Action · 2026-05-21

Next 30 days. The actual things to do this week.

Week-by-week task list pulled from the strategy critique, the wedge offer spec, and the sales system. Each task = action + thing + acceptance check.

If you only do one thing

Get the AI/LLM Security Review offer page live, render the sample report PDF, and send the first 10 free-finding emails by end of Week 1. Everything else compounds from there.

Week 1

Foundations + Wedge Live

Goal: AI/LLM Security Review offer page live. Sample report drafted. First outreach batch out. Insurance quote requested.

Pick the domain. tagwercher.io or tagwercher.com. Register the missing one. Set the other to redirect.Done when: both domains resolve, one is canonical, no mixed-branding docs go out again.
Publish the AI/LLM Security Review offer page on the canonical domain. Use the verbatim offer block from ai-llm-wedge-offer.md. Carrd, Astro, or plain HTML is fine.Done when: /ai-llm-security-review is live with scope, price, and a contact form.
Draft the sanitised Acme AI sample report. 8 to 12 pages. OWASP LLM Top 10 structure. 3-4 realistic findings.Done when: the markdown is written. PDF render happens Day 5.
Rewrite the LinkedIn headline + About. Headline leads with "AI/LLM Security Reviews for SaaS founders, OWASP LLM Top 10, 3-day turnaround." About section: thesis + business background + offer link in Featured.Done when: any visitor lands and reads the positioning in 5 seconds.
Build the first outreach list of 15 prospects. 3 from Product Hunt new AI launches, 3 from YC W25/S25 directory, 3 from Indie Hackers, 3 from AI Tinkerers recaps, 3 from DACH LinkedIn. Sheet schema from sales-system.md.Done when: 15 rows in the sheet with Name, Company, URL, LinkedIn, AI feature URL, source channel.
Free-find 10 of the 15 prospects. 12 minutes per prospect using the recon script (prompt injection probe, exposed system prompt, rate-limit test, output sanitisation check).Done when: 10 findings written in the sheet, each with one sentence + reproduction + business impact.
Send 10 free-finding emails by hand. Tuesday or Thursday. Personal Gmail or Proton. Use Hook 1 with real observations swapped in.Done when: 10 sent, no automation, no spintax, no Instantly.
Request cyber liability + E&O insurance quotes. Hiscox (UK/EU) or Embroker (US). Online quote takes 20 minutes.Done when: 2 quotes in inbox, ready to bind in Week 2.

Week 2

Send rhythm + insurance bound

Goal: Sample report PDF live. Insurance bound. Send rhythm locked in. First replies coming back.

Render the sample report to PDF. Host at /sample-report.pdf on the canonical domain. No email gate.Done when: a stranger can download it in one click.
Bind cyber liability + E&O insurance. Pick Hiscox or Embroker based on invoicing entity. Bind, request COI PDF, store in 1Password.Done when: COI PDF in hand, effective-date earlier than any SOW signature date.
Source the second batch of 15 prospects on Monday using the 5-channel split.Done when: 15 new rows in the sheet, source channels balanced.
Send Day-3 bump to last week's batch. Subject "Re:" the original. Short. Offer the other 3 findings or the full review.Done when: 10 bumps sent, sequence rule respected (3 touches max).
Send 15 fresh free-finding emails this week. Tuesday batch + Thursday batch split.Done when: weekly send target hit, every email had real recon behind it.
Send 15 LinkedIn connection requests in parallel with the email batch. 110 characters max. Reference where you found them.Done when: connection notes are specific, not generic "add to network".
Reply to every responder within 2 business hours. Use the Reply 1-5 templates from sales-system.md.Done when: zero responders left waiting more than 2 business hours.
Publish LinkedIn post #1. Topic: a thesis insight or a recent prompt-injection write-up. 250-400 words.Done when: live, tagged, anchors the positioning.

Week 3

Scoping calls + content cadence

Goal: First scoping call booked. Content cadence at 2-3 posts/week. Source channels showing which ones convert.

Source 15 new prospects. Monday block, same 5-channel split. Update Sheet.Done when: 45 cumulative prospects in the sheet by end of Week 3.
Free-find + send 15 new emails. Same rhythm: Tuesday recon, Wednesday/Thursday send.Done when: weekly send hit, recon time still ~12 min per prospect.
Send Day-7 case-study angle to Week 1 batch. Last touch. Subject leads with consequence of not fixing.Done when: Week 1 sequence is now closed (3 touches done, prospects move to Replied or Dormant).
Send Day-3 bumps to Week 2 batch.Done when: 15 bumps sent.
Book first scoping call. When a qualified reply lands, offer the 20-minute scoping call link (Cal.com free tier).Done when: at least one calendar invite accepted.
Publish LinkedIn posts #2 and #3. Mix: one tactical ("what I look for in a 30-min audit"), one CVE breakdown or recent attack analysis.Done when: live, 50+ impressions each, profile views ticking up.
Run the Friday pipeline review. 30 minutes. Update Stage column, Next Action column, log what is working.Done when: sheet is sorted by Next action date, today's work is at the top.

Week 4

First close + curriculum on-track

Goal: First paid engagement signed. Sample report replaced with sanitised real client work next month. Curriculum Phase 1 complete.

Source 15 new prospects + send 15 new free-finding emails. Keep the rhythm. Volume compounds.Done when: 60 cumulative prospects by end of Week 4.
Run the scoping call(s) from Week 3. 15-20 minutes. Confirm yes-go signals (live AI feature, founder-led decision, pre-Series-B, specific trigger event).Done when: scoping data captured for each qualified prospect.
Send the first SOW. Use Template 1 from contracts-pack.md with AI/LLM Security Review scope. Find-replace placeholders, attach sample report PDF.Done when: first proposal in client's inbox.
Require the signed Authorization Letter before any testing traffic. Template 4 from contracts-pack.md. Signer must be VP or higher.Done when: signed PDF stored before first test request goes out.
Collect 50% deposit on signed SOW. Stripe or Wise invoice link. Non-refundable.Done when: payment hit before kickoff call.
Deliver the first AI/LLM Security Review. 3 days. 12 billable hours. Day 1 LLM01-05, Day 2 LLM06-10, Day 3 report + remediation call.Done when: report delivered, 1-hour call held, client has the final PDF.
Publish LinkedIn posts #4 and #5. Keep cadence at 2-3 per week. One should be a sanitised observation from the live engagement.Done when: 5 posts live cumulative, profile views compounding.
Friday review. Look at source-channel data across 60 prospects. Re-balance the 15/week split for Month 2 based on which channels actually replied.Done when: Month 2 channel allocation updated in the sheet.

Acceptance gate

By end of Week 4: offer page live, sample report PDF live, insurance bound, 60 prospects worked, first SOW signed at $1,500. If 5 of 6 of those are true, the wedge is working. If 3 or fewer, re-read sales-system.md Mistake 1-3 and look at finding quality first.

The weekly rhythm (sustainable past Week 4)

One operator, about 10 hours per week on sales, split across 5 days. This is what makes 15 prospects per week sustainable without burning out or starving delivery time.

Monday AM (90 min). Source 15 prospects from the 5 channels. Update sheet.
Tuesday AM (3 hrs). Free-find. One finding per prospect, ~12 min each.
Wednesday AM (90 min). Send batch 1. 8 emails + 8 LinkedIn requests.
Thursday AM (90 min). Send batch 2. 7 emails + 7 LinkedIn requests.
Friday AM (2 hrs). Reply to responders. Send Day-3 bumps to last week's batch. Send Day-7 case-study angles to the batch before.
Friday PM (30 min). Pipeline review. Advance stages. Log what is working.

If a day gets blown out, the rule is to send fewer prospects that week, never to skip recon and mass-blast generic openers.

Sources: strategy-critique.md (week-by-week 6-month grid), ai-llm-wedge-offer.md (Week 1 TODO + decisions), sales-system.md (Mon source / Tue free-find / Wed-Thu send / Fri reply rhythm).