How GitGuardian grew by cold emailing developers

Developers HATE cold emails. So why do they LOVE IT when GitGuardian cold emails them?

Publish Date
Mar 31, 2022
notion image

What does the company do?

notion image
GitGuardian is a global cyber security startup. They bring devs, security teams and ops people together to improve cloud security. They have become a niche leader of “secret detection”, used by 200k developers. API keys and other forms of credentials that can be used to make a “call” are great points for hackers to hit. GitGuardian helps to identify and solve these security gaps.
GitGuardian has somewhat of a freemium model, which also makes it affordable for small team’s personal projects.
notion image

👨‍👨‍👦‍👦 Target Audiences

  • People with “Application Security” in Job Title
    • Fairly rare in the market, usually 1 person focused on Application Security per 100 devs.
  • Developers working on side projects

📝 Briefly describe the growth project

The GitGuardian founders were learning cyber security around hacking in college. They found it’s incredibly easy to find API keys on GitHub using the search bar. This puts companies and projects at a security risk. They decided it could be a commercial project to help big companies detect these “secrets” that are out there and fix the gaps.
When they discovered how many vulnerabilities were out there, they felt it was their duty to warn people when they’ve accidentally leaked an API key that puts them at risk. In short, this is how they get trials. If people like it, they talk about it to their security engineer who might buy it for the whole company. It’s quite a pure sales funnel.
The Idea is to give something for free to individual developers. Security is not always the easiest knowledge to get, so it’s not uncommon to find developers building outside of their security knowledge. The team thought, why not just send emails to users with the accidental key they’ve leaked?
Developers hate cold email outreach more than anything. But that’s because all of the outreach they get is rubbish. You must show TREMENDOUS value first without asking for anything. The breakthrough for this growth channel was to include the link of the “commit” ID issue to them that they actually did. They aren’t told about their problem, they’re shown it.
This “growth hack” is at its core, a genuine Good Samaritan effort. It’s why the cold emails work so well.

📈 How has it gone so far for GitGuardian?

GitGuardian tends to get 3k signups a week. That’s 12-13k per month! This product-led growth and marketing strategy accounts for about 10% of new sales. This plays an essential role in them quadrupling their ARR year-over-year.

😍 Why is cold emailing a great growth channel?

It’s not, unless you do it right. It’s incredibly difficult to cold email anyone successfully, let alone developers. Cold emailing only works if you solve someone’s problem. It’s not about the emails, it’s about the problem solving. Email is just the communication channel.
When you solve someone’s problem, they trust you. When they trust you, they not only purchase from you, but recommend you.

🤔 Downsides to using

You must first figure out how to genuinely solve someone’s problem. Cold emailing is incredibly difficult to do successfully. You are invading someone’s inbox without their permission.
Done incorrectly, cold emailing will annoy and even anger people. The concept needs to be genuine and authentic. But the copy also needs to be right. So does the design. It takes a lot of knowledge, but more so a deep understanding of the community they’ll be cold emailing.

🏗 How to build your own

Step 1 - Solve a problem
  1. Make a list of problems your community has.
      • Bring in the whole team for a brainstorm!
      • Talk to your community! This is especially important if you aren’t your own customers. Conduct user interviews, post in communities, have as many conversations as you can.
      • Ask your existing customers!
  1. Look at the list carefully, and consider which ones you are well positioned to solve
      • Identify the most serious problem. It’s better to work hard figuring out how to solve a big problem than easily solving a small problem. Or worse, poorly solving a problem.
      • Ideally, your product solves a direct problem you can leverage. If not, you’ll have to solve a new one.
  1. Develop your solution
      • This will of course depend on your solution, but make sure it’s solved well.
Step 2 - Build your cold email system
  1. Setup an Email Service Provider (ESP)
      • GitGuardian used Mailgun (it was the cheapest they could find)
  1. Figure out how to communicate your solution (the email)
      • Communicate it clearly and quickly
      • Cut straight to the solution, and don’t ask for anything in return
        • notion image
  1. Find the emails of your potential customers
      • There are many ways to do this, but email prospecting tools are quite affordable.
        • Here is a pretty good list to compare options.
Step 3 - Email, test and iterate
  1. Test your email and solution in small batches. See what people say.
      • If the response is bad, address whether it’s your solution or the email. A perfect solution will have a terrible response if the email is terrible. Similarly the best crafted email in the world will not save you if you don’t have a real solution.
      • You want Open Rates above 30% generally speaking, but the main metric you want to be afraid of is Spam Reports. This is a sign that your email is annoying people.
  1. Ran a ton of AB tests to make sure you’re communicating effectively week over week.
  1. Iterate your email and solution week over week based on the responses to your email.
Step 4 - Automate (if you can)
  1. Ideally you want to automate as much of the process as you can.
  1. Don’t automate ANYTHING until you have confirmed the designs, concept and copy will work.
  1. Test your automations rigorously and in small batches to minimize the risk in case something is broken.

💡 Advice for someone trying to build something similar?

  • Most cold email seems shady. The message is, “buy this and I’ll help you”. GitGuardian was transparent and said “I already solved your problem, I could solve it for your whole company too if you’d like.” That’s both powerful and genuine.
  • Measure and update your emails frequently. Test on a very regular basis.
  • Make sure the rest of your marketing flow is good after they sign up. This will generate leads, but you still need to convert them into sales.
💡 Want to hear about another, yet very different cold emailing growth channel? Check out this previous post!

Follow Orian and his growth adventures on Twitter!