0 to 2K Verified Cybersec Users in 1 Year
How multi-channel acquisition and lifecycle email grew a SaaS from 0 to 2,000 users.
BACKGROUND
A brand new vulnerability assessment SaaS was entering a market dominated by enterprise-grade tools and deeply technical buyers, but with a freemium model designed to make security accessible to both technical and non-technical users. There were zero users, zero brand presence, and zero marketing infrastructure on day one.
My role was to build everything: the acquisition strategy, the growth channels, the lifecycle emails, and the retention mechanics, all on a $10K annual ad budget.
THE CHALLENGE
Launching a security product to a mixed audience of developers, security professionals, and non-technical SMB owners requires careful balance. Technical buyers distrust marketing-heavy messaging. Non-technical buyers need reassurance and education before they trust a tool with their security data. And with a free tool as the entry point, the real challenge was not just getting signups. It was turning one-time visitors into repeat users who eventually converted to paid scans.
WHAT I DID
- Multi-channel acquisition: With a lean $10K paid budget, I spread acquisition deliberately across SEO and content targeting high-intent security queries, Google and Meta paid campaigns with distinct messaging for technical and non-technical segments, and community and product launches to drive initial user spikes and early word-of-mouth
- Acquisition email flows: Built in SendGrid from scratch, nurturing visitors who signed up but had not yet completed their first scan, with educational content that lowered the barrier to first use
- Retention email flows: Re-engaging existing users with scan reminders, new vulnerability alerts, and upgrade prompts tied to their specific security findings
- Product-led retention: The free tool gave users vulnerability scanning results, a security score, benchmark comparisons, and educational content about specific vulnerabilities found. I built retention communication around these moments, reminding users when their score could have changed and when new threat categories emerged
RESULTS (12 MONTHS)
| Metric | Result |
|---|---|
| Verified users acquired | 0 to 2,000 |
| Website traffic growth | +300% |
| Growth trajectory | Gradual and compounding, no single spike |
| Ad budget managed | $10K annual |
| Email infrastructure | Full acquisition and retention workflows built from zero |
| Audience reached | Both technical and non-technical buyers |
The Takeaway
Launching a freemium security product from zero taught me that acquisition and retention are two sides of the same coin. Getting users in the door matters, but keeping them engaged until they see real value is what turns signups into a user base. The gradual, compounding growth curve was a feature, not a bug. It meant the foundation was built right.