Why We Don't Have a Sales Team

Most cybersecurity firms have a problem they've learned to live with: the people who win the business aren't the people who do the work.

This isn't a cynical observation. It's structural. The traditional model runs on pipeline. You hire salespeople, fund marketing campaigns, exhibit at conferences, run outbound sequences, and pour budget into anything that generates meetings. When a deal closes, delivery picks up wherever sales left off, often without the context, nuance, or relationship that got you in the room in the first place. The client who signed expecting a strategic partner sometimes gets a project manager and a PDF.

The security industry, specifically, has made this worse. The proliferation of vendors, tools, and consultancies has made buyers deeply skeptical. CISOs and security leaders aren't just busy, they're conditioned to distrust and be skeptical. They've been pitched the same "comprehensive, risk-based, outcomes-driven" engagement by forty different firms. They've heard all about the single pane of glass, the "deploys in 15 minutes" solution, and so on. They know what a templated outreach email looks like. Most delete it before the second sentence.

The response from most of those firms? More automation. Better sequences. AI-generated "personalization" at scale. The volume goes up, the signal-to-noise gets worse, and buyers retreat further.

We looked at that dynamic and made a deliberate choice to go the other direction.

The Syndicate

When Rob and I started Sidekick, we didn't build a sales team. We built a network.

The Sidekick Syndicate is an invite-only community of cybersecurity professionals: vCISOs, practitioners, security consultants, compliance experts, former executives, and trusted industry partners who introduce us to organizations in their orbit. Not because they're incentivized to push a product, but because they know us, they understand what we do well, and they're willing to put their credibility behind a recommendation.

That credibility is the point. In a trust-first industry, the warmest possible introduction is from someone the buyer already respects. When a vCISO tells a client "these are the people I'd bring in," that carries more weight than anything a polished deck could say.

The model isn't passive, either. Syndicate members earn meaningful commissions, 10% uncapped on closed deals, as well as access to insider briefings, networking opportunities, and the kind of peer community that actually makes conference attendance worth it. But the members who make the best introductions aren't primarily motivated by the commission. They do it because the work reflects well on them. That's the bar we hold ourselves to.

What This Unlocks Internally

The standard consulting firm business model works roughly like this: spend heavily on sales and marketing, generate leads, close deals, then figure out delivery. Delivery is often under-resourced, over-promised, or handed off to whoever is available. The margin lives in the gap between what was sold and what gets done.

We built Sidekick to run the opposite way.

Because the Syndicate handles our go-to-market, we don't carry a large sales overhead. That frees us to invest almost entirely in the quality of our work in research, in tooling, in the caliber of the people doing the actual engagements. When a client works with Sidekick, they're not funding our business development operation. They're getting the direct benefit of a firm that has deliberately prioritized delivery over pipeline.

This matters more in security than in most professional services. The work requires deep context, clear communication, and genuine accountability. An engagement that starts with a trusted introduction, from someone who already understands the client's environment and expectations, is structurally more likely to go well than one that starts with a cold outbound sequence and a discovery call with someone the client will never hear from again.

Why Now

There's a version of this argument that sounds like nostalgia...the "relationships matter" counter-narrative to AI-driven GTM that gets dismissed as old-fashioned. We don't think that's what's happening.

The bar for automated outreach is getting lower. The volume is going up. Buyers are getting sharper at filtering it out. In that environment, a genuine introduction from a credible peer doesn't just compete with automation, it's one of the few things that actually cuts through. The firms that figure this out now will have a real structural advantage in two or three years, when the AI-saturated outreach environment gets even noisier.

We also think this model says something about how you value your clients. If your primary growth mechanism is high-volume prospecting, your clients are mostly a means to pipeline. If your primary growth mechanism is the quality of your work and the relationships it generates, your clients are the engine. The incentives are different. The behavior follows.

For the Network

The Syndicate is invite-only, but it's not a closed door. If you're a security professional with clients or peers who could use tighter pentesting, sharper assessments, or ongoing program support and you want to earn real commissions while pointing people toward work you'd genuinely stand behind, we'd like to talk.

And if you're a security leader evaluating consultancies, we hope the way we've chosen to grow tells you something about how we'll approach your engagement. We didn't build a team optimized to close you. We built a team optimized to deliver for you.

Reach out at syndicate@sidekicksecurity.io.