A cybersecurity SaaS in the cloud detection and response space
Tripled Perplexity citation share in 60 days via trade-pub placements
The challenge
The client sells cloud detection and response software to security teams at mid-market and enterprise companies. The category is crowded, the buyers are technical, and almost all of them use Perplexity and ChatGPT as part of vendor research. The marketing team had been running a textbook content program, two technical posts a week, plus regular product webinars. Domain authority was healthy and rankings were respectable, but Perplexity and ChatGPT citations were rare and inconsistent. The competitors winning citations were not winning them on domain authority. They were winning on press: bylines in three major security trade publications, quotes in CISO-focused newsletters, and inclusion in analyst commentary. The client had a CTO with genuine industry credibility and unique data on cloud attack patterns, but had never built a systematic earned-media program. The team had four months and a fixed budget. We agreed to focus narrowly on press placements and the on-domain work needed to convert those citations into pipeline.
What we shipped
The engagement was deliberately tight. We picked 14 target publications based on which ones Perplexity and ChatGPT were citing most often for the relevant category prompts, then ran a structured pitch program over twelve weeks.
We delivered 14 placements: nine technical bylines under the CTO and two security researchers on the team, three contributed analyses based on anonymized customer attack data, and two interview pieces. The pitches all had real news hooks tied to actual attack data the client had observed, which made the placements easier to get and more useful for citation than generic thought leadership would have been.
In parallel, we did focused on-domain work. We rebuilt the CTO and the two research authors as proper entities with full sameAs graphs linking to the trade-pub bylines, conference talks, and prior employer profiles. We added Article schema and Person markup across the technical blog. We built llms-full.txt at 680KB, which was deliberately scoped to the technical product documentation, the threat research library, and the integration documentation. We did not include marketing pages. We shipped a structured threat-intelligence reference section using DefinedTerm markup, which became an unexpected citation source.
We also instrumented a citation tracker against 60 priority prompts running twice weekly, so we could see the press placements move the needle in close to real time. Two of the placements drove visible citation lifts within ten days of publication. Two others took three to four weeks to show up. Two never materially helped, which is a normal hit rate.
The numbers
| Metric | Baseline | After 60 days | After 4 months |
|---|---|---|---|
| Perplexity citation share, category prompts | 7% | around 22% | around 31% |
| ChatGPT citation share, category prompts | 9% | around 18% | around 27% |
| Trade-pub bylines published | 0 | 8 | 14 |
| Inbound demo requests, monthly | 64 | 81 | 112 |
| Pipeline-attributed to organic | $1.1M | $1.6M | $2.4M |
| Branded search, monthly | 4,200 | 5,400 | 7,800 |
The most visible change was the texture of inbound. Pre-engagement, inbound demo requests were heavily weighted toward small companies, often filling out forms before serious vendor research. By month three, demo requests were arriving from named target accounts the client had been trying to penetrate for a year, often with specific technical questions that referenced details from the trade-pub bylines. The CTO went from doing roughly two technical sales calls a quarter to doing two a week, because prospects were specifically asking to talk to him by name. Sales cycle on enterprise deals shortened by about three weeks, mostly because the technical evaluation was happening faster when prospects already knew the company's research and felt they understood the team. Branded search lifted noticeably and shifted toward queries that included the CTO's name, which is exactly the fingerprint we were aiming for.
What we'd do differently
We were too cautious in the first three weeks about getting the CTO on calls. He has a packed schedule and the team was protective of his time. But the placements that performed best were the ones where he was directly involved in the pitch and the writing, not just the bylined-on-final-draft pieces. Once we moved to a model where he did a thirty-minute working session per piece, quality and citation impact both jumped. We also should have done the entity graph work in week one rather than week three. The CTO's existing trade-pub history was significant, and pointing the LLMs at it earlier would have compounded the new placements faster. We left maybe two weeks of citation lift on the table because of that sequencing.
What's next
The four-month engagement closed and the client brought the work in-house, hiring a dedicated PR lead to continue the press program. We are still running the citation tracker on a quarterly basis as a consulting engagement, and the client has scope for us to come back for a focused project around their upcoming threat research report launch. The team is now planning a second wave focused on industry analyst influence, which is a different program from press but uses similar entity and citation logic. We expect to be involved in that if the analyst program ships in Q4. The client is also considering a small open-source release of internal tooling, which would shift some of the citation source mix from press to GitHub and developer-community surfaces.
Want this outcome for your domain?
Start with a $597 Strategy Sprint or get a free GEO audit.
Book a Strategy Sprint Free GEO Grader