A pipeline plan for the Business Development Representative seat

Prepared for the team at Wiz

By Vincent Hembrick

vhembrick@gmail.com · LinkedIn · (334) 524 1887

About me

Ambitious Scientist

Materials science engineer with patents at J&J MedTech and Aptar. Moved into sales to get closer to the buyer.

Top BDR

Self sourced $6M in pipeline in 15 months at Certara selling into technical buyers within the life sciences industry.

Why Wiz

My experience building a business as well as my science career give me a unique edge when it comes to selling a highly technical solution.

Opening

Why I built this

To show my determination and thoughts around prospecting I built this for the BDR role at Wiz specifically. What makes this seat distinctive is feeding AE pipeline for the fastest growing startup ever. Below is how I would read the ICP, the five high-fit accounts, example messaging, and three plays I would run in my first 90 days. If you found this useful, I would value 15 minutes to walk you through it and how I would approach the ramp period to begin quickly contributing to the team.

ICP

Growth stage SaaS and AI first companies, 500 to 5,000 employees, multi cloud

Firmographics

500 to 5,000 employees, post Series C funded or recently public
Software (NAICS 511210), Internet Publishing (519130), Data Processing and Hosting (518210), AI first labs as a sub of 511210
US and EMEA primary, with a growing APJ presence
Multi cloud, typically AWS primary plus Azure or GCP secondary, with OCI common for AI compute
Cloud spend $5M to $50M annually on hyperscalers
Often a Lacework or Palo Alto Prisma Cloud incumbent stack

Buyer titles

CISO, VP Information Security, Head of Security, Chief Trust Officer
VP Cloud Security, Director Cloud Security, Head of Cloud Security
Cloud Security Architect, Principal Cloud Security Engineer
DevSecOps Lead, Director Application Security, Head of Product Security
AI Security Engineer, ML Security Lead at AI heavy companies
CTO at companies under 1,000 employees where security reports to engineering

Pains and triggers

Stitched stack of 5 to 10 point tools that does not produce a unified attack path or auditor ready output
Lacework customers in Fortinet integration limbo. Forrester explicitly flagged Lacework's CSPM, CIEM, and agentless CWP capabilities as lagging competitors, with integration risk going from a 700 person agile vendor into Fortinet's 14,000 plus person org
Series C plus funding closed, headcount and cloud workloads doubling, security cannot keep up
Investor due diligence and enterprise customer security questionnaires now demanding SOC 2 Type II plus CNAPP evidence in 2026 RFPs
AI workload spin up creating Shadow AI, MCP server sprawl, training data exposure with no AI BOM
Multi cloud blind spots. AWS native does not translate to Azure or GCP, attack paths cross cloud boundaries
Cyber insurance renewal cycle pushing the CFO toward consolidation. 30 to 45 percent TCO reduction is the math

Firmographics drawn from public Wiz reference logos and the prior TAM map I built for this role. Buyer titles are inferred from the JD's outbound mandate, not stated explicitly. The Lacework refugee and AI workload triggers are inferred high conversion patterns from the prior trigger system, not company specific.

Targets

Five accounts I would stack rank day one

Best fit selection across the ICP, no filler. Each entry has a verifiable trigger from public press, hiring posts, funding records, or competitive positioning.

Cohere (Toronto, Canada). Frontier AI lab building enterprise LLMs, roughly 800 employees, $500M Series D in July 2024 at a $5.5B valuation, led by PSP Investments with Nvidia, Cisco, AMD, Salesforce Ventures, and Fujitsu participating. Multi cloud across AWS, Oracle, GCP. Selling into BFSI and pharma where customer trust questionnaires demand AI BOM evidence Wiz uniquely produces.

Perplexity (San Francisco, CA). AI powered answer engine with a rapidly growing enterprise tier, several hundred employees, raised over $500M at a $9B valuation in late 2024 with follow on rounds in 2025 pushing valuation higher. Multi cloud across AWS and GCP. The expansion into Perplexity Enterprise and agentic search creates exactly the AI BOM and MCP server attack surface Wiz Defend and AI SPM map directly.

Mistral AI (Paris, France). Open weights AI lab, $3B plus total funding at a $13.7B valuation (September 2025 Series C led by ASML), roughly 800 employees. EU based, so DORA and EU AI Act enforcement pressure on customer trust. Selling into European banks and enterprises requires exactly the AI BOM and MCP coverage Wiz built.

GitLab (Public NASDAQ:GTLB, remote first). Roughly 2,600 employees, public DevSecOps platform, GitLab Duo AI initiative live and growing. Multi cloud, public SEC 1.05 exposure. Sells security to a security buying audience so must demonstrably walk the talk on cloud posture.

Klaviyo (Boston, MA, NYSE:KVYO). Marketing automation SaaS, roughly 2,000 employees, public since 2023, AWS heavy with growing data lake and AI personalization initiatives. Post IPO security maturity push, enterprise customer questionnaires cross 200 controls, scaling fast enough that the existing CSPM stack does not keep up.

All five are illustrative best fits. I checked each against the public Wiz customer page and recent Wiz blog and press for partnership announcements before listing. Cohere, Mistral AI, and Perplexity are flagged as inferred prospects given Wiz's public claim that "most frontier AI labs use Wiz" which I cannot verify by name. All three should be re verified against the live Wiz CRM before sequencing. I would still dedupe against the live CRM and pull in real time triggers (job postings, funding, M&A, breach proximity, partner announcements) before adding any to a sequence.

Cadence

Four touches over 12 days, in the Wiz voice

Persona: VP Cloud Security at Klaviyo (illustrative, named from above). Voice calibrated to Wiz's punchy plain spoken tone ("battle for cloud security," "fastest growing startup ever"), not generic SDR.

Day 1, Email pattern interrupt (T.I.P.S.)

Subject: Klaviyo Posture

Saw Klaviyo's recent push into AI personalization for enterprise retailers. Imagine unified posture across AWS, the data lake, and AI workloads is a 2026 priority. Most VP Cloud Security leaders at growth stage public SaaS run 6 to 8 stitched tools and still cannot answer "what is our exposure right now" in 24 hours. Salesforce moved to Wiz for one Security Graph across AWS plus Azure plus GCP. 90 percent fewer false positives. 15 minute agentless deploy. Worth a peek?

Day 3, LinkedIn connection with note

Hey [first name], dropping you a connect. Saw Klaviyo just pushed deeper into AI driven personalization. Curious how the cloud security team is thinking about AI posture and MCP exposure as more workloads spin up. Mind if I share a couple of patterns we are seeing at peer public SaaS at your scale? No pitch. P.S. [Vincent to insert one specific reference to the prospect's public writing, podcast appearance, or conference talk. The messaging playbook explicitly forbids fake personal ties so leave blank rather than fabricate]

Day 6, Cold call with voicemail (Direct to email)

Hey [first name], this is Vincent at Wiz. I noticed Klaviyo's AI personalization push and it caught my attention. Most public SaaS VPs of Cloud Security I talk to are running 6 to 8 stitched tools right now and the AI rollout is making the seams worse. I sent a few patterns we are seeing your peers use to your inbox. The subject line is Klaviyo Posture. Hope they help. No need to call back, but worth 30 seconds to read it. Speak soon.

Day 12, Break up email (Thoughtful Bump with case study)

Subject: Slack Story

Closing the loop. Wanted to share one quick thing before I move on. Slack and Salesforce both moved to the Wiz Security Graph for unified posture across AWS plus Azure plus GCP. 90 percent fewer false positives, security questionnaire turnaround cut by half. Want to see the architecture write up?

Plays

Three plays I would run in my first 90 days

PLAY 01

The Lacework refugee renewal play

Tied to: Forrester explicitly flagged Lacework's CSPM, CIEM, and agentless CWP capabilities as lagging competitors, with integration risk from going from a 700 person agile vendor into Fortinet's 14,000 plus person org. Lacework renewal windows across SaaS, AI first, and streaming verticals are the highest conversion outbound segment for Wiz right now, and the window is open through late 2026.

Mechanic: I would build a named list of 100 Lacework customers in the Commercial or Mid Enterprise band, sourced from Apollo technographics plus LinkedIn case studies plus competitive win or loss notes from the AE pod. Outreach window opens 90 days before annual renewal, anchored on a specific message: Wiz imports your detection logic in under 30 days, agentless, no integration limbo. First touch lands during the Lacework renewal evaluation window, not after. Renewal window outbound typically converts at 12 to 18 percent meeting rate versus 2 to 4 percent on cold lists.

PLAY 02

The AI workload spin up trigger play

Tied to: The JD lists "ideally with an interest in cloud security and cybersecurity solutions." Wiz publicly claims most frontier AI labs use the platform, and AI SPM is Wiz's strongest unique sell against every CNAPP competitor. Every AI feature launch in the SaaS and growth stage segment creates a fresh AI BOM and MCP server attack surface.

Mechanic: Daily monitoring for AI Security Engineer and ML Security Lead hires on LinkedIn at named SaaS accounts under 5,000 employees. Each hire is a signal that the company is building AI specific security capacity. Within 5 business days of the hire being announced, multi thread the new hire plus their manager (typically VP Cloud Security or CISO) with an AI BOM benchmark offer: most peers we talk to do not have an AI BOM, Wiz can produce one for your environment in under 24 hours, no agents. This pairs the trigger to the unique Wiz capability competitors do not match.

PLAY 03

The post breach four business day SEC clock play

Tied to: SEC Item 1.05 8-K disclosure rule has been live since December 2023, and the SEC's CETU unit launched February 2025 continues to enforce public company cybersecurity disclosure compliance under Item 1.05. Every 1.05 filing publicly time stamps a four business day window of CISO procurement urgency. The trigger system I built for this role identified SEC EDGAR full text search as the highest leverage single signal source for Wiz outbound.

Mechanic: Daily 5 minute SEC EDGAR Item 1.05 sweep against the BDR's named account list. Any TAM fit hit gets a 24 hour SLA on first outreach (CISO plus VP Cloud Security plus GRC, multi threaded). Message frame: most companies post incident accelerate CNAPP procurement by 6 months, Wiz takes 15 minutes to deploy and produces a complete attack path map in 24 hours. Five 1.05 filings per quarter against the territory list at 15 percent conversion equals roughly 3 incremental qualified meetings per quarter for free.

Closing

If any of this is in the ballpark of how the Wiz Commercial team is thinking, I would value a 15 minute conversation to compare notes on what is working, what is not, and where I would plug in fastest. If the plan above misses the mark, that is also useful feedback for me. Either way, thank you for reading.

Vincent Hembrick

vhembrick@gmail.com · LinkedIn · (334) 524 1887