# outtake / approach
# for steve p, by carl

We sold the perimeter at Cloudflare. The fight already moved past it.

The attack vectors that matter now, brand, executives, domains, do not touch the firewall, the endpoint, or the SIEM. They live in the space between the stack and the customer's trust. That space is the territory. Here is the campaign I would run against it, to establish the Digital Trust Platform as the standard.

// 01 the hook

The stack we used to sell can't see this fight.

We saw this at Cloudflare with bad actors impersonating Credit Union sites at scale well before AI. None of it crossed a WAF or an endpoint. A cloned site on a lookalike domain harvests a member's credentials before a single packet reaches the real bank's edge.

We sold the perimeter to CISOs for years, so I know exactly where it ends. This is the first thing past it I would want to carry. But a category this new is not won on the product alone. It's won on the carefully crafted outbound and getting in front of the right exec while the pain is live.

I lead outbound like PLG at Cloudflare. Instead of searching company zones in NinjaPanel, we lead with deep recon with the customer surfacing their pain.

So that is what I built below: the campaign I would run.

// 02 the campaign

How I would actually hunt this. Fast, recon led, inside the window.

A category this new is not won via RFP, and even less so via inbound until the problem is already too prevalent. Crisis compresses buying timelines, and the orgs that act before the crisis are the exception. The question: how can you identify the crisis before it's an accelerant? Trigger to watch for and be proactive to reach out within 72 hours. Strategically outbound while the pain is live.

Lead with their own fakes, not a pitch. Before the first email, build a thesis around doing deep research using the platform's agents and OSINT resources available: PII leaks, known data breaches. Scan for prospect's brand and exec list and open with what is live against them right now: the lookalike domains, cloned exec profiles, fraudulent ads that their current process missed. The exposure is the opener and the initial hook. This leads us as the initial basis for leading deep disco on first call.
Build a trigger watchlist. Capitalize on events of peak publicity. Track the events that spike impersonation inside a 72-hour window i.e. viral trends, consumer scams, platform glitches, AI product launches, exec media hits, and marquee sponsorships.
Work the warm channel. Network sell via Iconiq & CRV. Leverage the prominent angel investors where we can (Satya, Ackman, Nikesh Arora, Shyam Sankar, etc) as network connection to the F500 CISO list. I would run a parallel warm intro motion against the top named accounts and treat it as a channel.
Sell with peer proof with emphasis on the Key Pain Metrics behind it. AppLovin 120 takedowns in 2 months, 10x faster than the legacy provider. Cash App $2M in fraud losses, 22 reporting hours saved per incident. Numbers a CISO can take to a CFO with compelling ROI justification and that even have board implications.
Beat the status quo, not a logo. The competition is the manual queue and the in-house "we've got it handled." The win is convincing the exec that analyst hours and slow takedowns are the real cost. "You are paying for people to chase this by hand. The scams moved faster than a queue can clear." End of the day, we lead with the a similar Cloudflare Platform story, but not for consolidating point solutions: we position the consolidated agent platform that drives real outcomes with saving time, money and resources.

recon-scan : pre-call, illustrative

$ scan --target acme-pay.com --surfaces all

scanning domains, social, ads, app stores, dark web ...

> 6 lookalike domains registered in the last 30 days

> 11 impersonation accounts across TikTok, X, Telegram

> 3 fraudulent ad creatives live right now

> 1 cloned support page harvesting logins

done in 38s :: current vendor flagged 0 of the video assets

Illustrative output, real workflow. I run scans like this against my own target list before any first call.

applovin :: 120 takedowns / 2 mo :: 10x faster than legacy :: 3x faster reviews cash app :: $2M / 48 hr blind spot :: 3.5M reviewed / 3 mo :: 22 hrs saved / incident

// 03 why this works

The outbound comes straight out of how the product works.

Enable the platform to create its own opportunity and first move pointed at a prospect instead of an adversary. Outtake runs every threat through three agents, and each stage maps to a step in the cycle.

SEARCH →

the opener. The agent that maps a threat and its infrastructure is the same move I run precall to surface a prospect's live exposure. The findings are the reason they take the meeting.

TRIAGE →

the qualifier. Volume, surfaces, and who is being targeted tell me whether this is real budget or a nice to have, and which exec owns the pain. That read shapes who I bring into the room and what the first call is about.

REMEDIATE →

the promise. The meeting lands on the outcome, not features: the network comes down at machine speed, not after a queue clears. Time-to-takedown and analyst hours recovered are the numbers an exec signs against.

I do not need to learn the workflow on the job. Understanding it is how I source the meeting in the first place.

// 04 the map

Where I'd point it first.

[01]

Money movement platforms

The asset is a user base that moves funds or credentials, so fraud converts directly to cash. neobanks, P2P payments. High value target because the loss is most quantifiable.

proof: Cash App targets: Coinbase, Robinhood, SoFi, Affirm

[02]

High Support consumer brands

Any company with heavy inbound support, especially over social and chat, is a target because scammers can pose as support and intercept. Fintech, telco, airlines, retail, anything with a help desk people DM.

proof: Cash App targets: Delta, United, Verizon, Best Buy, Chewy

[03]

Consumer and Retail with mass social reach

Constant promotions and giveaways get cloned at scale. High volume, repeatable, fast to land.

targets: Starbucks, McDonald's, Wendy's, Target, Sephora

[04]

Adjacent: AI labs and AI infrastructure

Every AI-themed scam borrows a foundation model's logo. The Recon Agent partnership is a real channel here, even if the cycle skews technical.

proof: OpenAI, Anthropic targets: frontier labs, AI infra and data security, brands mimicked in AI investment scams

// 05 why me

A category creator needs the right technical evangelist.

Someone who can sell the idea before the market has language for it. That is how I have always sold: technically, and to the specific buyer in front of me. I did both at Cloudflare.

The threat landscape evolved with AI. So did I. I live in the AI stack now, not next to it. I build my own agents with Claude Code and Openclaw, and being AI-native is a real edge on pipeline generation at scale, which is exactly the problem a category creator has to solve early.

You know how I run a cycle. I build trust, find the right champion, and multi-thread across stakeholders until the deal has its own momentum. What is new is how much of that I now do before the first call.

I'm looking to build in my next role, and help shape the winning playbook, not inherit one. We helped build a better Internet at Cloudflare. I would like to do it again, and help make Outtake the trust layer the modern internet runs on.

That's the approach. Would love to get your thoughts on it when you have time.