Solanasis — Cold Calling & Outbound Master Playbook

Version: 1.2 Date: 2026-03-24 Owner: Dmitri Sunshine, Founder & CEO Purpose: The canonical reference for running cold calls as the centerpiece of an AI-native outbound engine. Everything you need to pick up the phone, open the conversation, and book the meeting. North Star: 15-25 quality calls/day, feeding the pipeline math from the Master GTM Playbook (200-300 outreach/mo → 2-4 ORBs closed). Companion docs:

Call Pricing Cheat Sheet — keep open during every call

Discovery Call Playbook — what happens after you book the meeting

Estate Attorney Cold Outreach Kit — deep attorney email sequences

Foundation Prospecting Playbook — foundation economics & targeting

Manual Cold Outreach Cheat Sheet — email safety & domain rules

AI-Native Outreach Playbook — automation scoring & Claude capabilities

Cold Call Script Cheat Sheets — Blount, Gong, Voss, Miner frameworks adapted for Solanasis

Master GTM Playbook — revenue math, 90-day plan, full funnel

CPA Firm Cold Outreach Kit — CPA vertical with WISP/FTC compliance angles

Cyber Insurance Broker Cold Outreach Kit — broker partnerships as a lead source

Philosophy & Why Cold Calling in 2026
Apollo.io Professional Setup Guide
Full Tool Stack & Monthly Budget
Prospect Targeting by Vertical
Multi-Channel Sequence Blueprints

Cold Call Scripts — Universal Elements

Cold Call Scripts — Attorneys
Cold Call Scripts — Foundations
Cold Call Scripts — SMBs
Cold Call Scripts — CPAs
Voicemail Scripts
Gatekeeper Strategies
Objection Handling Bank
Email Templates (Integrated with Calls)
LinkedIn Integration with Cold Calling
The Daily Execution Ritual
Metrics & Benchmarks
A/B Testing Framework
AI-Native Automation Map
Compliance & Legal

Quick Reference: What to Have Open During Calls
Appendix: Key Stats for Quick Reference

1) Philosophy & Why Cold Calling in 2026

The Data Says Pick Up the Phone

Cold calling didn’t die. It doubled.

Stat	Source
Cold calling effectiveness: ~4.8% (up from ~2.3% in 2022)	Leads at Scale, 10M calls analyzed
50-60% of B2B buyers still prefer phone contact	Cognism State of Cold Calling 2026
Companies that abandoned cold calling saw 42% lower growth	Close.com B2B analysis
Multi-channel outbound (email + call + LinkedIn) gets 287% higher response rates than single-channel	Launch Leads 2026
Cold calling is the #2 source of B2B deal flow after referrals	Vida AI 2026 analysis

Everyone else in your market is hiding behind email sequences and LinkedIn automation. The phone is where the real conversations happen — and where a fractional CIO with 23 years of experience has the biggest edge.

Why This Works for Solanasis Specifically

Fractional CIO/CISO is a consultative sell. You can’t automate trust. The phone builds it faster than any other channel.
Your prospects are small. At 2-15 person law firms and 1-10 person foundations, the decision-maker often answers the phone directly. No SDR team needed — that’s your target.
The AI-native advantage: AI handles the research, personalization, and follow-up. You handle the 2-3 minutes of human connection that actually books the meeting. This is the split that lets one person do what normally takes 2-3 SDRs (Sales Development Reps).

The Channel Hierarchy

Email warms them up (they see your name)
  → LinkedIn builds familiarity (they see your face and credentials)
    → Phone converts (they hear your voice and expertise)
      → Discovery call closes (they experience your diagnostic ability)

The phone isn’t the first touch for most verticals. It’s the third — after email and LinkedIn have done the warming. But it IS the touch that actually books meetings. Everything else is setup.

Exception: Foundations. Many Executive Directors answer their own phones. Call-first works here.

2) Apollo.io Professional Setup Guide

Plan: Professional — $99/month (monthly billing)

You’re on monthly billing to avoid annual lock-in while you validate the channel. Here’s what you get:

Feature	Your Allowance
Contact database	270M+ contacts, 35M+ companies
Email credits	Unlimited (Fair Use: 1M/year cap)
Mobile credits	100/month (~12 new mobile numbers revealed)
Export credits	2,000/month
AI Composer credits	300,000/month
AI Research credits	7,500/month
Mailboxes	5 per user
Sequences	Unlimited with A/B testing
Automated workflows (“Plays”)	Up to 500
Call recording	4,000 minutes with AI summaries/transcripts
Dialer	US auto-dialer with local presence
Intent data	Bombora + LeadSift buying signals
CRM sync	Bidirectional (Salesforce, HubSpot)

Setup Checklist

Play 1: “Hot Intent Auto-Enroll”

Trigger: Prospect at a target company shows “High” or “Very High” intent on cybersecurity/DR/IT services topics
Action: Auto-add to Tier 2 sequence, assign call task for next business day
Why: Intent signals mean they’re actively researching. Strike while they’re looking.

Play 2: “Job Change Alert”

Trigger: A prospect you’ve previously contacted changes jobs (new company or new title)
Action: Create a task to send a “congrats on the new role” email + add to fresh sequence at new company
Why: Job changes are the #1 trigger event. New leaders want to make their mark.

Play 3: “Engagement Upgrade”

Trigger: A Tier 3 prospect opens your email 3+ times or clicks a link
Action: Upgrade to Tier 2, assign immediate call task
Why: Repeated opens signal interest they haven’t acted on yet. A call converts this.

Apollo Filters by Vertical

Attorneys:

Job Titles: Managing Partner, Partner, Office Administrator, Director of Administration, COO
Company Size: 2-50 employees
Industry: Legal Services, Law Practice
Location: Colorado (expand to Mountain West later)
Keywords: “estate planning,” “trusts and estates,” “elder law”

Foundations:

Job Titles: Executive Director, Director of Operations, COO, President
Company Size: 1-50 employees
Industry: Nonprofit, Foundation, Philanthropy
Revenue/Assets: Use manually — Apollo’s revenue data is weak for nonprofits. Supplement with your 5,442-prospect IRS 990 list in solanasis-data/foundation/
Location: Colorado first (14 A-tier Colorado foundations identified), then national

CPA Firms:

Job Titles: Managing Partner, Partner, Firm Administrator, Director of Operations
Company Size: 3-50 employees
Industry: Accounting, Tax Preparation, Financial Services
Location: Colorado (Denver, Boulder, Colorado Springs, Fort Collins)
Keywords: “CPA,” “tax preparation,” “accounting firm”

SMBs (Healthcare/Financial/Legal):

Job Titles: Owner, CEO, CFO, COO, IT Director, Office Manager
Company Size: 20-200 employees
Industries: Healthcare, Financial Services, Legal Services, Accounting
Location: Colorado, expanding to Mountain West (UT, WY, NM, AZ)
Intent Signals: Any of the configured topics showing “high” or “very high”

Credit Strategy

Mobile credits are your bottleneck. At 100/month and ~8 credits per mobile number reveal, you get roughly 12 new mobile numbers per month. Strategy:

Reserve mobile reveals for Tier 1 prospects only — managing partners at target-size firms, EDs at $10M+ foundations
Use direct-dial office numbers for everyone else — Apollo shows these without spending mobile credits
Foundation prospects already have phone numbers — your 5,442-prospect list from IRS 990 data includes phones. Don’t waste Apollo credits on foundations.
Supplement with LinkedIn — many prospects list their phone number on their LinkedIn profile or company website

Pro Tip: Apollo data accuracy is ~80-88% for US contacts. Always verify emails before adding to sequences (Apollo has a built-in verifier — use it). Expect ~10-15% of phone numbers to be outdated.

3) Full Tool Stack & Monthly Budget

Current Stack

Tool	Cost	Purpose
Apollo.io Professional	$99/mo	Contact database, sequences, dialer, A/B testing, intent data
TrulyInbox	(current cost)	Email warmup for solanashq.com
solanashq.com	(hosting cost)	Dedicated cold outreach domain
LinkedIn Sales Navigator	~$100/mo	Already active — ICP search, profile research
Google Voice	(existing)	303-900-8969 — business phone for callbacks
Baserow	(existing)	Pipeline CRM tracking
Current total	~$199/mo + TrulyInbox

Top 3 Email Warmup Tools

You’re already using TrulyInbox. Here’s how it compares if you want to evaluate or switch:

Tool	Price	Strengths	Weaknesses
1. TrulyInbox (current)	Varies	Already active, integrated	Evaluate: are open rates improving? Check spam placement rate after 4 weeks.
2. MailReach	$25/inbox/mo	Strongest reputation in r/sales communities. Real open/reply/rescue warmup (pulls from spam folder). Detailed deliverability scoring.	Slightly pricier.
3. Warmbox	$19/inbox/mo	Budget-friendly. Good reviews. Auto-adjusts warmup intensity based on reputation signals.	Less community validation than MailReach.

Evaluation criteria for TrulyInbox: After 4 weeks of warmup, check:

Is your inbox placement rate >95%? (Test with mail-tester.com)
Are your solanashq.com emails landing in primary inbox (not Promotions/Spam)?
Are warmup emails generating real-looking reply threads?

If any of these are failing, switch to MailReach.

Growth Additions (When Revenue Allows)

Tool	Cost	When to Add	What It Does
Clay	$134/mo+	After first 2 ORBs closed	AI research agent. Scrapes 100+ data sources per prospect. Generates personalized briefings (company summary, pain points, trigger events, “I noticed” lines). This is the tool that makes your cold calls sound like you spent 30 minutes researching each prospect — because the AI did.
Trellus	Varies	If call volume exceeds 50/day	AI parallel dialer. Calls 3-5 numbers simultaneously, connects you when someone answers. Dramatically increases live conversations per hour.
Instantly	$30-97/mo	If Apollo email deliverability underperforms	Dedicated cold email platform with unlimited email accounts and better deliverability infrastructure than Apollo’s built-in sending. Use Apollo for data, Instantly for sending.

How It All Connects

Apollo (find prospects + reveal contacts)
  → Apollo Sequences (email + call tasks + LinkedIn tasks)
    → Apollo Dialer (click-to-call from sequence tasks)
      → Baserow (log outcomes: connected/VM/no answer/meeting booked)
        → Discovery Call Playbook (when meeting happens)

TrulyInbox runs in background warming solanashq.com mailboxes
LinkedIn Sales Navigator used for research and manual engagement
Claude used for prospect briefings, email drafting, CRM analysis

4) Prospect Targeting by Vertical

Attorneys — Estate Planning Firms

ICP (Ideal Customer Profile):

Firm size: 2-15 attorneys (solo practitioners rarely have budget; large firms have in-house IT)
Practice focus: Estate planning, trusts & estates, elder law, wealth transfer
Location: Colorado first (Denver metro, Boulder, Colorado Springs, Fort Collins)
Decision maker: Managing partner, or the partner who “handles the tech stuff” (often by default)
Budget indicator: Firms handling trusts/estates handle the MOST sensitive data in legal (SSNs, financial accounts, trust documents, family dynamics)

Why they buy:

ABA Rule 1.6(c) requires “reasonable efforts” to protect client data — 66% of firms have no incident response plan
Malpractice carriers now ask cybersecurity questions during renewals — firms without controls face higher premiums
They’re used to paying $300 -$ 500/hr for professional services; our effective rate of ~$250/hr is within range

Best calling times:

Thursday, 10-11 AM or 4-5 PM in their time zone
Avoid Monday/Tuesday mornings (court appearances)
Avoid midday (client meetings)
Late afternoon toward end of week = winding down but still engaged

Where to find them:

Colorado Bar Association member directory (Trust & Estate, Elder Law sections)
Denver Bar Association estate planning section
ACTEC (American College of Trust and Estate Counsel) Colorado fellows
Apollo search with filters above
Super Lawyers / Avvo / Martindale-Hubbell — estate planning, Colorado

Deep dive: See Estate Attorney Cold Outreach Kit for the full compliance angle, language translation table, and email sequence.

Foundations — Private Foundations $5 M -$ 50M

ICP:

Total assets: $5 M -$ 50M (large enough to afford $5 K -$ 12.5K; small enough to lack IT staff)
Staff: 1-10 people
Decision maker: Executive Director (can usually approve under $10K without board vote)
Budget indicator: Admin budget of $37 K -$ 312K/year — our ORB fits within existing professional services spend

Why they buy:

Wealth-management-grade data sensitivity on a church-bake-sale IT budget
Foundation Source (dominant managed services provider) does NOT offer cybersecurity or DR — that’s our lane
Perpetuity-focused foundations need partners for decades, not projects
Every foundation relationship feeds the Lasting Legacy planned giving initiative

Best calling times:

Tuesday-Thursday, 9-11 AM or 2-4 PM
EDs at small foundations often answer their own phones — call-first is viable
Avoid board meeting weeks (typically quarterly) — the ED is consumed
Budget planning happens 2-3 months before fiscal year end (most use calendar year = October-November is prime)

Where to find them:

Your existing list: 5,442 prospects with phone numbers in solanasis-data/foundation/ (IRS 990 data)
- 44 A-tier (Colorado foundations $5M+)
- 5,398 B-tier (national, $3 M -$ 50M)
ProPublica Nonprofit Explorer for additional research
Exponent Philanthropy membership (peer network for small foundations)
GuideStar/Candid profiles

Deep dive: See Foundation Prospecting Playbook for economics, tech stack analysis, and the full Lasting Legacy integration strategy.

SMBs — Sensitive-Data Verticals

ICP:

Employee count: 20-200
Industries: Healthcare (HIPAA), Financial Services (FINRA/SOX), Legal, Accounting (FTC Safeguards)
Location: Colorado, expanding to Mountain West
Decision maker: Owner, CEO, CFO, or “the person who handles IT” (often accidental)
Budget indicator: Companies this size spend $640/employee/year on cybersecurity on average

Why they buy:

Average breach cost for businesses under 500 employees: $3.31M
80% of cyber incidents hit companies under 1,000 employees
They don’t need (or can’t afford) a full-time CIO — but they need CIO-level thinking
Compliance deadlines create urgency: CMMC 2.0 Phase 2 starts November 10, 2026 (third-party assessments required for DoD contractors), HIPAA Security Rule NPRM (proposed rule published January 2025; final rule expected late 2025/early 2026)

Best calling times:

Tuesday-Wednesday, 8-10 AM or 3-5 PM
Owners/CEOs are more reachable early morning (before meetings start) or late afternoon
Avoid Mondays (planning/catch-up) and Fridays (wrapping up)

Trigger events to watch for (these create urgency):

IT contract/MSP contract renewal: 60-90 days before renewal is when they’re evaluating if they need more. Apollo intent signals can flag this.
Cyber insurance renewal: Premium increases or new questionnaire requirements create immediate motivation.
Compliance deadline: CMMC 2.0 Phase 2 (November 10, 2026) for any DoD-adjacent SMB. HIPAA Security Rule changes for healthcare.
Recent breach in their industry: Local or industry news about a competitor getting hit.
New hire in IT/security role: They’re investing in the area and may need strategic guidance.
Office move or expansion: Systems get stretched, gaps appear.

Where to find them:

Apollo search with filters above
LinkedIn Sales Navigator with industry + size filters
Local Chamber of Commerce directories (Boulder, Denver)
Industry-specific associations (Colorado Medical Society, Colorado Bankers Association)
Cyber insurance brokers as referral source: Brokers are hearing about security gaps from clients daily. See Cyber Insurance Broker Kit for partnership strategy.

Deep dive: See ICP Research for the full 5-segment priority analysis.

5) Multi-Channel Sequence Blueprints

How to Assign Prospects to Tiers

Signal	Tier 1 (High-Value)	Tier 2 (Medium)	Tier 3 (Volume)
Attorneys	Managing partner, 5+ attorney firm, Colorado	Partner at 2-4 attorney firm	Associates, paralegals, office managers
Foundations	ED at $10M+ foundation, Colorado	ED at $5 M -$ 10M foundation	B-tier national foundations
CPAs	Managing partner, 10+ CPA firm, Colorado, post-tax-season	Partner at 3-9 CPA firm	Staff accountants, bookkeepers
SMBs	CEO/owner, 50+ employees, sensitive-data industry	CFO/IT Director, 20-50 employees	Office managers, general inquiries
Intent signals	High/Very High on cybersecurity or DR topics	Medium intent signals	No intent signals
Referral	Warm referral from trusted source → always Tier 1

Tier 1: High-Value Targets (8 touches / 25 days)

These are your managing partners at estate firms, EDs at $10M+ foundations, managing partners at CPA firms, and CEOs at 50+ employee SMBs. Every touch is manually personalized.

Day	Channel	Action	Notes
1	Email	Hyper-personalized email (<100 words, plain text). Reference something specific: recent news, a LinkedIn post, their website, a case they handled, a grant they awarded.	Attorneys: use the “Ethical Duty Angle” email from the Estate Attorney Kit. Foundations: use the “backup test” angle. CPAs: use the “WISP compliance” angle from the CPA Kit.
1	LinkedIn	View their profile. This shows up in their notifications.	Do NOT send a connection request yet — let the email land first.
2	LinkedIn	Send connection request with a personalized note (<300 chars). Reference the email: “Sent you a quick note yesterday about [topic] — thought it’d be good to connect here too.”
3-4	Phone	First call attempt. Use the vertical-specific script (Sections 6-9). If voicemail, leave it (Section 10).	Attorneys: Call Thursday 10-11 AM or 4-5 PM. Foundations: Call Tuesday-Thursday 9-11 AM. CPAs: Call Tuesday-Thursday 10 AM-12 PM (avoid Jan-Apr 15).
4	Email	Post-voicemail follow-up email (Section 13) if you left a VM. Skip if you connected live.
7	Email	Second email — share a relevant insight, stat, or mini case study. NOT a pitch. Value-add only.	Example: “Saw this stat — 66% of law firms still don’t have an incident response plan. Thought of our conversation.”
10	LinkedIn	Engage with their content — comment on a post, share an article relevant to them. If no content to engage with, send a DM with a question.	Tier 1 bonus: Consider a 30-second personalized video message via Sendspark or Loom. “Hi [Name], Dmitri from Solanasis. Just wanted to put a face to the name…” Video messages get 3x the reply rate of text.
14	Phone	Second call attempt. New angle — reference the email/LinkedIn: “I sent you a couple of notes about [topic]. Wanted to quickly put a voice to the name.”
21	Phone	Third and final call attempt. Short and direct: “Last try — if this isn’t relevant, no hard feelings. But I’d hate for you to miss this.”
25	Email	Breakup email: “I’ll stop reaching out — but if [pain point] ever becomes urgent, I’m one phone call away.”	Breakup emails often get the highest reply rates. Don’t skip this.

Tier 2: Medium-Value Targets (6 touches / 16 days)

Partners at smaller firms, EDs at $5 M -$ 10M foundations, CFOs/IT Directors at 20-50 employee SMBs.

Day	Channel	Action
1	Email	Personalized email (use templates from Section 13, personalize first line)
1	Phone	Same-day call + voicemail. “I just sent you a quick email about [topic]…“
4	LinkedIn	Connection request with note
7	Email	Follow-up email (insight/stat)
7	Phone	Second call attempt
16	Email	Breakup email

Tier 3: Volume Targets (3-step automated email)

B-tier national foundations, office managers, general SMB list. Apollo handles this automatically.

Day	Channel	Action
1	Email	Template email with personalization variables (first_name, company, industry)
4	Email	Follow-up
8	Email	Breakup

Phone is reserved for Tier 3 prospects who REPLY or show engagement (open email multiple times, click links, visit website). When a Tier 3 prospect shows engagement, upgrade them to Tier 2 and call.

Sequence Timing Rules

Never call the same person twice in one day
Spread call attempts across different days and times — if you called Tuesday morning, try Thursday afternoon next
Maximum 3 call attempts per prospect per sequence (more feels like harassment)
Maximum 8 voicemails across ALL channels (the prospect will not listen to 15 voicemails)
If they answer and say “not interested”: Stop immediately. Mark as “Not Interested” in Baserow. Do NOT call again for 6 months.
If they say “call me back in [timeframe]”: Set a task in Apollo/Baserow for the exact date. Follow through. This is a warm callback — it’s gold.
If you get a referral to someone else: Start a NEW Tier 1 sequence for the referred person, mentioning the referrer by name.

Cold Call Scripts — Universal Elements

If They Ask “What’s Solanasis?”

This will happen on almost every call. Have a crisp 10-second answer ready:

“We’re a fractional CIO and security firm. We help companies your size figure out if their data and systems are actually protected — and prove it. Think of us as a specialist who comes in for 10 days, finds the gaps, tests whether your backups work, and gives you a clear plan.”

Even shorter (5 seconds):

“We do 10-day Resilience Checkups for [their vertical] — security baseline, real restore test, and a prioritized plan.”

When Someone Answers Unexpectedly

You’ll sometimes plan to leave a voicemail and suddenly reach a live person. Don’t panic:

Take a breath. Smile (it changes your voice).
Start with the Opener block — it buys you 27 seconds to pull up their briefing card.
You do NOT need to be fully prepped. The Opener and Reason blocks are enough to start a good conversation.
If you’re truly caught off-guard: “Hi — sorry, I was expecting to leave a voicemail! This is Dmitri from Solanasis. Do you have a quick second?”

Warm Callback Script

When a prospect asked you to call back at a specific time — this is your highest-conversion call type. Don’t waste it.

“Hi [First Name], this is Dmitri from Solanasis. We spoke on [date] and you mentioned this would be a better time to connect. You had mentioned [reference their specific situation, pain point, or question from the first call]. Is now still good?”

Then go straight to the Discovery block — they already know who you are. Don’t re-pitch the opener.

Referral Ask (When “Not Interested”)

When someone politely declines, always ask before hanging up:

“No problem at all — I appreciate your time. Quick question before I let you go: is there anyone in your network — maybe another [attorney / ED / business owner] — who might find this relevant? We have a referral program if it turns into something.”

This single question costs zero effort and has generated entire pipelines for other consultancies.

MSP Partnership Angle: If they mention they have an MSP and aren’t interested in switching, pivot to partnership:

“Totally understand. Actually, we partner with MSPs, not compete with them. We handle the strategic security and resilience layer; they handle the day-to-day. Would it make sense for me to connect with your MSP directly? We’ve built referral relationships with several MSPs in Colorado.”

This can turn a dead-end call into an MSP channel partnership lead. See Cyber Insurance Broker Cold Outreach Kit for the broader partner-as-lead-source strategy.

6) Cold Call Scripts — Attorneys

The Framework

Every cold call has 6 modular blocks. Mix and match based on the conversation, but hit all 6:

Opener — permission or pattern interrupt
Reason — why you’re calling them specifically
Credibility — peer proof or data point
Discovery — 1-2 questions about their situation
Value — outcome-focused, not feature-focused
Ask — specific low-friction CTA

Framework heritage: This blends the Challenger Sale (teach, tailor, take control), SPIN Selling (Situation, Problem, Implication, Need-Payoff), Sandler (mutual respect, no chasing), Jeb Blount’s Fanatical Prospecting (5-step framework, Ledge-Disrupt-Ask objection handling), and Jeremy Miner’s NEPQ (let prospects persuade themselves through questions). The Reason block is your Challenger teach moment. Discovery is pure SPIN/NEPQ. The Ask is Blount: specific time, then shut up.

Jeb Blount’s 5-Step Framework (alternative to the 6-block): For a tighter, faster delivery, use Blount’s continuous 5-step framework. Execute WITHOUT PAUSING between steps:

Use their name (“Hi Sarah.“)
Identify yourself (“This is Dmitri Sunshine with Solanasis.“)
State why (“The reason I’m calling is…“)
Bridge with “because” (“…because [trigger/relevance]”)
Ask with specific time, then SHUT UP (“How about Thursday at 2?“)

See Cold Call Script Cheat Sheets for full Blount-style scripts per vertical, LDA objection handling, and Gong data tables.

Call duration benchmark (from Gong, 90,380 calls analyzed): Successful cold calls average 5:50. Unsuccessful average 3:14. If you’re consistently under 4 minutes, you’re not getting deep enough into Discovery. If you’re over 8 minutes, you’re talking past the close.

Talk-to-listen ratio (Gong): On cold calls, aim for 55% talking / 45% listening. You’re educating, not just asking questions. Keep monologues under 37 seconds.

Openers to NEVER use (Gong data):

“Did I catch you at a bad time?” = 40% less likely to book a meeting
“Is now a good time?” = Same problem; gives permission to hang up
“I’d like to tell you about our services” = Signals a pitch, not a conversation

Full Attorney Script

[OPENER — Permission-Based]

“Hi [First Name], this is Dmitri Sunshine from Solanasis. I know this is a cold call; do you have 27 seconds so I can explain why I called you specifically?”

If they say yes (most will; the specificity of “27 seconds” signals authenticity):

[REASON — Why Them]

“I work with estate planning firms on something most attorneys know they should address but haven’t gotten to yet: making sure their client data protection actually meets the ‘reasonable efforts’ standard under ABA Rule 1.6(c).”

[CREDIBILITY — Data Point]

Pick ONE of these per call, not both. Let the prospect react before layering.

Option A: “The ABA TechReport found that 66% of law firms still don’t have a formal incident response plan.”

Option B: “Malpractice carriers are now asking cybersecurity questions during renewals — firms without basic controls are seeing higher premiums or getting flagged.”

[DISCOVERY — Their Situation]

“Quick question — when was the last time your firm tested whether your backups actually restore? Not checked a dashboard — actually pulled the plug and brought everything back?”

Listen. Let them answer. This is where the conversation happens. Common responses:

“We haven’t.” → “You’re not alone. That’s exactly what our 10-day assessment covers.”
“I’m not sure.” → “That’s actually a finding in itself. If the managing partner doesn’t know, nobody knows.”
“We have an IT person for that.” → “Great. When was the last time they tested a full restore?” (They usually haven’t.)
“Why should I care?” → “You’re handling trust documents, SSNs, financial account numbers. If that data is lost or exposed, it’s not just an IT problem — it’s a malpractice exposure.”

[VALUE — What They Get]

“We do a focused 10-day data protection review. It’s not an audit and it’s not a sales pitch for ongoing services. You get a clear snapshot of where your firm stands — documented findings, a real restore test, and a prioritized 30/60/90 plan. Something you can actually hand to your malpractice carrier.”

[ASK — Specific CTA]

“Would 15 minutes next [Tuesday/Thursday] make sense to see if this is even relevant for your firm?”

Attorney Language Translation Table

Use these substitutions in ALL attorney conversations. Attorneys think in terms of client duties, not IT jargon.

DON’T Say	DO Say	Why
Cybersecurity assessment	Data protection review	Client duty framing
Vulnerabilities	Exposure points for client data	Fiduciary language
Compliance audit	Reasonable efforts verification	Maps to ABA Rule 1.6(c)
Incident response plan	Breach notification readiness	Attorneys understand notification
We secure your network	We help you demonstrate reasonable efforts to protect client information	Professional duty, not IT project
IT security vendor	Legal technology risk advisor	Peer positioning
Penetration testing	Controlled security validation	Less alarming
ROI	Risk reduction	Attorneys don’t think in ROI terms

Alternate Attorney Openers (A/B Test These)

Opener B — “How Have You Been?” (Gong data: 6.6x success rate from 90,380 calls):

“Hi [First Name], this is Dmitri Sunshine from Solanasis. How have you been?”

This sounds counterintuitive on a cold call, but Gong’s analysis of 90,380 calls found it converts at 6.6x the average. It works because it’s disarming; the prospect assumes they’ve met you before and engages instead of guarding. Use it confidently. If they say “Do I know you?” just be honest: “We haven’t met yet, but I’ve been doing some research on estate planning firms in Colorado and your name came up. I had a quick question.”

Opener C — Trigger Event:

“Hi [First Name], this is Dmitri Sunshine from Solanasis. I noticed your firm just [expanded to a second office / added a new partner / launched a new practice area]. Usually when that happens, the tech stack gets stretched in ways nobody planned for. Is that something you’re running into?”

Opener D — Peer Proof:

“Hi [First Name], Dmitri Sunshine from Solanasis. I’ve been working with a couple of estate planning firms in [city/state] on their data protection posture, the ABA compliance piece specifically. Wondered if that’s something on your radar?”

Opener E — “Heard the Name Tossed Around” (Gong: 11.24% success, highest-performing opener):

“Hi [First Name], I’ve heard the name [their name] tossed around. This is Dmitri Sunshine from Solanasis. I work with estate planning firms on the data protection piece.”

ONLY use when you have a legitimate connection, referral, or reason their name came up (e.g., they’re listed in a bar association directory, a colleague mentioned them, they appeared in an Apollo intent signal). Dishonest use destroys trust.

Opener F — The Uncomfortable Truth:

“Hi [First Name], Dmitri Sunshine from Solanasis. Honest question: if your firm had a data breach tomorrow, could you demonstrate to your malpractice carrier that you had ‘reasonable efforts’ in place to protect client data?“

7) Cold Call Scripts — Foundations

Full Foundation Script

[OPENER]

“Hi [First Name], this is Dmitri Sunshine from Solanasis. I’m reaching out to [Foundation Name] specifically — do you have a quick moment?”

Note: For foundations, slightly warmer opener. EDs at small foundations are less guarded than attorneys. Use your actual last name — it builds rapport.

[REASON]

“I work with private foundations on operational resilience — making sure your donor data and grant records are actually protected and recoverable. I had a quick question.”

[DISCOVERY — The Hook]

“Has your team ever tested whether your backups actually restore? Not ‘we have backups’ — an actual full restore test?”

Let them answer. Common responses:

“I’m not sure we have backups.” → “That’s actually more common than you’d think for organizations your size. That’s exactly what we help with.”
“Our IT person handles that.” → “Great — when was the last time they ran a real test? Two-thirds of restore tests fail on the first attempt.”
“We’re too small to worry about that.” → “The Blackbaud breach hit 13,000 nonprofits — size didn’t matter. What mattered was whether they had their donor data protected.”
“What would that cost?” → “The assessment is $5 K -$ 7.5K, fixed fee, 10 business days. No surprises, no ongoing commitment.”

[CREDIBILITY]

If you already used the two-thirds stat in DISCOVERY, use only the Blackbaud angle here:

Option A (if you didn’t use the restore stat yet): “In our experience, the majority of restore tests fail on the first attempt. And after the Blackbaud breach — which exposed 13,000 nonprofits and cost $56 million in settlements — boards are starting to ask these questions.”

Option B (if you already used the restore stat): “After the Blackbaud breach — 13,000 nonprofits, $56 million in settlements — boards are starting to ask about data protection. Better to have the answers before they ask.”

[VALUE — Mission-Aligned]

“We do a 10-day assessment — gap analysis, a real restore test, risk register, and a board-ready report. Everything you need to tell your board ‘here’s where we stand and here’s our plan.’ Every dollar you don’t spend recovering from a preventable problem is a dollar going to [their cause/mission].”

[ASK]

“Would it make sense for me to send you the one-pager so you can see exactly what’s included? And if it looks relevant, we can find 15 minutes to talk through it.”

Note: For foundations, the one-pager send is often a better ask than a direct meeting request. Foundation EDs are relationship-driven — let them warm up to the idea.

Alternate Foundation Openers (A/B Test These)

Opener B — “How Have You Been?” (Gong 6.6x success rate):

“Hi [First Name], this is Dmitri Sunshine from Solanasis. How have you been?”

Works especially well with foundation EDs who are used to relational conversations. See attorney section for the full “Do I know you?” recovery script.

Opener C — Mission-Aligned:

“Hi [First Name], Dmitri Sunshine from Solanasis. I’ve been looking at foundations focused on [their cause area] and wanted to ask you a quick question about how [Foundation Name] protects its donor and grant data.”

Foundation-Specific Pain Points (Quick Reference)

Use these when you need to pivot or when a specific pain resonates:

Pain Point	One-Liner	When to Use
Untested backups	”Two-thirds of restore tests fail on the first attempt.”	Universal opener — every foundation relates
Sensitive donor data	”Planned giving data is more sensitive than what most banks hold, and often less protected.”	Foundations with endowments or planned giving programs
Blackbaud breach	”The Blackbaud breach exposed 13,000 nonprofits. Settlements cost $56M+.”	When they say “we’re too small to be a target”
Board blind spot	”Most boards ask about cybersecurity only after something goes wrong.”	When talking to EDs or board members
Irreplaceable records	”Trust agreements and beneficiary records can’t be rebuilt if lost.”	Family foundations, planned giving programs
Lean team reality	”No IT staff doesn’t mean no IT risk. It usually means more.”	Small foundations ( $1 M -$ 10M), 1-2 person shops

8) Cold Call Scripts — SMBs

Full SMB Script

[OPENER]

“Hi [First Name], this is Dmitri Sunshine from Solanasis. I know this is a cold call; do you have 27 seconds so I can explain why I’m calling?”

[REASON — Industry-Specific]

Choose based on their industry:

Healthcare:

“I work with healthcare companies your size on something that usually falls through the cracks — making sure your patient data is actually protected and your systems are recoverable if something goes wrong. With the HIPAA Security Rule changes being proposed, it’s become more urgent.”

Financial Services:

“I work with financial services firms your size on operational resilience — specifically making sure your client data and systems meet the compliance bar your regulators expect. Most firms this size don’t have a dedicated CISO, and that’s where the gaps live.”

General SMB:

“I work with companies your size on something that usually gets attention only after it breaks — making sure your systems are actually resilient if something goes wrong. Not just ‘we have backups’ — actually tested and proven.”

[DISCOVERY]

“Quick question: if your systems went down tomorrow morning — all of them — how long before you’re back up and running?”

Let them answer. Follow-ups based on response:

“A few hours.” → “That’s better than most. Have you actually tested that, or is that an estimate?”
“I don’t know.” → “That’s actually the most honest answer I hear. The fact that you don’t know is itself a finding.”
“We have an MSP.” → “Great. When was the last time your MSP ran a full disaster recovery test — not just checked a dashboard, but actually simulated a failure and restored everything?”
“We’d be in trouble.” → “You’re not alone. That’s exactly what we help with.”

[CREDIBILITY]

“The average breach cost for businesses under 500 employees is $3.31 mi ll i o n . B u t h o n es tl y, t h esc a r i er n u mb er i s t h e d o w n t im e — m os t co m p ani es l ose$ 137 to $427 per minute when systems are down. And 80% of those incidents hit companies under 1,000 employees.”

[VALUE]

“We do a 10-day Resilience Checkup. Security baseline, a real restore test — not theoretical — and a prioritized 30/60/90 plan. You get CIO-level insight without the CIO price tag. Fixed fee, no surprises.”

[ASK]

“Would 15 minutes next week make sense to see if this is even relevant for your situation?”

Alternate SMB Openers

Opener B — “How Have You Been?” (Gong 6.6x success rate):

“Hi [First Name], this is Dmitri Sunshine from Solanasis. How have you been?”

See attorney section for the full “Do I know you?” recovery script. Works best with owner/CEO contacts where the personal touch matters.

Opener C — The “Who Handles IT” Probe:

“Hi [First Name], quick question — who handles IT and security decisions at [Company]? Is that you, or is there someone else I should talk to?”

This works when you’re not sure if you have the right person. If they say “that’s me” you’re in. If they redirect you, you get the right name.

Opener D — The Quiet Resignation:

“Hi [First Name], Dmitri Sunshine from Solanasis. I’ll be honest, most companies your size know their IT setup isn’t where it should be, but nobody’s had the bandwidth to deal with it. Does that sound familiar?“

9) Cold Call Scripts — CPAs

Why CPAs Are the Hottest Vertical Right Now

CPA firms face the most statutory compliance pressure of any Solanasis vertical. Unlike attorneys (ethical obligation) or SMBs (general best practice), CPAs have two specific, enforceable mandates:

IRS WISP Requirement (Written Information Security Plan) — IRS Publication 4557 makes this mandatory for ALL tax preparers. The IRS can revoke your PTIN for non-compliance.
FTC Safeguards Rule (16 CFR Part 314) — Requires a comprehensive information security program. Penalties up to $100,000 per violation.

Most small-to-mid CPA firms have either a checkbox WISP that wouldn’t survive scrutiny, or nothing at all.

The timing advantage: April 16 through June 30 is the prime window. Firms just finished tax season, are catching their breath, and are thinking about “all that stuff we said we’d do after April 15.”

ICP

Firm size: 3-25 CPAs (solo practitioners rarely have budget; national firms have internal compliance)
Practice focus: Tax preparation, wealth management accounting, estate/trust accounting, small business accounting
Location: Colorado first (Denver, Boulder, Colorado Springs)
Decision maker: Managing partner, firm administrator, or compliance partner
Key signals: Offers tax prep, 3+ CPAs on website, no CISO/IT director listed, handles individual or estate tax returns

Best Calling Times

Tuesday-Thursday, 10 AM-12 PM or 2-4 PM
Post-tax-season (April 16-June 30) is prime. Firms are planning, renewals are coming, and they have bandwidth.
Avoid January-April 15 entirely (tax season = unreachable)
E&O insurance renewals often fall Q2-Q3, creating urgency

Where to Find Them

Colorado Society of CPAs (COCPA) — cocpa.org member directory
AICPA Find-a-CPA tool
Apollo search with filters: Job Title = Managing Partner / Partner, Industry = Accounting, Size = 3-50, Location = Colorado
LinkedIn: “CPA” + “managing partner” + “Colorado”
IRS Tax Pro Directory
Colorado State Board of Accountancy active license lookup

Full CPA Script

[OPENER — Permission-Based]

“Hi [First Name], this is Dmitri Sunshine from Solanasis. I know this is a cold call — do you have 27 seconds so I can explain why I called you specifically?”

[REASON — Compliance-Driven]

“I work with CPA firms on something most managing partners know is sitting on their to-do list: making sure their Written Information Security Plan actually meets what the IRS and FTC require. Not the template version — the real thing.”

[CREDIBILITY — Regulatory Data]

Pick ONE per call:

Option A: “The IRS reported 294,138 identity theft tax returns in 2023, and many of those originated from compromised preparer systems, not the taxpayers themselves.”

Option B: “The FTC has been actively enforcing the Safeguards Rule against tax preparers specifically. Penalties can reach $100,000 per violation, and that’s before you factor in state board exposure and malpractice gaps.”

[DISCOVERY — Their Situation]

“Quick question: does your firm have a Written Information Security Plan that’s been updated in the last 12 months? And has anyone ever tested whether your backup systems actually restore?”

Common responses:

“We have a WISP somewhere.” → “That’s what we hear from most firms. The question is: would it hold up if the IRS or FTC came knocking? A template WISP from three years ago usually wouldn’t.”
“Our IT person handles that.” → “Great. Does your IT person also handle the compliance documentation, the risk assessment updates, and the breach response procedures that the FTC specifically requires? Those are usually different skill sets.”
“We’re pretty small, is this really necessary?” → “The IRS doesn’t have a size exemption for the WISP requirement. If you prepare tax returns, you need one, and it needs to be current. The good news is, for a firm your size, it’s very manageable.”
“We just finished tax season, I can’t think about this yet.” → “That’s actually the perfect time. April through June is when most firms we work with tackle this, before the next busy season starts and it gets pushed again.”

[VALUE — What They Get]

“We do a focused 10-day Safeguards review. We check your actual controls against what the IRS and FTC require, test your backup recovery for real, and give you a documented report you can use for compliance evidence, insurance renewals, and internal planning. No ongoing commitment.”

[ASK]

“Would 15 minutes next week make sense to see if this is relevant for your firm? Especially with insurance renewals coming up.”

CPA Language Translation Table

DON’T Say	DO Say	Why
Cybersecurity assessment	WISP validation and Safeguards review	Maps to their actual compliance obligation
We check your security	We verify your WISP meets IRS and FTC requirements	Specific regulatory framing
Vulnerabilities	Safeguards gaps	FTC Safeguards Rule language
Incident response plan	Breach response procedures (per FTC 314.4(h))	Direct regulatory citation
IT security	Information security program	Exact phrase from FTC Safeguards Rule
You need to fix this	Your WISP needs to be a living document, not a checkbox	Collaborative, not confrontational

Alternate CPA Openers (A/B Test These)

Opener B — Post-Tax-Season Timing:

“Hi [First Name], Dmitri Sunshine from Solanasis. Now that tax season is behind you, I had a quick question about something most firms plan to tackle in the off-season: your Written Information Security Plan. Is that on your list this year?”

Opener C — Insurance Renewal Angle:

“Hi [First Name], Dmitri Sunshine from Solanasis. Quick question: when your E&O insurance comes up for renewal, can your firm demonstrate a current information security program? That’s becoming a sticking point for a lot of accounting firms.”

Opener D — IRS Enforcement:

“Hi [First Name], Dmitri Sunshine from Solanasis. The IRS has been tightening enforcement on the WISP requirement for tax preparers. We’ve been helping CPA firms make sure their plan would actually hold up. Is that something your firm has addressed?”

Deep dive: See CPA Firm Cold Outreach Kit for email sequences, full compliance research, and verified regulatory citations.

10) Voicemail Scripts

Rules for Voicemails

Why leave voicemails? Gong data: VMs double your email reply rate (2.73% to 5.87%). The primary value of a VM is priming the prospect for the email you send right after.

The trade-off: VMs reduce your future connect rate by 28%. The VM helps with email replies but makes future pickups harder. This is why you limit to 2 max.

20-30 seconds max. Longer gets deleted.
Leave a maximum of 2 voicemails per prospect per sequence. Gong data: at 3+ VMs, response drops BELOW leaving none.
Always follow up a voicemail with an email within 1 hour (see Section 13). The VM primes; the email converts.
Speak slowly, clearly, and state your phone number twice (Blount: once at start, once at end).
Do NOT pitch in the voicemail. One insight, one reason to call back, done.
Strategic rule: Don’t VM every dial. Only leave VMs when it matters (Tier 1/2 prospects, or when you have a specific insight to share).

Attorney Voicemail

“Hi [First Name], this is Dmitri Sunshine from Solanasis — 303-900-8969. Quick message: I work with estate planning firms on the data protection piece — specifically the ‘reasonable efforts’ standard that malpractice carriers are starting to ask about. I’ll send a brief email with details. Again, 303-900-8969. Thanks.”

Foundation Voicemail

“Hi [First Name], Dmitri Sunshine from Solanasis — 303-900-8969. Quick message: we help private foundations verify their backup and compliance readiness. I’ll send a brief email with details. Again, 303-900-8969. Thanks.”

CPA Voicemail

“Hi [First Name], Dmitri Sunshine from Solanasis — 303-900-8969. Quick message: I work with CPA firms on WISP compliance and the FTC Safeguards requirements. I’ll send a brief email with details. Again, 303-900-8969. Thanks.”

SMB Voicemail

“Hi [First Name], Dmitri Sunshine from Solanasis — 303-900-8969. I work with [industry] companies your size on something that usually gets missed — making sure your systems actually come back when things go wrong. I’ll follow up by email. Again, 303-900-8969.”

Second Voicemail (All Verticals — More Direct)

“Hi [First Name], Dmitri from Solanasis again — 303-900-8969. I left you a message last [day]. Not trying to be a pest — just want to make sure you saw the email I sent about [one specific thing]. If it’s not relevant, no worries at all. 303-900-8969.”

11) Gatekeeper Strategies

Core Philosophy

Gatekeepers are allies, not obstacles. They control access to the decision-maker, and they remember who treated them well.

Strategies by Vertical

Attorneys — Receptionists and Legal Assistants:

The person answering the phone at a law firm is almost always a legal assistant, paralegal, or office manager. They are protective and efficient.

Be respectful of their time: “Hi, I’m trying to reach the right person who handles your firm’s technology decisions — can you help me?”
Learn their name and use it: “Thank you, [Name]. When would be the best time to catch [Attorney Name]?”
Name-drop if you have a referral: “[Referring Attorney] at [Other Firm] suggested I reach out to [Name] about this.”
Offer to send information first: “I’d be happy to send a one-page summary first so [Attorney Name] has context. What email should I use?”
If they ask what it’s about: “It’s about the ABA data protection requirements and how they’re affecting malpractice renewals. It’s a quick conversation — not a sales call.”
Never be pushy or dismissive. If they say “he’s not available,” say “Totally understand. When would be a better time?”

Foundations — Often No Gatekeeper:

At foundations with 1-5 staff, the ED often answers the phone directly. If there IS a gatekeeper (admin assistant or program officer):

“Hi, I’m looking for [ED Name]. We work with foundations on data protection and operational readiness. Is [he/she] available?”
If redirected: “No problem — who would be the right person to talk to about technology and data security at the foundation?”

CPA Firms — Front Desk / Admin Staff:

“Hi, I’m trying to reach [Managing Partner Name]. We work with accounting firms on their IRS information security requirements. Is [he/she] available?”
If asked what it’s about: “It’s about the WISP compliance requirements from the IRS and FTC. It’s a quick conversation, not a sales call.”
CPA firm admins are often the firm administrator who handles operations. They may be the right person to talk to, not just a gatekeeper.

SMBs — Office Managers and Admins:

“Hi, I’m trying to reach whoever handles IT and technology decisions at [Company]. Is that [Owner Name] or someone else?”
If they ask what it’s about: “It’s about business continuity planning — specifically making sure your systems are protected in case something goes wrong. It’s a quick conversation.”
The office manager is often the practical decision-maker for IT. Don’t dismiss them as “just the gatekeeper” — they may be your champion.

Universal Gatekeeper Rules

Always ask for the gatekeeper’s name. Write it down. Use it next time.
Never lie about why you’re calling. “I’m following up on some correspondence” when there was none will get you blacklisted.
If they ask you to email instead: Say “Absolutely, what’s the best email?” Then call back 2-3 days later: “I sent that email on [day] — wanted to make sure it didn’t get buried.”
Call at off-hours if gatekeepers are blocking you. Decision-makers often answer their own phone before 8:30 AM or after 5:00 PM.
Multi-thread when possible. If you can’t reach the managing partner, try the office administrator or operations director. Someone will champion you internally.

12) Objection Handling Bank

How to Use This Section

When you hear an objection, don’t argue. Use Jeb Blount’s Ledge-Disrupt-Ask (LDA) technique:

Ledge (memorized pause phrase): “That makes sense.” / “I figured you might say that.” / “That’s exactly why I called.”
Disrupt (agree with them; they expect you to argue): Break their expected pattern.
Ask (immediately reassert; propose a specific time): “How about Thursday at 2?”

Cold call objections are reflexive, not rational (Blount calls them RBOs: Reflex Responses, Brush-offs, Objections). There are only 3-5 that make up 80% of what you’ll hear. Memorize the turnaround for each.

Critical: NEVER say “I understand” in objection handling. Blount warns this signals insincerity. Use “That makes sense” instead.

See Cold Call Script Cheat Sheets for the full LDA framework with Solanasis-specific turnarounds.

Universal Objections (All Verticals)

Objection	Response
”We already have an IT person / MSP."	"Great — most MSPs focus on keeping the lights on day to day. We focus on the strategic layer: are you actually resilient if something goes wrong? Think of it like having a general practitioner but never seeing a specialist. We’re the specialist."
"We’re too small to be a target."	"80% of cyber incidents hit companies under 1,000 employees. Attackers don’t care about your size — they care about whether you’re easy. And smaller companies are usually easier."
"Not in the budget."	"Our 10-day assessment runs [check cheat sheet for their size — $5 K f or < 10 u sers,$ 7.5K for 11-50, $12.5 K f or 51 - 150,$ 19.5K for 151-500]. Most clients find it pays for itself in the first issue it catches. Would it help to see what we’ve found at other companies before committing?"
"Send me an email."	"Absolutely, I will. Quick question before I go — what’s the one thing about your IT setup that keeps you up at night? I want to make sure the email is actually relevant."
"I’m not the right person."	"Totally understand. Who would be the best person to talk to about technology and data protection decisions?"
"We’re not ready right now."	"No pressure at all. Can I send you our one-pager so you have it when the timing is right? When would be a better time to revisit — next quarter?"
"How much does this cost?” (asked too early)	“It depends on your size, but for a company like yours it’s typically [ $X -$ Y], fixed fee, 10 business days. But before we talk price — can I ask what prompted you to even have this conversation? That’ll help me figure out if we’re even the right fit."
"We just went through an assessment."	"When was that? And did it include a real restore test — not a checkbox, but actually simulating a failure and recovering? That’s the piece most assessments skip."
"Can you just send a proposal?"	"I could, but it’d be a generic one without knowing your situation. A 15-minute call lets me put together something specific to your setup. Would [day/time] work?"
"I need to talk to my partner / board."	"Of course. Would it help if I sent a one-page summary they can review? Most of the time, [partners/boards] just want to know: what’s the risk, what’s the fix, and what does it cost. Our summary covers all three.”

Attorney-Specific Objections

Objection	Response
”We’re covered by our malpractice insurance."	"Insurance covers the claim after a breach. It doesn’t prevent the breach, and it doesn’t cover the reputational damage or client trust erosion. The question is: can you demonstrate to your carrier that you had ‘reasonable efforts’ in place before the incident? That’s what we help document."
"The bar doesn’t require this."	"You’re right — there’s no specific CLE requirement for cybersecurity in Colorado. But ABA Model Rules 1.6(c) and 1.1 do require ‘reasonable efforts’ to protect client data and technological competence. The question is: what does ‘reasonable’ look like at your firm today?"
"Our cases aren’t high-profile enough."	"Estate planning data is some of the most sensitive in any law practice — SSNs, financial account numbers, trust documents, family medical information. The value isn’t in the case profile — it’s in the data itself.”

Foundation-Specific Objections

Objection	Response
”We don’t have IT staff."	"That’s exactly who this is for. We coordinate directly with your team and any vendors you use. No IT staff doesn’t mean no IT risk — it usually means more."
"We’re too small to be a target."	"The Blackbaud breach hit 13,000 nonprofits. Size doesn’t matter — data sensitivity does. Your donor records and grant data are high-value targets."
"We already have backups."	"Great. When was the last time you tested a full restore? Not checked a dashboard — actually restored everything from scratch. Most organizations haven’t. That’s the gap."
"How much does this cost?"	" $5 K -$ 7.5K, fixed fee, 10 business days. No surprises, no ongoing commitment. You get a gap analysis, real restore test, risk register, and a board-ready report."
"I need board approval."	"Most EDs can approve under $10K. We provide a one-page scope summary for your board if needed. When’s your next board meeting? We can time the assessment so you have the results ready to present.”

CPA-Specific Objections

Objection	Response
”We already have a WISP."	"That’s great, you’re ahead of most firms. The question is: when was it last updated, and does it cover the specific technical controls the FTC Safeguards Rule requires under 314.4? Most WISPs we see were created from a template and haven’t been touched since. A quick validation could save you a lot of headaches."
"We’re a small firm, the IRS isn’t going to come after us."	"The IRS WISP requirement doesn’t have a size exemption. If you prepare tax returns, you need a current one. And honestly, smaller firms are more exposed because they’re less likely to have the controls in place. The IRS reported 294,138 identity theft tax returns in 2023, many traced back to compromised preparer systems."
"Can’t this wait until after busy season?"	"Absolutely. The ideal window is April through June, right after tax season when your team has bandwidth. Can I follow up the week of April 20 so we can get it on the calendar?"
"Our accountant software handles security."	"Software security is one layer. The FTC Safeguards Rule requires an entire information security program: risk assessments, access controls, encryption, breach response procedures, and ongoing monitoring. That’s the gap between software features and compliance documentation.”

SMB-Specific Objections

Objection	Response
”Our MSP handles security."	"MSPs are great at keeping things running. The question is: has anyone ever tested whether your systems actually come back after a failure? That’s the gap between managed IT and operational resilience. We bridge it."
"We’re a small company, this is for enterprises."	"Actually, we built this specifically for companies your size. Enterprise solutions cost $50 K -$ 100K. Our 10-day assessment is $5 K -$ 19.5K depending on size and gives you CIO-level insight at a fraction of the cost."
"We’ve never had a problem."	"That’s great — and I hope it stays that way. But ‘never had a problem’ isn’t the same as ‘prepared for one.’ The average cost of finding out the hard way is $3.31 million for companies under 500 employees.”

13) Email Templates (Integrated with Calls)

All emails: plain text only, <100 words, from solanashq.com (cold domain). See Manual Cold Outreach Cheat Sheet for full anti-spam safety rules.

Pre-Call Warm-Up Email (Day 1 — Before First Call)

Subject: Quick question about [Company Name]‘s [data protection / backup setup / IT resilience]

Attorney version:

Hi [First Name],

I’ve been researching estate planning firms in Colorado and noticed [Firm Name] handles trusts, estates, and wealth transfer — some of the most sensitive data in the legal profession.

Quick question: has your firm verified that your client data protection meets the “reasonable efforts” standard under ABA Rule 1.6(c)? 66% of law firms haven’t.

We do a 10-day data protection review. Would 15 minutes be worthwhile?

Best, Dmitri Sunshine Solanasis | 303-900-8969

Foundation version:

Hi [First Name],

I work with private foundations on something most haven’t gotten to yet — verifying that backup and disaster recovery systems actually work.

Quick question for [Foundation Name]: has your team ever tested a full restore of your systems? Two-thirds of organizations fail that test on the first try.

Happy to send a one-pager on what we cover. Would that be useful?

Best, Dmitri Sunshine Solanasis | 303-900-8969

SMB version:

Hi [First Name],

Quick question: if [Company Name]‘s systems went down tomorrow — email, files, everything — how long before you’re back up and running?

Most companies your size don’t actually know the answer. We do a 10-day Resilience Checkup that gives you a clear answer, a real restore test, and a 30/60/90 plan.

Worth 15 minutes to see if it’s relevant?

Dmitri Sunshine Solanasis | 303-900-8969

CPA version:

Hi [First Name],

Quick question: does [Firm Name] have a Written Information Security Plan (WISP) that’s been updated in the last 12 months?

IRS Publication 4557 makes it mandatory for all tax preparers, and the FTC Safeguards Rule adds its own requirements on top. Most firms we talk to have a template version from a few years ago or nothing at all.

We do a 10-day Safeguards review that checks your actual controls against what the IRS and FTC require. Would 15 minutes be useful to see if it’s relevant?

Dmitri Sunshine Solanasis | 303-900-8969

Post-Voicemail Follow-Up Email (Same Day as VM)

Subject: Just left you a voicemail

Hi [First Name],

Just tried calling — left a quick voicemail. I work with [attorneys / foundations / companies] your size on [data protection / operational resilience / backup verification].

The short version: [one specific insight relevant to their vertical].

Happy to share more details over email or a quick call. Whatever works for you.

Dmitri Sunshine Solanasis | 303-900-8969

Value-Add Follow-Up (Day 7)

Subject: [Relevant stat or insight headline]

Hi [First Name],

Thought this might be relevant for [Company/Firm/Foundation Name]:

[One specific data point, news item, or insight relevant to their vertical. Examples:]

“A Colorado law firm’s malpractice renewal was flagged last month because they couldn’t document basic cybersecurity measures.”
“The Blackbaud breach settlement just hit $56M — 13,000 nonprofits affected.”
“Average breach cost for businesses under 500 employees: $3.31M. Most of that is downtime, not the breach itself.”

If you ever want to get a clear picture of where [Company] stands, that’s exactly what our 10-day assessment covers.

Dmitri 303-900-8969

Breakup Email (Final Touch)

Subject: Closing the loop

Hi [First Name],

I’ve reached out a couple of times about [data protection / operational resilience] at [Company]. I’ll stop reaching out — I respect your time.

If this ever becomes a priority, I’m a phone call away: 303-900-8969.

Best, Dmitri

14) LinkedIn Integration with Cold Calling

The LinkedIn-Phone Amplification Loop

LinkedIn and cold calling work together. Here’s how:

Before calling: View their LinkedIn profile (they get notified). This creates a subconscious familiarity — when you call, your name isn’t completely unknown.
After calling (connected): Send a LinkedIn connection request referencing the call: “Great chatting today about [topic]. Let’s stay connected here.”
After calling (voicemail/no answer): Send a connection request: “Tried reaching you by phone — thought it’d be easier to connect here. I sent you a quick note about [topic].”
Between call attempts: Engage with their content. Comment on posts. Share relevant articles. Build visibility before the next call.
After booking a meeting: Connect on LinkedIn if not already. This increases show-up rates — they feel more committed when they’ve connected with you personally.

What Claude Can Do (From AI-Native Playbook)

Prospect triage from Sales Navigator: Claude reads search results, scores against ICP, outputs ranked shortlist. 30-45 min → 10 min review. Zero risk.
Account brief creation: Claude synthesizes LinkedIn profile + company website into pain points, best outreach angle, “why now” line. 15 min → 2-3 min. Zero risk.
Message drafting: Claude drafts connection notes (<300 chars) and follow-up messages in your voice. 10 min → 1 min review. Zero risk.
Content mining: Claude reviews prospect posts and drafts thoughtful comments for you to post. 20 min → 5 min. Zero risk.

What Claude should NOT do on LinkedIn: Click Connect, send messages, or perform any actions. LinkedIn detects automation and restricts/bans accounts. All actions must be manual (Claude drafts, you click).

See AI-Native Outreach Playbook for the full automation scoring by channel.

15) The Daily Execution Ritual

The Canonical Day for Outbound (2-2.5 hours total)

This consolidates fragments from the Manual Cheat Sheet, AI-Native Playbook, and daily-outreach logs into one daily rhythm.

Morning Block: CALL (45-60 min) — 8:30-9:30 AM MT

Before you dial:

Open Apollo → today’s call list (queued from yesterday’s prep or sequence tasks)
For each prospect, review the brief: company, title, vertical, pain angle, one “I noticed” line
Open this playbook to the relevant script section (attorneys = Section 6, foundations = Section 7, SMBs = Section 8, CPAs = Section 9)
Open the Call Pricing Cheat Sheet in another tab

Make your calls: 5. Target: 15-25 dials using Apollo’s click-to-call dialer 6. Follow the script framework: Opener → Reason → Credibility → Discovery → Value → Ask 7. After each call, log the outcome immediately:

Connected — Meeting booked: Update Baserow status to “Meeting Booked,” set date
Connected — Interested: Update to “Warm Lead,” note follow-up action
Connected — Not Interested: Ask for referral first (see Universal Elements above), then update to “Not Interested,” stop sequence
Voicemail left: Update to “VM Left,” trigger post-VM email (Section 13)
No answer, no VM: Update to “No Answer,” keep in sequence
Wrong number / bad data: Update to “Bad Data,” remove from list

Between calls: Take 30-60 seconds to review the next prospect brief. Don’t rush.

Pro Tip: The best call blocks are focused. No email, no Slack, no multitasking. Phone on desk, headset on, dial. The energy of momentum compounds; your 15th call will sound better than your 1st because you’re warmed up.

Blount’s Golden Hours rule: 9 AM - 12 PM and 3 PM - 5 PM are Golden Hours. Revenue-generating activities ONLY (calls, meetings). Save list building, CRM updates, email drafts, and research for Platinum Hours (before 9 AM, 12 PM - 3 PM, after 5 PM). Never waste Golden Hours on admin.

Tonality: Speak at 140-160 words per minute. Casual and confident, not rehearsed. Smile while you talk (it changes your vocal quality). Stand up or walk during calls. Match the prospect’s energy level loosely.

Warm-up: Start your first 2-3 dials with low-priority Tier 3 prospects. By the time you hit your Tier 1 targets, you’ll be in rhythm.

Blount’s “one more call” rule: At the end of every call block, make one more call than you planned. This is the difference between average and exceptional prospecting.

Midday Block: FOLLOW-UP (30 min) — 11:30 AM-12:00 PM MT

Send post-voicemail emails to everyone you left a VM for this morning (use template from Section 12)
Send 5-10 LinkedIn connection requests to today’s call targets:
- Connected live → “Great chatting today” note
- VM/no answer → “Tried reaching you by phone” note
Engage on 3-5 prospect posts — thoughtful comments, not “great post!”
Check Apollo sequence tasks — any email replies or bounced emails that need attention?
Move any engaged Tier 3 prospects up to Tier 2 if they’ve opened emails multiple times or clicked links

Afternoon Block: PIPELINE (15-20 min) — 4:00-4:20 PM MT

Check all channels for replies: email inbox, LinkedIn messages, Google Voice for callbacks
Respond to warm leads immediately — within the hour if possible. Speed-to-lead matters.
Handle no-shows: If a booked meeting didn’t happen:
- Wait 5 minutes past start time, then send a quick email: “Hi [Name], I had us down for [time] today. No worries if something came up; here’s my link to reschedule: https://go.solanasis.com/meet”
- If no response within 24 hours, call once. Don’t leave a voicemail; just try again the next day.
- After 2 failed reschedule attempts, send a “door open” email: “Whenever the timing is right, I’m here. No need to explain.”
- No-shows are normal (20-30% industry average). Don’t take it personally and don’t chase aggressively.
Update Baserow pipeline: All statuses current, all notes captured
Prep tomorrow’s call list:
- Pull next batch from Apollo sequences (call tasks due tomorrow)
- Add any new prospects from intent signals or engagement
- Generate/review prospect briefs for tomorrow’s calls (Claude can help here)

Weekly Review (30 min) — Friday 4:00-4:30 PM MT

Review the numbers:
- Total dials this week
- Connect rate (calls answered / total dials)
- Meetings booked
- Voicemails left vs. callbacks received
- Emails sent vs. replies received
A/B test check: Which opener variant performed better? Which email subject line got more opens?
Adjust next week’s plan:
- More calls to verticals that are converting
- New approaches for verticals that aren’t
- Replenish prospect lists if any vertical is running low
Update the split-test tracker (see Section 17)

Time Math Reality Check

Block	Time	Frequency
Morning calls	45-60 min	Daily (Mon-Fri)
Midday follow-up	30 min	Daily
Afternoon pipeline	15-20 min	Daily
Weekly review	30 min	Friday
Daily total	~90-110 min
Weekly total	~8-9.5 hours	Including Friday review

This leaves the rest of your day for: ORB delivery, content creation, admin, and strategic work. The outbound block is a non-negotiable protected time — it’s the revenue engine.

16) Metrics & Benchmarks

Call Metrics

Metric	Target	Exceptional	How to Calculate
Dials per day	15-25	30+	Count from Apollo dialer log
Connect rate	5%+	10%+	Live conversations / total dials
Meeting book rate	2%+ of dials	5%+	Meetings booked / total dials
Voicemail callback rate	1-3%	5%+	Callbacks / voicemails left
Average call duration (successful)	5:50 (Gong benchmark)	6-8 min (deep discovery)	From Apollo recordings. Unsuccessful calls avg 3:14. If consistently under 4 min, you’re not getting deep enough into Discovery.

Email Metrics

Metric	Target	Exceptional	Red Flag
Open rate	25%+	35%+	Below 15% = deliverability issue
Reply rate	3%+	5%+	Below 1% = messaging issue
Bounce rate	<2%	<1%	Above 3% = list quality issue
Unsubscribe rate	<0.5%	<0.2%	Above 1% = targeting issue

LinkedIn Metrics

Metric	Target	Exceptional
Connection acceptance rate	30%+	40%+
Message reply rate	8%+	15%+
Profile views from prospects	10+/week	20+/week

Pipeline Metrics (From Master GTM Playbook)

Monthly pipeline math (target by Month 3):

Outreach per month:                200-300
  → Conversations started:         40-60  (20% response rate)
    → Intro calls booked:          10-15  (25% of conversations)
      → Proposals sent:            5-8    (50% of calls)
        → ORBs closed:             2-4    (40-50% close rate)
          → Retainer conversions:  1-2    (50% of ORBs)

Weekly Dashboard (Track in Baserow)

Create these columns in your Baserow outreach tracking:

Column	Type	Purpose
Prospect Name	Text
Company	Text
Vertical	Single Select: Attorney / Foundation / CPA / SMB
Tier	Single Select: 1 / 2 / 3
Sequence Day	Number	Where they are in the sequence
Last Action	Single Select: Email Sent / Called / VM Left / LinkedIn / Connected
Last Action Date	Date
Status	Single Select: New / In Sequence / Warm Lead / Meeting Booked / Proposal Sent / Closed / Not Interested / Bad Data
Next Action	Text	What to do next
Next Action Date	Date	When
Notes	Long Text	Call notes, responses, context
Split Test Code	Text	A1, B2, etc. (see Section 17)

17) A/B Testing Framework

The Rules

Test one variable at a time. If you change the opener AND the email subject, you don’t know which one made the difference.
Minimum 100 prospects per variant before drawing conclusions. Below that, results are noise.
Run tests for at least 2 weeks to account for day-of-week and time-of-day variation.
Use Apollo’s built-in A/B testing for email sequences. For phone, track manually using split-test codes.

Split-Test Code System

Assign each prospect a variant code when they enter the sequence. Track it in Baserow.

Code Format	Meaning
First letter	Opener variant: A, B, C, D
Second digit	Email subject variant: 1, 2, 3
Example: B2	Opener B (Trigger Event) + Email Subject 2 (insight headline)

What to Test First (Priority Order)

Round	Variable	Variants	What You’re Measuring
1	Phone opener style	A: Permission-based (“27 seconds”) vs. B: “How have you been?” (Gong 6.6x) vs. C: Trigger event vs. D: Peer proof	Connect-to-conversation rate
2	Email subject line	1: “Quick question about [Company]” vs. 2: “[Name], [specific insight]” vs. 3: “[Compliance/regulation] at [Company]“	Open rate, reply rate
3	Voicemail vs. no voicemail	Leave VM vs. hang up and try again	Callback rate, connect rate on 2nd attempt
4	Call timing	8-10 AM vs. 10 AM-12 PM vs. 3-5 PM	Connect rate by time block
5	Sequence length	8-touch vs. 6-touch vs. 4-touch	Meeting book rate, cost per meeting

How to Use Apollo A/B Testing

Apollo Professional supports A/B testing on email steps within sequences:

In the sequence editor, click “Add variant” on any email step
Write variant A and variant B
Apollo randomly splits your prospects between variants
After 100+ sends per variant, check: open rate, reply rate, click rate
Pause the losing variant, keep the winner
Start testing a new variable

For phone scripts: Apollo doesn’t A/B test calls. Use the split-test code in Baserow. Alternate openers by day (Monday = Opener A, Tuesday = Opener B) and track connect-to-conversation rates.

18) AI-Native Automation Map

What AI Handles vs. What Dmitri Handles

Activity	AI Handles	Dmitri Handles	Automation %
Prospect research	Claude scrapes websites, LinkedIn profiles, news. Generates briefings with company summary, pain points, “I noticed” lines.	Reviews and approves briefings (2-3 min each).	85%
List building	Apollo filters + exports. Claude deduplicates, segments, formats.	Spot-checks quality, adjusts filters.	90%
Email drafting	Claude drafts sequences in Dmitri’s voice using templates + personalization data.	Reviews and tweaks first lines. Approves before sending.	80%
Email sending	Apollo sequences send automatically on schedule.	Nothing — fully automated after approval.	100%
Call prep	Claude generates prospect briefing cards: company, title, pain angle, opener suggestion.	Reviews the card. 30 seconds per prospect.	80%
The actual call	Nothing. The human voice IS the value.	Everything — opener, discovery, rapport, asking.	0%
Voicemail	Claude can draft VM scripts for unusual situations.	Records the voicemail.	10%
Post-call follow-up	Apollo triggers post-VM email automatically. Claude drafts custom follow-ups for warm conversations.	Reviews/sends custom follow-ups.	70%
LinkedIn engagement	Claude drafts connection notes, DMs, and comment text.	Copies/pastes and clicks Send (manual to avoid LinkedIn detection).	50%
CRM updates	Apollo syncs email/call data to Baserow via API/Zapier.	Adds call notes and qualitative updates manually.	50%
A/B analysis	Claude analyzes performance data, recommends which variants to keep/kill.	Makes the decision, updates sequences.	75%
Weekly review	Claude pulls metrics, generates summary report, flags anomalies.	Reviews report, makes strategic decisions.	60%

The AI Prep Workflow (Before Each Call Block)

This is the routine Claude runs to prepare your daily call list:

Pull today’s call tasks from Apollo sequences (prospects due for a phone touch)
For each prospect, generate a briefing card:
- Company name, size, industry
- Prospect name, title, LinkedIn URL
- What their company does (from website)
- Likely pain points based on vertical + size
- Any trigger events (recent news, job postings, funding, office moves)
- Suggested opener variant (from A/B test rotation)
- One “I noticed [specific thing]” line
Output as a markdown list or Baserow entries for Dmitri to review before calling
Estimated time: Claude generates 15-20 briefings in ~5 minutes. Dmitri reviews in ~10 minutes.

When Clay is added ($134/mo): Clay automates step 2 at scale by pulling from 100+ data sources simultaneously. It replaces the manual Claude research step with a fully automated enrichment pipeline. Worth adding once you’re consistently making 20+ calls/day.

Apollo AI Features (Included in Professional)

Your Professional plan includes two AI features worth using:

AI Composer (300,000 credits/month):

Generates personalized email copy for sequence steps
Feed it your templates from Section 13, and it personalizes per prospect using Apollo’s data
Best for: Tier 2/3 email personalization at volume (Tier 1 should still be hand-crafted or Claude-drafted)
Tip: Review the first 10-15 outputs to calibrate quality before trusting at scale

AI Research Credits (7,500/month):

Generates prospect and company research summaries directly in Apollo
Use for: Quick pre-call prep when Claude isn’t handy, or to supplement Claude briefings
Each research lookup costs 1 credit; at 15-25 calls/day, you’ll use ~375-625/month (well within budget)
Tip: Compare Apollo AI research output vs. Claude briefings for the first week. Use whichever gives you better “I noticed” lines for each vertical.

19) Compliance & Legal

CAN-SPAM (Cold Email)

CAN-SPAM operates on an opt-out basis — you CAN send commercial emails to business contacts without prior consent, IF you follow these rules:

Accurate headers: From name, reply-to address, and routing info must be accurate (Dmitri Sunshine, solanashq.com)
No deceptive subject lines: Subject must relate to email content
Identify as commercial: The message must be identifiable as an ad/solicitation (best practice: include in footer)
Physical address: Every email must include Solanasis’s physical business address
Clear unsubscribe: Include a visible, working unsubscribe link or mechanism
Honor opt-outs within 10 business days (Apollo handles this automatically if configured)
No purchased/harvested email lists without verification

Apollo compliance: Apollo sequences automatically include unsubscribe links and track opt-outs. Make sure this is enabled in your sequence settings.

TCPA (Cold Calling)

The Telephone Consumer Protection Act governs telemarketing calls:

B2B calls to business landlines: Generally exempt from most TCPA restrictions. This is your primary use case.
Cell phones: Stricter rules. No autodialed calls to cell phones without consent. Apollo’s click-to-call dialer is NOT an autodialer (you initiate each call), so it’s compliant for one-at-a-time dialing.
Do Not Call registry: Apollo automatically screens against the federal DNC registry (US, UK, Germany). Do NOT disable this.
Penalties: $500 + p er v i o l a t i o n p erc a ll, u pt o$ 1,500 for willful violations.
State DNC lists: Some states maintain their own lists. Colorado has a No-Call list — Apollo’s DNC screening covers it.

Your obligations:

Do NOT call numbers on the DNC list (Apollo handles screening)
Honor opt-out requests immediately. If someone says “don’t call again,” mark them as DNC in Apollo and Baserow.
Identify yourself immediately: “This is Dmitri from Solanasis” — no deception about who you are or why you’re calling
Call during business hours only: 8 AM - 9 PM in the prospect’s time zone (TCPA requirement)
Keep records of opt-outs — Apollo tracks these, but maintain your own list as backup

Attorney-Specific Rules

Do NOT use the word “specialist” unless you hold a relevant certification (some state bars prohibit this)
Do NOT claim specific state cybersecurity mandates that don’t exist — see Estate Attorney Kit for detailed “What NOT to Claim” guidance
DO cite ABA Model Rules 1.6(c) and 1.1 — these are nationwide model rules adopted in Colorado
Be aware of attorney advertising rules — cold calls to attorneys about a business service (not legal representation) are generally fine, but vary by state

Separate Domain Rules

From the Manual Cold Outreach Cheat Sheet:

Domain	Purpose	Volume
solanasis.com	Warm replies, relationship emails, invoices	Low — never cold outreach
solanashq.com	ALL cold outreach	25-50/day (warming); 50+/day (fully warm)

When solanashq.com is fully warm, ALL cold sends go through it
solanasis.com stays clean for relationship/transactional email
Never mix: don’t CC/BCC between domains, don’t forward cold threads between domains
If a prospect replies to a solanashq.com email, continue that thread from solanashq.com

Record-Keeping Checklist

Maintain DNC/opt-out list in both Apollo and Baserow
Log all call outcomes (Apollo recording + Baserow notes)
Keep email opt-out records for at least 3 years
Document your CAN-SPAM compliance process (this section counts)
If you get a TCPA complaint, pause all calling to that area code and investigate

Quick Reference: What to Have Open During Calls

This playbook — script section for the vertical you’re calling
Call Pricing Cheat Sheet — pricing, objection handling for pricing questions
Apollo — prospect profile + dialer
Baserow — pipeline tracker for logging outcomes
Calendar — for booking meetings in real-time (“How about next Tuesday at 2?“)

Appendix: Key Stats for Quick Reference

Keep these memorized — they’re your ammunition on calls:

Stat	Source	When to Use
Cold calling effectiveness ~4.8% (doubled since 2022)	Leads at Scale	Internal confidence — this works
50-60% of B2B buyers prefer phone contact	Cognism 2026	When you doubt whether to pick up the phone
287% higher response rates with multi-channel	Launch Leads	When choosing email-only vs. multi-channel
8 call attempts average to connect	Close.com	When you want to give up after 2 tries
80% of sales happen after the 5th contact	Sales benchmark data	When the follow-up feels like too much
66% of law firms lack incident response plans	ABA TechReport 2023	Attorney calls
$3.31M average breach cost (under 500 employees)	IBM/Ponemon	SMB calls
Blackbaud breach: 13,000 nonprofits, $56M settlements	Public record	Foundation calls
Majority of restore tests fail on first attempt	Industry experience (source this to a named study when available)	Universal — any vertical
~ $137 -$ 427/minute cost of downtime for SMBs	Ponemon/Gartner	SMB calls — makes the math tangible
80% of cyber incidents hit companies under 1,000 employees	Verizon DBIR	When they say “we’re too small"
"How have you been?” opener: 6.6x success rate	Gong (90,380 calls)	A/B testing opener variants
Successful cold calls average 5:50, unsuccessful 3:14	Gong (90,380 calls)	Self-check: are your calls long enough?
294,138 identity theft tax returns in 2023	GAO-24-105291	CPA calls
FTC Safeguards Rule penalties: up to $100K/violation	FTC Act Section 5	CPA calls
CMMC 2.0 Phase 2: November 10, 2026	DoD CMMC Program	SMBs with DoD contracts
Firms that abandoned cold calling: 42% lower growth	Close.com	Internal motivation

Last updated: 2026-03-24 Next review: 2026-04-14 (after 3 weeks of execution — enough data to evaluate A/B tests) Change log:

v1.0 (2026-03-24): Initial playbook created. Consolidated research from 70+ sources + 50 existing Solanasis docs.

v1.1 (2026-03-24): Senior review applied. Added CPA vertical (Section 9), “How have you been?” opener (Gong 6.6x), Apollo Plays examples, no-show protocol, MSP partnership angle, broker lead source, contract renewal triggers, video message for Tier 1, Apollo AI features, framework heritage note, call duration benchmarks, CPA objections/voicemail/gatekeeper/email. Fixed CMMC date (Nov 10, 2026). Renumbered sections 10-19.

v1.2 (2026-03-24): Thought leader integration. Added Jeb Blount’s 5-step framework and Ledge-Disrupt-Ask objection technique. Integrated Gong data on opener performance, talk-to-listen ratio, voicemail ROI, and phrases to avoid. Added “Heard the name tossed around” opener (Gong 11.24%). Added Golden Hours/Platinum Hours, tonality guidance, warm-up calls, “one more call” rule. Created companion doc: cold-call-script-cheat-sheets.md (Blount, Gong, Voss, Miner, Bay, Holland frameworks).

Solanasis Docs

Explorer

solanasis-cold-calling-outbound-master-playbook-2026

Solanasis — Cold Calling & Outbound Master Playbook

Table of Contents

1) Philosophy & Why Cold Calling in 2026

The Data Says Pick Up the Phone

Why This Works for Solanasis Specifically

The Channel Hierarchy

2) Apollo.io Professional Setup Guide

Plan: Professional — $99/month (monthly billing)

Setup Checklist

Apollo Filters by Vertical

Credit Strategy

3) Full Tool Stack & Monthly Budget

Current Stack

Top 3 Email Warmup Tools

Growth Additions (When Revenue Allows)

How It All Connects

4) Prospect Targeting by Vertical

Attorneys — Estate Planning Firms

Foundations — Private Foundations 5M−50M

SMBs — Sensitive-Data Verticals

5) Multi-Channel Sequence Blueprints

How to Assign Prospects to Tiers

Tier 1: High-Value Targets (8 touches / 25 days)

Tier 2: Medium-Value Targets (6 touches / 16 days)

Tier 3: Volume Targets (3-step automated email)

Sequence Timing Rules

Cold Call Scripts — Universal Elements

If They Ask “What’s Solanasis?”

When Someone Answers Unexpectedly

Warm Callback Script

Referral Ask (When “Not Interested”)

6) Cold Call Scripts — Attorneys

The Framework

Full Attorney Script

Attorney Language Translation Table

Alternate Attorney Openers (A/B Test These)

7) Cold Call Scripts — Foundations

Full Foundation Script

Alternate Foundation Openers (A/B Test These)

Foundation-Specific Pain Points (Quick Reference)

8) Cold Call Scripts — SMBs

Full SMB Script

Alternate SMB Openers

9) Cold Call Scripts — CPAs

Why CPAs Are the Hottest Vertical Right Now

ICP

Best Calling Times

Where to Find Them

Full CPA Script

CPA Language Translation Table

Alternate CPA Openers (A/B Test These)

10) Voicemail Scripts

Rules for Voicemails

Attorney Voicemail

Foundation Voicemail

CPA Voicemail

SMB Voicemail

Second Voicemail (All Verticals — More Direct)

11) Gatekeeper Strategies

Core Philosophy

Strategies by Vertical

Universal Gatekeeper Rules

12) Objection Handling Bank

How to Use This Section

Universal Objections (All Verticals)

Attorney-Specific Objections

Foundation-Specific Objections

CPA-Specific Objections

SMB-Specific Objections

13) Email Templates (Integrated with Calls)

Pre-Call Warm-Up Email (Day 1 — Before First Call)

Post-Voicemail Follow-Up Email (Same Day as VM)

Value-Add Follow-Up (Day 7)

Breakup Email (Final Touch)

14) LinkedIn Integration with Cold Calling

The LinkedIn-Phone Amplification Loop

What Claude Can Do (From AI-Native Playbook)

Foundations — Private Foundations $5 M -$ 50M