TLDR: Cybersecurity deals fail in predictable ways that have nothing to do with product fit — a CISO departure mid-evaluation, a POC that technically concluded but never converted, a board security review where the rep walked in with the wrong narrative. These five Claude prompts are built for those failure modes specifically: two for detecting and recovering from champion loss before the evaluation resets, two for unblocking stalled deals and compressing close timelines, and one for walking into a board-level security review with verified room intelligence. All run on Lusha’s verified contact and company data inside Claude.
The cybersecurity industry has the highest executive churn of any B2B vertical. Average CISO tenure is under two years — shorter than the enterprise sales cycles they sit at the center of. A rep can start a deal with one CISO and be halfway through the evaluation when that person is gone. The security architect who championed the technical POC gets promoted and inherits a different mandate. The VP who signed the original evaluation scope takes a role at a competitor. And unlike most verticals, a CISO departure doesn’t just mean finding a new contact — it often means the evaluation clock resets entirely, because the incoming leader has their own threat model, their own preferred vendors, and explicit authority to rationalize the stack they’ve inherited.
That’s the failure mode that’s specific to cybersecurity. But there are two others. Proof-of-concept stages go technically quiet all the time — the security architect finishes the evaluation, the rep sends a follow-up, and the deal sits for weeks with no formal kill signal. And enterprise cybersecurity deals require board-level executive alignment at a level that most other verticals don’t — multi-stakeholder security reviews where a single wrong narrative can set a deal back by months.
These five prompts are built for those three problems: detecting and recovering from champion loss before the evaluation resets, unblocking stalled deals with real signal and real urgency rather than check-ins, and walking into board-level security reviews with verified room intelligence. None overlap with the pipeline acceleration plays covered in our FinTech article — these are the prompts that address the failure modes specific to security sales.
All five run on Lusha’s verified contact and company data.
Connect Lusha to Claude in two minutes →
CISO risk and champion loss (Prompts 1–2)
In most B2B verticals, losing a champion is a setback. In cybersecurity, it can be a full evaluation reset. A new CISO typically arrives with existing vendor relationships, a different threat model, and explicit mandate to rationalize what their predecessor was evaluating. These two prompts are built for that specific sequence: detecting the departure the day it happens, then rebuilding the relationship before the new leader establishes their own vendor process.
Prompt 1 — Alert the team when your CISO contact changes role
In cybersecurity, a CISO departure found out on a call is a CISO departure found out too late. By the time the rep discovers it, the incoming leader has already started forming impressions — of the existing vendor landscape, of the evaluation in progress, of the rep who hasn’t reached out. This prompt monitors every CISO, VP Security, and security function leader in the active pipeline weekly via Lusha, detects role changes and departures the day they’re confirmed, finds the replacement or interim owner in the same pass, and posts a Slack alert to the deal owner with one specific next action. No change means no post. It only fires when there’s something to act on.
<context>
I want to alert my team on Slack when a key contact changes roles or leaves a strategic account — so the right person finds out the same day instead of weeks later in a QBR.
My strategic accounts:
- Account list: [PASTE COMPANY NAMES — one per line]
- Key contacts to monitor: [PASTE NAME, TITLE, COMPANY — or "find the key contacts from Lusha"]
- Slack channel to post to: [CHANNEL NAME OR "DM the account owner"]
- Who owns each account: [REP NAME PER ACCOUNT — or "find from context"]
</context>
<task>
1. For each account, use Lusha to check the status of the key contacts:
- Is each contact still at the company in the same role?
- Has their title changed significantly — seniority shift or function change?
- Has anyone new joined the account in the last 30 days in a role relevant to the relationship?
2. For any contact that has left, changed roles significantly, or where a new relevant hire appeared:
- Flag the change with specifics: who, what changed, when (approximate)
- Find the replacement or new contact via Lusha: verified title, email, direct phone
- Assess the impact: does this change the deal or relationship dynamic?
3. Draft a Slack message for each flagged change:
- Direct, under 60 words
- Names the contact, the change, and the impact
- Tags the account owner
- Includes one recommended next action
- Format for Slack: uses *bold* for key fields, no markdown headers
4. Post the Slack message to the specified channel or DM.
5. If no changes detected: post a brief "all clear" summary to the channel.
</task>
<constraints>
- Only flag changes Lusha verifies.
- The Slack message must include a specific next action, not just the change.
- If the account owner can't be identified, tag the channel and note the gap.
- One Slack message per changed account.
</constraints>Prompt 2 — Find who owns the evaluation after your CISO champion leaves
Knowing the CISO left is the start, not the solution. The window between a CISO departure and their replacement formalizing a vendor review is typically four to eight weeks — and the rep who reaches the right person in that window with the right framing can protect an evaluation that would otherwise restart from zero. This prompt maps who’s currently in the security function via Lusha, identifies the most likely owner of the inherited evaluation (the security architect, the incoming interim, the VP of IT who absorbed the remit), validates their contact details, and drafts the re-entry email from the actual Gmail thread — not a cold introduction. In cybersecurity specifically, that last detail matters: a new security leader who feels sold to before they’ve established their own threat model will reset the evaluation regardless of how strong the original one looked. The draft accounts for that — it leads with context, not pitch.
<context>
My champion at an account has left or gone dark. I need to find who owns this account now, confirm their contact details, and draft a re-entry email that picks up from where the last conversation left off — not a cold outreach.
My account:
- Company: [COMPANY NAME]
- Person who left (or went dark): [NAME, TITLE]
- What we sell them / what they use: [PRODUCT OR CONTRACT]
- Contract value and renewal date (if known): [DOLLAR AMOUNT / DATE]
- How I found out: [EMAIL BOUNCED / LINKEDIN UPDATE / WENT SILENT / OTHER]
- Last meaningful interaction: [DATE OR "CHECK GMAIL"]
</context>
<task>
1. Use Lusha to map who's currently at this account in the relevant department and seniority band:
- Pull current employees at [COMPANY NAME] in [DEPARTMENT]
- For each person returned, confirm: current title, how long they've been in the role, seniority level
- Flag anyone who joined or was promoted in the last 90 days — they're the likeliest heir to a recently vacated relationship
- Flag anyone whose title includes "Head of", "VP", "Director" or "Manager" in the same function as the person who left
2. Identify the most likely new owner of this relationship:
- If the person who left was mid-level (Manager, Senior Manager), the relationship likely moved to their direct manager or a peer
- If the person who left was senior (Director, VP), the relationship likely moved to their replacement hire, a peer, or up a layer
- If no obvious heir, identify the safest entry point — most senior person in the relevant function who likely owns vendor relationships
- Return: one primary contact to reach, one backup
3. Validate the primary contact with Lusha:
- Confirm their current title and tenure at the company
- Pull their verified work email and direct phone if available
- Note if they're connected to the person who left on LinkedIn (signals overlap or handoff)
4. Pull the last email thread with this account from Gmail:
- Summarize what was last discussed — topic, any open commitments on either side
- Pull the last date of meaningful exchange (not just a calendar confirmation)
- Identify anything the person who left promised to do that may now be unresolved
- Flag any contract details, pricing, or feature requests mentioned in the thread
5. Draft a re-entry email to the primary contact:
- Reference the relationship without making the new contact feel like a replacement metric
- Acknowledge the transition — don't pretend you don't know [NAME] left
- Carry forward one specific thing from the Gmail thread that shows you know the account
- Keep it under 120 words — this is a warm-up, not a pitch
- No "just checking in", no "I wanted to reach out", no "hope this finds you well"
- Close with a specific, low-friction ask: a 15-minute call, a confirmation, a direct question
6. Return:
- The org map — who's currently at the account in the relevant function, with titles and tenure
- Primary contact + backup, with validated details
- Summary of what the Gmail thread shows
- The draft re-entry email, ready to personalise
- One risk flag: anything about the account structure or signals that suggests this isn't just a contact change — it's a broader account risk
</task>
<constraints>
- Don't invent contacts or roles. Only return what Lusha verifies. If the org map is thin, say so.
- Don't soften role changes. "Recently promoted" and "just joined" are different — state which.
- The re-entry email must carry something specific from the Gmail thread. A generic email is not acceptable output.
- If the Gmail thread is empty or very old (90+ days), flag this — the re-entry strategy changes.
</constraints>Stalled POCs and deal momentum (Prompts 3–4)
Cybersecurity POCs stall more predictably than in almost any other vertical. The security architect finishes the technical evaluation, the rep sends a follow-up, and the deal sits for weeks with no formal kill signal — just silence. A board mandate shifts. An incident response engagement consumes the team’s bandwidth. A procurement gate forms around a new C-suite hire. These two prompts address the stall from opposite directions: one finds the external signal that legitimately reopens the conversation, the other finds the internal timing pressure that makes closing now make sense on the buyer’s terms.
Prompt 3 — Revive a stalled proof of concept
For cybersecurity AEs running a POC that went technically quiet. The security architect finished the evaluation, said they’d come back with next steps, and that was six weeks ago. “Checking in” emails read as desperation and don’t get replies. This prompt scans the prospect account for signal triggers fired since the last touch via Lusha — a new CISO hire creating a fresh evaluation mandate, a funding round that opens a new security budget window, a breach in the sector that just made the board conversation real — and maps each signal to a specific re-engagement hook. In cybersecurity, the sector-breach signal is the one most often underused: a prospect whose industry peer just had a ransomware event is a prospect whose board just had a security conversation. That’s a reason to call back, not check in.
<context>
I have a stuck deal — opportunity went quiet after the last meaningful touch. I want to re-engage but "checking in" emails read as desperation. I need a fresh signal-based hook to legitimately re-open the conversation.
My stuck deal:
- Prospect company / domain: [COMPANY]
- Primary contact at the prospect: [NAME, TITLE]
- Last meaningful touch date: [DATE]
- Stage where deal stalled: [Discovery / Proposal / Negotiation / Other]
- What I was selling: [PRODUCT / SOLUTION]
- Original next step that didn't happen: [WHAT WAS SUPPOSED TO HAPPEN NEXT]
</context>
<task>
1. Use Lusha's signals layer to scan the prospect company for events fired since the last meaningful touch:
- Leadership events (executive hires, promotions, departures in the buying group or above)
- Strategic moves (M&A, funding rounds, strategic investments)
- Product activity (launches, integrations, category expansion)
- Hiring surges (in the function I sell into, or adjacent functions)
- Market signals (web traffic shifts, partnerships, recognition events)
2. For each fired signal, map a specific re-engagement angle:
- What changed because of the signal
- Why it matters to my deal's product or solution
- The one-line email opener tied to the signal
3. Rank the signals by re-engagement value:
- STRONG — leadership change in buying group, fresh funding, or major acquisition (the conversation has structurally changed)
- MEDIUM — product launch in adjacent area, hiring surge in target function (relevant context, indirect connection)
- WEAK — minor news, isolated departures outside buying group (color, not catalyst)
4. Surface the recommended primary hook plus 1-2 backup angles. The primary hook is the strongest single signal mapped to the cleanest re-engagement reason.
5. If the original primary contact has departed or been promoted, flag this — the right move may not be re-engaging the original person but rather re-introducing the value to the new owner.
</task>
<constraints>
- The signal must have fired AFTER the last meaningful touch date. Events that happened before the stall aren't fresh triggers — the prospect already knew about them.
- The hook references the signal, not the silence. Never write "I noticed we haven't spoken in a while" as the opener.
- Do not invent signals or fabricate hooks. Surface only what Lusha returns.
- If no signal has fired in the window, surface that honestly. A genuinely quiet account may need a different revival approach (executive sponsor escalation, breakup email, or a wait-and-watch period).
</constraints>Prompt 4 — Surface a compliance deadline before the competition does
In cybersecurity, legitimate deal urgency almost always comes from the buyer’s side — not the seller’s quarter end. A CMMC 2.0 compliance deadline. A NIS2 implementation window. An SEC cyber disclosure rule kicking in for a public company. A new CISO’s first-90-days mandate window that will close before a vendor review formalizes. These are the signals that create a real buyer-side reason to decide faster — and they’re the only urgency the rep can reference without losing credibility. This prompt scans the prospect account for those time-bound events via Lusha, calculates whether each window is OPEN, CLOSING, or OPEN SOON, and returns the honest framing to use in the next conversation and the right contact to deliver it to. The output is the angle, not the email. Stacking multiple urgency signals into one message is the thing that makes legitimate urgency read as manufactured pressure — the prompt surfaces the strongest single trigger and holds the rest in reserve.
<context>
I have an open deal where I want to legitimately compress the time to close. I don't want to manufacture urgency on the seller side ("end-of-quarter pricing") — I want to find real buyer-side reasons the decision should happen on a faster clock.
My open deal:
- Prospect company / domain: [COMPANY]
- Current deal stage: [Discovery / Proposal / Negotiation / Closing]
- Current target close date: [DATE]
- Faster close target I'd like to hit: [DATE — typically 30-60 days earlier]
- What I'm selling: [PRODUCT / SOLUTION]
- Primary contact and role: [NAME, TITLE]
</context>
<task>
1. Use Lusha's signals layer to scan the prospect company for time-bound events — both fired and upcoming — that create natural urgency for the buyer:
- New leadership mandate windows (CRO, CFO, CMO, CTO inside first 60-90 days of tenure)
- Procurement gates forming around new C-suite roles (new CSTO creates security review timing)
- Fiscal year crossings (when does the prospect's fiscal year start? Budget authority shifts then)
- Post-funding allocation windows (60-90 days after a round closes, budget gets committed)
- M&A windows as the acquirer (vendor rationalization typically 12 months post-close)
- IPO post-listing windows (6-12 months of investor-mandated growth spend)
2. For each time-bound event, calculate:
- Window status: OPEN (currently active), CLOSING (narrows in 30-60 days), OPEN SOON (starts in 30-60 days)
- The compression angle: how this event creates a buyer-side reason to close faster
- The honest framing: the one or two sentences the AE can use in the next conversation
3. Rank the urgency triggers by compression strength:
- STRONG — closing window inside 30 days that materially changes the buyer's authority or budget posture
- MEDIUM — window closing in 30-60 days, or active window that creates clear preference for decision now
- WEAK — context that supports urgency but doesn't create it on its own
4. Surface the recommended compression angle plus the right contact to deliver it to. The angle goes to the contact with budget authority for the time-bound decision — usually not the original champion.
5. If no time-bound events have fired or are pending, surface that honestly. Some deals legitimately don't have buyer-side urgency — manufacturing it on the seller side is the wrong move. A breakup email or value-reinforcement sequence may be the better path.
</task>
<constraints>
- The urgency must be real and buyer-side. Generic seller-side urgency ("we'd like to close this quarter") is not a compression angle.
- The framing must be honest. The AE references the buyer-side event as a reason the decision matters now, not as pressure. "Given Jonathan's first 90 days are scoping the next phase, locking the contract before his vendor review starts gives the team continuity" is honest. "End of quarter pricing won't be available next month" is manufactured.
- Do not invent events or windows. Surface only what Lusha returns. Some accounts will return zero compression triggers — surface that result truthfully.
- The output is the angle, not the email. The AE writes the message; the prompt's job is to find the legitimate reason.
</constraints>Executive engagement (Prompt 5)
Enterprise cybersecurity deals require board-level executive alignment at a level that most other verticals don’t. Multi-stakeholder security reviews where the CISO, CTO, CFO, and General Counsel are all in one room. Executive business reviews where a single wrong narrative can set a deal back by months. Walking into those meetings with stale attendee data, a generic value story, or a missed read on who the skeptic is — those are the errors that lose cybersecurity deals at the final stage.
Prompt 5 — Prep for the board-level security review
The briefing prompt for cybersecurity AEs and SEs walking into a multi-stakeholder security review. In these meetings the attendee list can span the CISO, CTO, CFO, General Counsel, and a board audit committee member — each with a different lens on the vendor decision, and each capable of stalling it on their own. This prompt validates every attendee via Lusha before the meeting, scans the account for changes since the last interaction, identifies the decision-maker, the likely skeptic (often the CFO or General Counsel), and the champion (usually the CISO or security architect), and returns a one-screen brief: recommended narrative, top questions to ask, and one thing not to say. That last output is the most valuable in cybersecurity specifically — leading with compliance checkbox framing to a CISO who thinks in threat models will lose the room before the pitch starts.
<context>
I have a QBR or executive review coming up with a prospect or customer. I want to walk in knowing exactly who's in the room, what's changed at their company since we last met, and what the likely agenda and objections will be — so I can prep the right narrative and the right people on my side.
My meeting:
- Company: [COMPANY NAME]
- Meeting type: [QBR / Executive Review / Business Review / Renewal Review]
- My goal for this meeting: [CLOSE / EXPAND / RENEW / BUILD EXEC RELATIONSHIP]
- Meeting date: [DATE OR "CHECK CALENDAR"]
- Who I expect to attend from their side: [NAMES AND TITLES OR "PULL FROM CALENDAR INVITE"]
</context>
<task>
1. Find the meeting on Google Calendar. Pull the external attendees from the invite.
2. Validate each attendee with Lusha:
- Confirm current title and that they're still at the company
- Flag anyone whose role has changed since the last QBR or business review
- Flag anyone new to the meeting who wasn't at the last one — new stakeholder means new agenda item
- For each attendee, note their seniority level and likely lens (financial, technical, operational, strategic)
3. Scan the account for changes since the last meeting using Lusha's signals layer:
- Executive moves in Finance, IT, or the business unit owning this relationship
- Headcount changes in the team using the product — growth signals expansion, contraction signals risk
- M&A activity
- Funding events — new round may mean new budget or new scrutiny on spend
- Any public news or signals that affect how they'll view this meeting
4. Based on the attendee list and signals, identify:
- The decision-maker in the room — who has final say on whatever the goal is
- The likely skeptic — who in the room is most likely to push back and on what
- The likely champion — who will advocate internally after the meeting ends
- Any dynamic between attendees worth knowing (new exec vs. tenured team, finance vs. ops tension)
5. Build a pre-meeting brief:
- One-paragraph account summary: where things stand, what's changed, what matters going into this meeting
- Recommended narrative: the one storyline that connects our value to what's happening at their company right now
- Top two or three questions to ask in the room — not softballs, questions that surface real intent
- One thing not to say: the topic or framing most likely to backfire given what's changed at the account
</task>
<constraints>
- Base everything on what Lusha and Calendar actually return. Don't invent attendees or signals.
- If an attendee can't be validated, flag them — don't assume their title is current.
- The recommended narrative must connect to a specific signal at the account. Generic value props are not acceptable output.
- Keep the brief to one screen. I'm reading this before I walk in, not writing a report.
</constraints>The pattern across all prompts
The five prompts above cover three different pipeline problems — champion loss, stalled deals, and executive engagement — but share one structural pattern: the failure they’re addressing is caused by information that exists outside the CRM and never gets there in time.
The CISO departure doesn’t get logged until the rep finds out on a call. The compliance deadline doesn’t get tracked because no one on the team monitors the prospect’s regulatory calendar. The new face in the board review doesn’t get noticed until they ask the question that derails the meeting. These are not execution failures — they’re information failures. Lusha in Claude closes them in the same pass where the rep is doing the work.
In cybersecurity pipeline specifically, the difference shows up in four places:
- CISO departures get caught the day they happen, not in a QBR. The window to protect an in-flight evaluation after a CISO leaves is four to eight weeks. Finding out at the next call means finding out after that window has closed. Prompts 1 and 2 run on the front half of that window, not the back.
- Stalled POCs get unblocked by real signals, not check-ins. A security architect who finished an evaluation and went quiet doesn’t respond to “just wanted to follow up.” A new CISO hire at the prospect, a sector breach that just made the board conversation real, a fresh funding round that opened a security budget window — those are the reasons to call back. Prompt 3 finds them.
- Urgency comes from the buyer’s side. A CMMC deadline is a buyer-side reality. A new CISO’s first-90-days mandate window is a buyer-side reality. End-of-quarter pricing is not. Prompt 4 finds the events on the buyer’s calendar that create a legitimate reason to close faster — and names the honest framing, not the pressure.
- Board-level reviews get built from verified room intelligence. The CFO who just joined the security committee wasn’t at the last meeting. The General Counsel who is now the likely skeptic changed roles three months ago. A pre-meeting brief built from memory misses both. Prompt 5 builds it from what Lusha actually returns.
Where these prompts live
Each prompt above has a full play page with a live demo output — worth reviewing before running one for the first time.
- Alert the team when your CISO contact changes role →
- Find who owns the evaluation after your champion leaves →
- Revive a stalled proof of concept →
- Surface a compliance deadline before the competition does →
- Prep for the board-level security review →
All five are part of the Lusha Pipeline Acceleration Gallery — a library of Claude prompts built for every role in a revenue team.
