Sales & Marketing Playbook · 2025

Product-by-Product
Go-to-Market Guide

For each product: who buys it, what triggers the pain, what we say to get a demo, and what the demo has to prove.

6 Products US · UAE Markets Remote Delivery Confidential
3 Active Modules — tap to switch
01 / 03
QualifyAI · Validate
Pharma CQV Automation
02 / 03
Procure·AI / DPS
Vendor Procurement
03 / 03
Teach
AI Internal Training
Buyer Persona QualifyAI · Validate

Who buys this

  • VP Quality / Head of QA — owns CQV timelines, under FDA/EMA audit pressure, measured on batch release speed
  • Head of Validation — drowning in IQ/OQ/PQ documentation cycles, paper-based or semi-manual
  • Director of Digital Transformation — mandate to automate GxP processes, limited internal AI capability
Company Profile
  • Mid-large pharma, biotech, or CDMO: 500–20k employees
  • Runs multiple validation protocols per year — equipment, software, cleaning, process
  • US (FDA) or EU (EMA) regulated; inspection history is a pressure point
  • Reference: Novartis-style QA org — dedicated QA team, existing DMS/eQMS
Buying Triggers

What creates urgency

FDA warning letter or 483 observation New equipment validation backlog GxP software rollout (SAP, Veeva) New VP QA hired — 90-day mandate Audit failed on documentation traceability Lab expansion or site build-out
Pain in plain language
  • CQV protocols take weeks to write; errors delay batch release by months
  • QA teams spend 60%+ of time on documentation, not actual quality work
  • Every inspection requires assembling evidence from 3+ systems manually
Outreach — Cold LinkedIn / Email
"Your CQV timeline is your release timeline. Most pharma QA teams are writing protocols the same way they did in 2005."
Hi [Name] — validation protocol cycles at [Company] typically take [X] weeks per system. That's before any redline review, deviation, or re-execution. QualifyAI cuts protocol generation from weeks to hours, with full audit trail and FDA 21 CFR Part 11 compliance baked in. We're working with QA orgs like Novartis where the same validation team handles 3x the protocol volume without additional headcount.

Worth 20 minutes to show you what automated IQ/OQ/PQ generation looks like in your environment?
CTA: "Book a 20-min QA workflow audit — we'll map where your team is losing the most time."
Demo / POC Goal
Show live protocol generation: input equipment specs → output compliant IQ/OQ/PQ draft in under 5 minutes. Prove audit trail. POC: validate one real protocol from their current backlog. Success = QA lead says "this would have taken us 3 weeks." Converts to module license + implementation retainer.
Buyer Persona Procure·AI / DPS

Who buys this

  • CPO / Head of Procurement — owns supplier onboarding speed and DPS compliance; measured on cycle time and cost savings
  • Head of Supply Chain — managing vendor risk, multi-tier supplier vetting, approval bottlenecks
  • CFO / COO — sees procurement as cost center; wants automated approvals and spend visibility
Company Profile
  • Enterprise or public sector with formal procurement frameworks (DPS, EU public procurement)
  • Runs 50+ vendor onboardings per year or manages multi-supplier contracts
  • UAE government or hospital procurement (Sidra Medicine archetype)
Buying Triggers

What creates urgency

DPS framework deadline Supplier audit failure New CPO / procurement leadership ERP/SAP Ariba rollout stalled Manual RFQ process causing deal slippage
Pain in plain language
  • Supplier vetting takes 4–8 weeks; approvals sit in email chains
  • DPS calls-off require manual document collation across departments
  • No real-time supplier risk scoring — everything is reactive
Outreach — Cold Email / LinkedIn
"Your procurement cycle is longer than your competitors' product launch cycle. That gap is a strategic risk."
Hi [Name] — most procurement teams at [Company's scale] are running DPS processes and supplier vetting on a combination of spreadsheets and email. Procure·AI automates the entire intake-to-approval workflow: supplier qualification scoring, document verification, DPS call-off generation, and audit trail — in one system.

We ran this for Sidra Medicine's procurement org. Happy to show you a 30-minute walkthrough of the live system.
CTA: "30-min live demo — bring your procurement lead and we'll run a real scenario."
Demo / POC Goal
Full supplier onboarding cycle: intake form → AI qualification scoring → document check → approval routing → audit-ready output. POC: run one of their live supplier onboardings through the system. Success: cycle time reduction from weeks to days. Converts to Procure·AI module license + 3-month onboarding retainer.
Buyer Persona Teach — AI Internal Training

Who buys this

  • Chief People Officer / CHRO — owns internal capability building; under pressure to show AI upskilling outcomes, not just licence spend
  • Head of L&D / Learning Director — frustrated by generic LMS content employees ignore
  • Head of Quality / Regulatory Affairs — needs SOPs and compliance training to be current, accessible, and auditable
  • CIO / Digital Transformation Lead — wants AI embedded in how employees learn
Company Profile
  • 500–10,000 employees; regulated sector or enterprise knowledge-intensive org
  • Has existing LMS — Teach augments, not replaces
  • High volume of SOPs, policies, compliance documents employees must stay current with
Buying Triggers

What creates urgency

Audit: employees not trained on current SOP version New GxP / ISO requirement for documented training evidence LMS content stale — policy updates take weeks to propagate Onboarding in regulated roles exceeds 90 days High turnover — institutional knowledge leaving AI upskilling mandate from C-suite
Pain in plain language
  • Employees can't find the right SOP version — they ask colleagues or guess
  • L&D teams spend months building courses from documents AI can convert in hours
  • Training completion evidence required for audits — most LMS systems produce compliance theatre
Outreach — Cold / Warm (existing KL clients)
"Your SOPs are written. Your team isn't trained on them. That gap is an audit finding waiting to happen."
Hi [Name] — documentation is updated faster than training content can follow. When an auditor asks "how do you ensure employees are trained on the current version of SOP-043?", the honest answer is usually "we send an email and hope."

Teach connects to your existing knowledge base — SOPs, policies, compliance documents — and converts them into interactive training modules with full audit trail. Updates to source documents propagate to training content automatically.

For existing Knowledge Layer clients: Teach turns the same structured knowledge into employee-facing training without a separate implementation.
CTA: "30-min demo — we'll convert one of your actual SOPs into a live Teach module during the call."
Demo / POC Goal
Take one of their real SOPs, run it through Teach live — output a structured training module with learning objectives, knowledge checks, and completion tracking in under 5 minutes. POC: convert 5 SOPs, run with pilot group of 10–20 employees, measure completion rate vs. LMS baseline. Success = 3x LMS completion rate. Converts to Teach module license, typically bundled with Validate or Procure·AI.
3 Verticals — tap to switch
01 / 03
SaaS EU Entry
US SaaS into Europe
02 / 03
TPRM
Third-Party Risk
03 / 03
M&A Buy-Side
Acquisition Diligence
Buyer Persona SaaS EU Entry

Who buys this

  • VP Sales / CRO — losing EU enterprise deals at security review; compliance is a revenue blocker
  • General Counsel / CCO — legally exposed once EU customers sign; needs defensible GDPR, NIS2, EU AI Act posture
  • CTO / CISO — knows SOC 2 doesn't map to EU frameworks; needs technical gap analysis before first EU deal closes
Ideal Company
  • US SaaS, Series B–D, 100–2,000 employees, EU pipeline or first EU customers signed
  • FinTech (DORA), HealthTech (GDPR + MDR), HR Tech, B2B SaaS selling to regulated EU enterprises
  • Has SOC 2 Type II — believes this covers EU requirements. It does not.
  • EU deals stalling at security questionnaire / legal review stage
Buying Triggers

What creates urgency

EU enterprise deal lost — security review cited EU procurement sends 80-question security questionnaire GDPR DPA request from EU customer EU AI Act: product uses AI, processes EU data → high-risk DORA enforcement — FinTech EU clients demanding ICT risk docs New CRO hired — EU revenue is Q1 target
Pain in plain language
  • EU enterprise procurement won't sign until they have DPA, DPIA, and EU AI Act risk assessment
  • SOC 2 Type II answers 0 of 12 standard EU GDPR vendor assessment questions
  • EU legal counsel costs €400–800/hour — CyberPass delivers the same in 3 weeks
Outreach — Cold to CRO / VP Sales
"You're not losing that EU deal to a competitor. You're losing it to a compliance checklist your sales team can't answer."
Hi [Name] — if [Company] has enterprise prospects in Germany, France, or the Netherlands, their procurement teams require a GDPR-compliant DPA, a Data Protection Impact Assessment, and EU AI Act risk documentation before any vendor reaches legal review.

CyberPass builds your EU compliance pack in 3 weeks: every document EU procurement asks for, maintained as regulations update. Our clients cut EU deal security review time from 3 months to under 3 weeks.

Tell me one EU deal that's stalled right now — I'll tell you exactly which document is missing.
CTA: "20-min call — bring one stalled EU deal, we'll diagnose the compliance gap live."
Demo / POC Goal
Show a completed EU Compliance Pack side-by-side with a real EU security questionnaire they've received — demonstrate which questions their current SOC 2 doesn't answer. WOW moment: showing 60–70% of the questionnaire is currently unanswered. POC = produce draft EU Compliance Pack in 5 business days. Success = deal moves. Converts to CyberPass annual subscription + DPO-as-a-Service retainer.
Buyer Persona TPRM

Who buys this

  • Head of Third-Party Risk / Vendor Risk Manager — doing this manually with spreadsheets; buried in vendor questionnaires they can't keep up with
  • Chief Procurement Officer — under pressure to vet vendors faster without reducing risk standards
  • CISO — legally required under NIS2 and DORA to assess and document third-party ICT risk
  • DPO / CCO — GDPR Article 28 requires documented processor assessments for every vendor
Ideal Company
  • EU-regulated enterprise (financial services, healthcare, energy) with 50+ active vendors
  • DORA-regulated financial entities — ICT third-party risk register is a legal requirement
  • Large enterprise with vendor onboarding bottleneck: 6–12 weeks to clear compliance review
Buying Triggers

What creates urgency

DORA Article 28 — ICT third-party risk register required NIS2 supply chain security obligations GDPR Article 28 audit — processor assessments incomplete Regulator request: produce vendor risk register within 30 days Supply chain incident at sector peer Vendor onboarding backlog — 40+ vendors pending
Pain in plain language
  • DORA requires a real-time ICT third-party risk register — most institutions have a spreadsheet last updated 6 months ago
  • GDPR Article 28 assessments legally required for every vendor touching EU personal data
  • Manual questionnaire processes take 6–8 weeks per vendor — at 50+ vendors, it never catches up
Outreach — Cold to Head of Vendor Risk / CISO
"DORA Article 28 went live in January. Your ICT third-party risk register needs to exist — not be in progress."
Hi [Name] — DORA requires your institution to maintain a documented ICT third-party risk register for every critical ICT vendor. From January 2025, your regulator can request this register at any time. Most institutions I speak to have a spreadsheet covering 30% of their vendor estate, last updated six months ago.

CyberPass automates the third-party risk assessment cycle: vendor questionnaire dispatch, EU-framework-aligned scoring (DORA, NIS2, GDPR Article 28), risk register generation, and continuous monitoring when vendor certifications expire.
CTA: "30-min demo — we'll build a sample vendor risk register from your top 10 suppliers live on the call."
Demo / POC Goal
Import 10 real vendors → dispatch automated assessments → score against DORA/NIS2/GDPR criteria → generate risk register with RAG ratings. Key moment: show risk register in a format that could be handed to a regulator today. POC = assessments on their 20 highest-risk vendors over 4 weeks. Success = "this is what our regulator expects." Converts to CyberPass TPRM subscription + DPO-as-a-Service.
Buyer Persona M&A Buy-Side

Who buys this

  • PE Deal Partner / Investment Director — needs EU compliance gap analysis within the diligence window (4–8 weeks)
  • PE Operating Partner — post-close, responsible for remediating compliance gaps; needs a structured programme
  • Corporate M&A / Chief Strategy Officer — buying a European SaaS; needs to quantify GDPR, NIS2, EU AI Act exposure before signing
  • Transaction Legal Counsel — needs technical EU compliance assessment for representations and warranties
Ideal Situation
  • PE fund or corporate acquirer buying European tech/SaaS or a US company with significant EU revenue
  • Target processes EU personal data, operates critical infrastructure, or has AI-powered products
  • Deal size €20M–€500M — regulatory liability is material to valuation
  • Diligence window open — standard legal/financial diligence underway, EU regulatory risk unquantified
Buying Triggers

What creates urgency

LOI signed — diligence window open Target operates in EU or processes EU personal data Target has AI-powered product — EU AI Act classification risk Previous acquisition had post-close GDPR surprises R&W insurer requiring EU compliance assessment Target in financial services — DORA compliance is binary
Pain in plain language
  • Standard M&A diligence does not cover EU regulatory compliance — legal teams review contracts, not GDPR frameworks
  • GDPR enforcement can be 4% of global annual turnover — on a €100M acquisition, that's €4M+ undisclosed liability
  • Post-close remediation of EU compliance gaps costs 3–5x more than pre-close identification
Outreach — Cold to PE Deal Partner / M&A Counsel
"EU regulatory exposure doesn't show up in the data room. It shows up in the first post-close audit."
Hi [Name] — for any acquisition with EU personal data processing, AI-powered products, or NIS2-covered operations, standard legal diligence leaves a significant blind spot: EU regulatory compliance posture. A GDPR enforcement action at 4% of global turnover, or an EU AI Act violation at 6%, are liabilities that won't appear in financial statements.

CyberPass delivers an EU Compliance Diligence Report in 3–4 weeks: structured assessment of GDPR accountability, NIS2 security measures, DORA obligations, and EU AI Act risk classification — with a quantified liability exposure range and post-close remediation roadmap.
CTA: "30-min scoping call — tell us the deal sector and EU footprint, we'll outline the assessment scope and timeline."
Demo / POC Goal
No formal demo — this is a diligence services sale. First call = scoping session: take the target's sector, EU data processing description, AI product usage → output a 1-page preliminary risk profile. That 1-pager is the hook. Engagement: Phase 1 (2 weeks, gap assessment, €8–15K) → Phase 2 (liability quantification + remediation roadmap, €5–8K) → optional Phase 3 (post-close programme, retainer). Total: €15–35K per acquisition. Converts to preferred diligence partner relationship with the fund.
Who We're Selling To — OEM Buyer, Not End Operator

This is a technology licensing sale, not an enterprise security sale

  • VP Product Security / Product Line CTO at an industrial OEM — owns the EU CRA compliance roadmap; measured on whether products ship with CRA-compliant identity before 2027
  • CTO / VP Engineering at a mid-size IoT OEM (SALTO archetype) — evaluates the SDK; decides build vs. licence
  • Head of Product Management — responsible for time-to-market; knows a 2–3 year internal build won't make the 2027 deadline
Target OEM Profile — Priority Order
  • SALTO Systems (Priority 1) — €200M revenue, 50M+ connected access control devices, Spain. CTO reachable directly. 6–9 month sales cycle. Win here first.
  • Siemens Digital Industries / Building Tech (Priority 2) — SIMATIC controllers and Desigo systems, 100M+ deployed devices needing CRA compliance. 12–24 month cycle. Use SALTO as leverage.
  • Bosch Rexroth / Bosch Building Tech (Priority 3) — industrial drives and access control. Similar cycle to Siemens.
Buying Triggers

The forcing function is regulatory — EU Cyber Resilience Act 2027

EU CRA 2027 — mandatory cryptographic device identity for all connected devices CRA Article 10/11/13 — authenticated update mechanisms required Enterprise customers asking OEM to prove device identity now Internal R&D timeline won't deliver — 2–3 year build vs. 2027 Competitor OEM announced CRA compliance roadmap
Pain in plain language
  • EU CRA requires every connected device sold in EU to have cryptographic device identity by 2027 — or face market exclusion
  • An OEM building this internally needs 2–3 years and €5–15M — most don't have either the timeline or specialist headcount
  • Cloud-dependent PKI (Keyfactor, DigiCert) is disqualified for OT-adjacent devices — Ixian works offline
Outreach — Cold to OEM Product Security PM or CTO
"Your 2027 CRA deadline is real. Your internal build timeline probably isn't going to make it."
Hi [Name] — EU Cyber Resilience Act Article 10–13 requires cryptographic device identity and authenticated update mechanisms for every connected device by 2027. Building this from scratch is a 2–3 year project. Your deadline is roughly 24 months away.

We've built a production-ready machine identity SDK (Ixian) that integrates into existing embedded firmware — works offline, no cloud dependency, MISRA-C compliant for industrial targets. A firmware engineer can have a working enrollment demo in under a week from our integration guide. We license it to OEMs — one agreement, you ship compliance across your entire device portfolio.

We're selectively approaching 3–4 OEM partners. Worth 30 minutes to see if the integration path makes sense for [Company]'s device roadmap?
CTA: "30-min technical evaluation — SDK and CRA compliance mapping for your device category."
Warm Outreach — Post Embedded World / Hannover Messe
"Good to meet at [Event] — here's the integration brief we discussed."
Hi [Name] — as we discussed, the CRA device identity requirement is creating the most internal debate at OEMs right now — build vs. licence vs. wait and see.

I'm attaching our OEM integration brief: a 2-page technical summary of how Ixian maps to CRA Articles 10–13, plus a reference implementation for an access control gateway (STM32 target) you can evaluate without any setup. If your firmware team wants a sandboxed evaluation, we can have an NDA and SDK package over within 48 hours.
CTA: "Share the brief with your firmware lead — technical call whenever they're ready."
Demo / POC Goal — two gates to clear
Engineering gate: OEM firmware engineer integrates Ixian SDK using only our guide — no verbal support for first 2 days. Success = working device enrollment demo in under 5 days. The engineer says "this is cleaner than what we would build internally."

PM gate: The CRA compliance mapping document (Ixian SDK → CRA Articles 10–13) gets forwarded by the OEM product manager to their legal team without modification.

POC structure: NDA → SDK access → sandboxed integration test (2 weeks) → joint technical review → LOI. SALTO: LOI by month 6–9. Siemens/Bosch: LOI by month 12–18. Revenue: annual SDK licence + per-device royalty. SALTO Y1: €150–300K. Siemens/Bosch Y1: €500K–€5M.
Channel Strategy
  • Embedded World (Nuremberg, March) — most important event. Attend, don't exhibit. Engineer 3 specific conversations with target contacts identified in advance
  • SALTO direct visit — SALTO HQ in Vitoria-Gasteiz, Spain. A direct visit beats 3 months of LinkedIn
  • LinkedIn — engineer-to-engineer — target VP Product Security, Head of Embedded Security, CTO at each OEM. Engage with their CRA posts before any DM
  • Chip vendor co-marketing — STMicro and NXP partner programmes. Listed as "STM32-compatible Ixian solution" puts Cryptera in front of every OEM starting a CRA project
Buyer Persona

Who buys this

  • CTO / VP Engineering — roadmap full of AI features, no engineers to build them. Hiring is expensive and slow. Wants output, not overhead
  • CEO / Co-Founder (Series A–B) — personally feels the AI talent gap; competitors shipping AI features while their team is still scoping
  • Head of Product — AI features on the roadmap for 2 quarters; engineering keeps deprioritising
Ideal Company
  • US-headquartered SaaS or tech company, Series A–C, 20–200 employees
  • Has a software engineering team but no dedicated AI/ML engineers
  • Needs: workflow automation, LLM integration, agent development, RAG pipelines, API orchestration
  • Monthly ARR $500k–$10M — can afford a retainer, cannot afford a $400k AI engineering hire
Buying Triggers

What creates urgency

Competitor launched AI feature — board pressure Failed AI hire — too expensive New funding round — AI roadmap is board commitment Customer RFP requires AI capability not yet built CTO wants POC in 30 days — team can't deliver
Pain in plain language
  • AI engineering talent costs $200k–$400k/year and takes 3–6 months to hire — retainer is cheaper and instant
  • Most engineering teams can call the OpenAI API but cannot architect production-grade AI systems
  • Consultancies charge for thinking; CyberAutomate charges for shipping
Outreach — Cold LinkedIn / Email to CTO
"Your AI roadmap is real. Your AI engineering capacity isn't. That gap compounds every sprint."
Hi [Name] — [Company] has [X] AI features on the roadmap. Most engineering teams at your stage have the same problem: everyone can call the OpenAI API; almost no one can architect production-grade agents, RAG pipelines, or workflow automation that actually ships and stays live.

CyberAutomate is an embedded AI engineering team on a monthly retainer. We work inside your stack, your sprint, your GitHub — not as consultants who deliver decks. Reference: we've shipped LLM-powered validation automation for Novartis and procurement agents for Sidra Medicine. Both from retainer to production in under 8 weeks.

Worth a 25-minute call to scope what we could ship for you in 30 days?
CTA: "25-min scoping call — we'll tell you what we'd ship in your first month, no pitch deck."
Demo / POC Goal
No formal demo — this is a capability sell. The goal of the first call is to scope one concrete deliverable we can build in 30 days for a fixed retainer. Come in with a prepared "30-day sprint" concept relevant to their stack and roadmap. If they agree to a scoping session, we've won — the POC is the first month of work. Converts to a 3–12 month embedded AI engineering retainer ($8k–$25k/month).
Positioning vs. Alternatives
  • vs. Hiring: No 6-month search, no equity, no $350k salary. Start in 2 weeks, pause or scale monthly
  • vs. Big consultancies: We ship code, not slides. Direct access to the engineers doing the work
  • vs. Upwork/freelancers: Coordinated team with AI architecture expertise. We own the outcome
Buyer Persona — Shipyard / New Build

Who buys this

  • Head of Electrical / Systems Integration at Shipyard — specifying and commissioning all onboard systems; currently stitching together 4–6 separate vendor systems with no unified interface
  • Naval Architect / Project Manager — system integration delays are a primary source of schedule and budget overrun
  • Yacht Brand Owner / CEO — wants a differentiated product that carries their brand into the owner experience; generic SCADA-style interfaces are a brand liability on a €5M+ vessel
  • Owner's Representative — sophisticated HNWI buyer's agent who specifies technology requirements before keel-laying
Ideal Project Profile
  • Custom or semi-custom build, 30m–80m, price point €3M–€50M
  • Shipyard or builder in EU (Italy, Netherlands, Croatia, Slovenia, Turkey) or UAE
  • Currently specifying 3+ separate system vendors — integration problem already visible in schedule
  • Owner wants brand-consistent UI and remote monitoring as a deliverable, not a nice-to-have
Buying Triggers

What creates urgency

New build programme signed — systems spec not yet locked Owner complained about previous yacht's interface complexity Shipyard lost sale to competitor offering smarter experience Charter operation requiring remote diagnostics Previous integration project ran 3+ months over schedule Shipyard expanding into superyacht segment
Pain in plain language
  • A 40m yacht typically has 5–7 separate control systems from different vendors — lighting, HVAC, AV, navigation, engine monitoring, security. The owner gets 6 iPads and a manual. That is a €10M product with a €500 user experience.
  • Integration between systems is always manual, always late, always the source of the last 10% of build programme delay and cost overrun
  • Shipyards have no differentiated technology story — Verne gives them one
Outreach — Cold to Shipyard PM or Head of Electrical
"Your next build has six system vendors. Your owner will have six apps. That's a €10M yacht with a €500 user experience."
Hi [Name] — on a typical 40m+ build, the electrical and systems integration phase accounts for 15–20% of budget and a disproportionate share of schedule overrun — because Crestron, KNX, Raymarine, DALI, and the HVAC vendor were never designed to talk to each other.

Verne Marine replaces the multi-vendor integration layer with a single platform connecting directly to all onboard systems — NMEA 2000, Modbus, CAN bus, BACnet, DALI — surfaced in one custom-branded app for owner, captain, and engineer. Marine-certified, RINA/DNV-ready, full source code ownership for the client. No lock-in.

We're working with shipyards across the Adriatic and Mediterranean. Worth a 30-minute call to walk through how Verne would integrate with your current systems spec?
CTA: "30-min technical walkthrough — share your current systems list and we'll map the Verne integration against it."
Demo / POC Goal
Live walkthrough of the Verne app on a reference vessel — owner interface (scenes, climate, navigation status, security feeds), captain interface (systems status, engine telemetry, alerts), engineer interface (diagnostics, maintenance logs). Key demo moment: show a single "Arrival" scene activating lighting, HVAC preset, gangway, and welcome music simultaneously — that one moment sells the concept to anyone who's watched a stewardess run between panels doing this manually.

POC structure: Discovery & System Design phase (paid, €8–15K) — Verne maps every system on the vessel, produces integration specification, delivers a prototype UI in the owner's brand palette. This phase is the entry point. Full project value: €40K–€200K+ depending on vessel complexity.
Channel Strategy
  • Adriatic and Med marina presence — Biograd, Split, Dubrovnik, Porto Montenegro. One visible Verne installation on a respected vessel generates word-of-mouth across the marina within a season
  • Shipyard partnerships — 3 shipyards in Croatia, Slovenia, and Turkey in the 30–60m segment. Propose Verne as preferred systems integration partner
  • Dubai International Boat Show (February) — Gulf charter fleet operators upgrading vessels for the season. UAE HNWI buyers expect top-tier technology
  • Charter management companies — Burgess, Camper & Nicholsons, Northrop & Johnson manage fleets and influence owner decisions. A preferred technology partnership creates a recurring pipeline
  • LinkedIn — Captains and Marine Technical Managers — captains are the champions. They recommend to owners and are daily users. Post technical content about unified onboard systems
Buyer Persona

Who buys this

  • Chief People Officer / CHRO — owns AI adoption programme; under C-suite pressure to show measurable Copilot ROI
  • Head of L&D / Learning & Development Director — directly responsible for designing and procuring the training programme
  • CIO / IT Director — deployed Copilot licences; adoption is at 20–30%; needs structured enablement to justify the spend
  • CFO — signed off on Copilot licences at $30/user/month; wants to see productivity return
Ideal Company
  • 500–5,000 employees; Microsoft 365 environment with Copilot licences purchased or in evaluation
  • Regulated sector — pharma, financial services, professional services — where AI use needs governance
  • Has a formal L&D budget; currently spending on LinkedIn Learning or generic AI workshops
  • Copilot adoption under 35% despite licence rollout
Buying Triggers

What creates urgency

Copilot licences purchased — low adoption Board AI mandate — needs measurable output Annual L&D budget cycle (Q4 / Q1 planning) New CPO / CHRO — wants AI upskilling as first initiative Competitor announced AI-first operating model Failed internal AI training — teams didn't change behaviour
Pain in plain language
  • Generic AI workshops produce zero lasting behaviour change
  • Employees know Copilot exists; they don't know how to use it in their actual workflows
  • L&D teams can't build this internally — they need a partner who knows both AI and workflow design
Outreach — Cold to CPO / Head of L&D
"Your Copilot licence spend is running. Your team's adoption isn't."
Hi [Name] — the average enterprise Copilot rollout reaches 25% adoption within 6 months. The gap isn't the technology — it's that training was a one-day event, not a behaviour change programme. CyberMBA is a 12-week structured AI literacy programme built around your team's actual workflows: how your legal team uses Copilot for contract review, how your finance team uses it for analysis, how your HR team uses it for recruitment.

We map your workflows in week 1, build the curriculum around them, and measure adoption at week 4, 8, and 12. Reference cohorts achieve 70%+ active use by end of programme. We typically start with a team of 10–30 as a pilot.
CTA: "30-min curriculum walkthrough — we'll show you a programme built for [sector], not a generic deck."
Demo / POC Goal
Walk through the 12-week programme structure with a week-by-week curriculum mockup for their sector. Show sample workflow-specific module (e.g., "Copilot for financial modelling in Excel"). Key differentiator is specificity — they must see their workflows, not generic prompting tutorials. POC = 4-week pilot with one team of 10–15, measured on active Copilot use rate pre/post. Converts to company-wide programme (Starter / Professional / Enterprise packages).
Cross-Sell Path
  • → Knowledge Layer (Teach): CyberMBA alumni are the warmest audience for an AI-powered internal training platform
  • → CyberAutomate: L&D team asks "who builds the actual AI tools?" — that's the CyberAutomate hand-off
  • → CyberPass: Compliance teams often discover EU AI Act obligations during the governance module