

"How are you different from other vendors?"

→ "Great question. Three things: 1) We specialize in regulated industries - we know compliance cold. 2) We're Canadian-based with US operations, so we understand cross-border requirements. 3) True 24/7 SOC with human analysts, not just automated alerts. Most importantly - we've been through breaches with our clients. We know what actually works."

"We just went through a breach - it's not a good time."

→ "I understand completely. Actually, that's exactly when we've helped organizations most - we have incident response capabilities and can provide immediate support. Would it help to have a backup resource during your recovery? Many orgs get hit again within 90 days."

"Call back in a few months."

→ "Happy to do that. Just so I understand - is there a specific initiative or budget cycle you're waiting for? I can time my follow-up to be more relevant. Also, would it help to have something in your inbox now so you can review when ready?"

"We're in the middle of a vendor evaluation."

→ "Perfect timing then! Would it make sense to include us in that evaluation? I can send over our capabilities document and some reference clients in your industry. No pressure - just want to make sure you're seeing all your options."

"Our IT team handles security internally."

→ "That's actually common. The challenge is that IT teams are stretched thin - they're doing infrastructure, helpdesk, AND security. Our clients typically use us to handle the 24/7 monitoring piece so their IT team can focus on projects. Would that kind of arrangement help?"

"We're a small organization, we're not a target."

→ "I hear that a lot, but here's the reality: 43% of cyberattacks target small and mid-size organizations specifically because they're often less protected. Hackers use automated tools - they don't check your size first. In fact, 60% of small businesses close within 6 months of a major breach."

"We use cloud services, they handle our security."

→ "Cloud providers like Azure and AWS do secure the infrastructure, but they operate on a 'shared responsibility' model - meaning YOUR data, YOUR users, YOUR configurations are still YOUR responsibility. That's actually where most breaches happen. We help fill that gap."

"We're HIPAA compliant already."

→ "That's great - compliance is the foundation. But here's the thing: 80% of breached healthcare orgs were technically 'compliant' before the attack. HIPAA is a minimum standard, not a security guarantee. We help bridge the gap between compliance and actual protection."

"Our EHR vendor (Epic/Cerner) handles security."

→ "Epic and Cerner are great at what they do, but they secure their application - not your network, endpoints, or user behavior. Most healthcare breaches actually come through email phishing, VPN vulnerabilities, or third-party vendors. That's where we come in."

"We can't afford downtime for security implementations."

→ "I completely understand - patient care can't stop. Our implementations are designed for healthcare environments - we work around clinical schedules, deploy during maintenance windows, and never interrupt critical systems. The average ransomware attack causes 8 weeks of downtime though - that's what we're preventing."

"The Feb 16 deadline? Our compliance team is handling it."

→ "Good to hear. Just a heads up - the 42 CFR Part 2 changes aren't just paperwork. They require updated Notice of Privacy Practices AND technical safeguards. Have they confirmed the security controls are in place? We've been helping orgs with emergency assessments this week."

"We're a rural/small hospital, we don't have the same risks."

→ "Actually, rural and critical access hospitals are being targeted MORE now - attackers know you have fewer resources to defend. The Change Healthcare breach showed that even vendors can take down rural hospitals. And with $2M+ penalties now, the risk isn't just operational - it's existential."

"Our parent health system handles security."

→ "That's common in health system affiliates. Two questions though: Do they provide 24/7 coverage for YOUR facility specifically? And are you confident in their visibility into your local network? We've seen breaches at affiliates that bypassed the parent's security entirely."

"We're heavily regulated - we're already secure."

→ "Regulation definitely drives better security practices. But here's what we're seeing: financial services is the #2 most targeted sector, and attackers are specifically going after smaller banks and credit unions because they have the same valuable data but fewer resources. How's your after-hours monitoring?"

"Our core banking vendor provides security."

→ "Core banking vendors like Jack Henry or Fiserv secure their systems, but you've probably seen the news - Fiserv's own breach affected dozens of credit unions. Vendor security doesn't protect YOUR employees from phishing or YOUR network from lateral movement. That gap is where most financial services breaches happen."

"We passed our NCUA/OCC exam."

→ "That's great for compliance. But exams are point-in-time snapshots - threats evolve daily. Examiners are now asking about continuous monitoring and incident response capabilities. We help financial institutions maintain that continuous security posture between exams."

"Member data is insured anyway."

→ "Cyber insurance is important, but it doesn't cover everything. Reputational damage, member churn, regulatory fines, and the actual downtime costs often exceed policy limits. Plus, insurers are now requiring proof of security controls before they'll pay claims. We help you meet those requirements."

"We're a small credit union - $100M or less."

→ "Actually, that's exactly why we should talk. Small credit unions are being hit hard - you have member SSNs, account numbers, the same valuable data as big banks, but often with a 2-3 person IT team. We provide enterprise-grade security at credit union budgets. Our smallest client is a $50M CU."

"We're a public institution - limited budget."

→ "I understand budget constraints in education. Here's the reality though: 56% of K-12 and higher ed institutions were hit by ransomware in 2025. Many used emergency funds or had to close for days. We can structure an engagement that fits your fiscal year and possibly qualifies for E-Rate or state cybersecurity grants."

"Students don't store sensitive data here."

→ "Actually, education institutions hold incredibly sensitive data: Social Security numbers, financial aid info, transcripts, even health records for student athletes. Plus FERPA has real penalties now. K-12 also has minor student data - that's a liability goldmine for attackers."

"We have a state/consortium security agreement."

→ "State consortiums provide great baseline tools, but they're typically not providing 24/7 dedicated monitoring for YOUR campus. When the University of California or Harvard got hit, they had state resources too. We complement what the state provides with dedicated coverage."

"Summer break - call us in the fall."

→ "Summer is actually the best time! Fewer users means easier implementations, and you can test everything before students return. Plus, attackers know campuses have skeleton IT crews in summer - that's when they strike. Would a quick assessment now give you peace of mind for fall?"

"Our IT department manages security fine."

→ "I'm sure they do great work - education IT teams are incredibly resourceful. But are they able to monitor for threats at 2 AM on a Saturday? That's when attacks happen. We typically augment education IT teams so they can focus on supporting students and faculty while we handle the 24/7 security watch."

"We have to go through procurement/RFP."

→ "Absolutely, we work with government procurement processes all the time. We're on several cooperative purchasing agreements that can streamline things. Would it help if I sent you our NASPO/Sourcewell contract info? That can cut months off the process."

"We're waiting for the next budget cycle."

→ "When does your fiscal year start? We can help you build the business case for budget approval. In the meantime, would a free risk assessment help justify the funding request? Having data on YOUR specific vulnerabilities makes budget conversations much easier."

"The state provides our security."

→ "State resources are helpful, but municipalities are being hit hard - Atlanta, Baltimore, New Orleans all had state access and still got breached. State security typically covers some tools and guidance, but not dedicated 24/7 monitoring for your specific city systems. We fill that gap."

"Council/commissioners won't approve security spending."

→ "I've helped present to city councils before. The key is framing it as operational continuity - 'What happens if our water treatment or 911 systems go down?' Average municipal ransomware recovery is $1.5M+ and weeks of downtime. We can help you build that presentation."

"We're a small town/county - not a target."

→ "Unfortunately, small municipalities are prime targets now. You have the same critical infrastructure - water, police, courts - but often with fewer protections. We've seen towns under 10,000 population get hit. The Jackson County, Georgia attack shut down a whole county's operations."

"We need Canadian/FedRAMP compliance." (Canada/US Fed)

→ "We're based in Canada with data residency options for Canadian government clients. We understand Regulation 84/2024 for Alberta, and we're familiar with federal requirements. For US federal - we can discuss FedRAMP-equivalent controls. What's your primary compliance requirement?"

"Our production systems are air-gapped."

→ "True air gaps are rare now - most 'air-gapped' systems still have some connection for updates, remote access, or vendor support. That's how Colonial Pipeline got hit. We specialize in OT visibility - finding those connection points and monitoring them without disrupting production."

"We can't touch production systems for security."

→ "We hear that constantly - and we agree. Our OT monitoring is passive - we don't touch PLCs or SCADA systems. We monitor network traffic to detect anomalies without any risk to production. Your systems keep running exactly as they are."

"Our equipment is too old to secure."

→ "Legacy equipment is actually where we add the most value. You can't patch a 15-year-old PLC, but you CAN monitor the network around it for suspicious activity. We help manufacturers protect equipment that can't protect itself."

"Our OEM handles security for the machines."

→ "OEMs secure their specific systems, but not your overall network or IT/OT boundary. That boundary is exactly where attackers cross from email phishing into production disruption. Have you mapped what happens if someone compromises an OEM remote access session?"

"Downtime would cost us more than a breach."

→ "That's exactly why we focus on non-disruptive monitoring. But consider this: average manufacturing ransomware causes 21 days of production downtime. If downtime costs you $100K/day, that's $2.1M - not counting ransom, recovery, and customer penalties. Prevention is always cheaper."

"We have attorney-client privilege - no one can access our data."

→ "Privilege protects data legally, but it doesn't protect it technically from hackers. Law firms are actually high-value targets because of exactly that sensitive data - M&A details, litigation strategy, client financials. The Allen & Overy breach exposed exactly this vulnerability."

"Our clients don't require security certifications."

→ "That's changing fast. Corporate clients are now sending security questionnaires to their outside counsel. Banks, healthcare, and tech clients especially are requiring proof of security controls. Being proactive here is a competitive advantage - it wins RFPs."

"We're a small firm - just a few partners."

→ "Small firms are increasingly targeted because attackers know you handle the same sensitive matters as big firms but with less security budget. Plus, malpractice insurers are now asking about cyber controls. We have packages designed specifically for boutique firms."

"Our practice management software is cloud-based and secure."

→ "Cloud software like Clio or MyCase is great, but it doesn't protect YOUR devices, YOUR email, or YOUR user accounts. Most law firm breaches happen through phishing or compromised credentials - not the software itself. We secure everything around those tools."

"We're PCI compliant - we passed our audit."

→ "PCI compliance is essential, but it's a minimum standard checked annually. Attackers don't wait for your next audit - they exploit gaps between assessments. We provide the continuous monitoring that keeps you secure AND compliant year-round."

"Our payment processor handles card security."

→ "Payment processors like Square or Stripe handle the transaction, but if an attacker compromises your POS terminals or skims cards before they reach the processor, that's on you. The BridgePay ransomware right now is affecting merchants nationwide - their processor is down. How's your backup plan?"

"Margins are too thin for security spending."

→ "I understand retail margins - they're razor thin. But a breach averages $2.7M in retail, plus you lose customer trust. Target never fully recovered their reputation. Our SMB packages start lower than you'd expect and can prevent losses that would wipe out a year's profit."

"We're mostly e-commerce now."

→ "E-commerce actually increases your attack surface - you've got web applications, customer databases, shipping integrations, and payment flows all exposed to the internet. Magecart attacks specifically target e-commerce checkout pages. Have you tested your site for web application vulnerabilities?"