Overview
You manage 30-50 enterprise accounts that use Adaptive's security awareness training and phishing simulation platform. You run their ongoing security campaigns, review metrics on employee training completion and phishing click rates, and make sure they renew each year. You're also looking for opportunities to expand their licenses when they hire more employees or want to add advanced modules on AI threats and deepfakes.
Role Snapshot
| Aspect | Details |
|---|---|
| Role Type | Post-sale CSM (retention + expansion) |
| Sales Motion | Reactive support + proactive QBRs and upsells |
| Deal Complexity | Consultative - requires understanding customer security posture |
| Sales Cycle | Expansion deals: 1-3 months |
| Deal Size | Base contracts: $25-100K ARR, expansions: $10-50K |
| Quota (est.) | 95-100% net retention + $200-400K expansion/year |
Company Context
Stage: Late-stage (198 employees, mature product)
Size: 198 employees
Growth: Actively hiring across Customer Success team in NY
Market Position: Challenger in crowded security awareness space (competing with KnowBe4, Proofpoint, Mimecast). Differentiating on AI-native threats and modern training UX.
GTM Reality
Your Book of Business:
- 30-50 enterprise accounts ($25K-100K+ ARR each)
- Mix of finance, tech, healthcare, government verticals
- Accounts are 1-3 years into their contract lifecycle
Support Structure:
- Work alongside other CSMs in NY office
- Escalate technical issues to support/product teams
- Partner with AEs on larger expansion opportunities
- Report to VP of Customer Success or Director
Renewal/Expansion Motion:
- Annual renewals (some multi-year contracts)
- Expansion triggers: headcount growth, adding modules, upgrading tiers
- Downgrades happen when customers cut budgets or employee count shrinks
Competitive Landscape
Main Competitors: KnowBe4 (market leader), Proofpoint, Mimecast, Cofense, Infosec IQ
How They Differentiate: Focus on AI-powered threats (deepfakes, synthetic media), more modern/interactive training vs. legacy click-through courses, OSINT-powered personalization
Common Objections: "Our employees are already trained", "KnowBe4 is the industry standard", "We're cutting security budget this year"
Win Themes: Better engagement rates, more realistic simulations, modern threat coverage (AI/deepfakes)
What You'll Actually Do
Time Breakdown
Account Management (40%) | Campaign Reviews (25%) | Renewals/Expansions (20%) | Internal Meetings (15%)
Key Activities
- Running Security Campaigns: You schedule phishing simulations and training rollouts for your accounts. You review metrics on who's completing training and who's still clicking phishing links. You field questions from security teams about why certain employees aren't engaging.
- Quarterly Business Reviews: You present metrics to CISOs and security directorsâtraining completion rates, phishing click rates, risk scores. You explain trends and recommend next steps. These meetings often get rescheduled multiple times.
- Chasing Renewals: 90-120 days before renewal, you start reaching out to confirm budget, validate ROI, and address any concerns. You'll compete with other security tools for limited budget. Some renewals are smooth, others require multiple stakeholder meetings and pricing negotiations.
- Finding Expansion Opportunities: When customers hire more employees or show interest in advanced modules (deepfake training, executive protection), you scope the expansion and loop in your AE for deal support. Not every customer expandsâmany just renew flat.
The Honest Reality
What's Hard
- Customer engagement is cyclicalâthey care a lot during onboarding and renewal season, but go quiet for months in between. You're constantly trying to stay top-of-mind.
- Training completion rates vary wildly. Some companies have great internal buy-in and hit 90%+ completion. Others struggle to get employees to care, and you get blamed for low engagement.
- Budget cuts hit security awareness training hard. It's not the most critical spend compared to endpoint protection or firewalls. Renewals can shrink or churn despite strong results.
- You spend a lot of time on administrative workâupdating campaigns, pulling reports, logging activities in Salesforce/Gainsight. It's not all strategic conversations.
- Expansion opportunities are hard to find. Most customers bought what they need upfront. Upsells depend on headcount growth or new budget unlocking, which you can't control.
What Success Looks Like
- You maintain 95-100% net revenue retention across your book
- You generate $300-500K in expansion ARR per year from upsells and cross-sells
- Your accounts have high training completion rates and engagement scores
- You catch at-risk renewals early and save them before they churn
Who You're Selling To
Primary Buyers:
- CISOs and VPs of Security (decision-makers on renewals and expansions)
- Security Operations Managers and Security Awareness Program Managers (day-to-day contacts)
What They Care About:
- Measurable risk reductionâthey need to show the board that phishing click rates are going down
- Employee engagementâthey don't want a tool employees ignore or complain about
- Compliance and reportingâthey need audit trails and proof of training completion
- Budget efficiencyâthey're always being asked to do more with less, so ROI matters
Requirements
- 2-4 years in Customer Success, Account Management, or related role (security/SaaS preferred)
- Experience managing enterprise accounts and running QBRs
- Comfortable with metrics and reportingâyou'll live in dashboards and need to explain data to technical buyers
- Ability to work onsite in New York (at least hybrid, possibly full-time)
- Nice to have: familiarity with security awareness training, phishing simulations, or cybersecurity concepts