The five-stage event pipeline, across all five stages: a worked example

Most event playbooks describe outcomes. Fewer describe mechanisms. This one is a mechanism walkthrough: the five-stage event pipeline, run across all five stages on a real Series C cybersecurity program (260 employees) at RSA, Black Hat, and a regional summit. The program produced $2.4M in attributed pipeline and 85 qualified meetings. I want to show what happened at each stage, what decisions were made, and what the handoffs looked like, so the shape of the pipeline is visible.

The five stages are source, enrich, sequence, capture, attribute. I will walk them in order.

Stage 1. Source

Start date: 6 weeks before RSA, 4 weeks before Black Hat.

RSA’s public attendee count for 2025 was roughly 43,000. Black Hat was roughly 20,000. Neither organizer shares a full attendee list with sponsors. The list exists, but it arrives as a post-event delivery, three days before the show opens, partial, and unenriched. That is too late for enterprise outbound.

Source is the stage where we build the list ourselves, ahead of the organizer. For RSA 2025, the raw inputs were the public exhibitor directory, the speaker list, the session catalog, LinkedIn event-attendee signals (people who marked themselves as attending), and sponsor rosters. For Black Hat, we added the briefings speaker list, the arsenal track, and DEF CON adjacency (people attending both).

The customer also uploaded their own CSV of hand-curated named accounts they wanted coverage for. This is the only non-public input. Everything else is publicly available in fragments that Luminik stitches together.

Output of stage 1 for RSA: a deduplicated list of roughly 43,000 attendee records, each with name, title, company, and a source tag (speaker, exhibitor, LinkedIn-signal, or attendee-list). Zero enrichment yet. The job of stage 1 is coverage.

Stage 2. Enrich

The 43,000 records are enriched through the customer’s own Apollo contract and LeadMagic API key. This is the BYOV stage: Luminik orchestrates the lookup, the customer’s existing vendors do the enrichment. No second data contract. See BYOV: why we refused to own your enrichment for why this matters pricing-wise.

Enrichment is where the list shrinks to a scored target set. Each record gets hit with the customer’s ICP profile, which for this Series C cybersecurity company was CISOs, SOC leaders, security architects, and VP-level security buyers at companies with 500+ employees in financial services, healthcare, and tech. The ICP was encoded as a scoring rubric with weights: title match, seniority, company size, industry, and target-account flag.

The AI scoring pass produced a 0 to 100 score per attendee, with reasoning text. A +20 boost applied to anyone who matched a named account on the customer’s target list.

Output for RSA: 1,840 ICP-matched records out of 43,000, roughly 4.3%. That is the target set the AE team will work.

The number matters. 1,840 is too many for nine AEs to hand-touch. 600 is a tractable Tier 1. The rest become Tier 2 for warm outreach and Tier 3 for post-event nurture. The scoring rubric is what makes that tiering defensible.

Stage 3. Sequence

4 to 5 weeks before each event.

Tier 1 targets get pushed into Apollo sequences with event-specific angles. Tier 2 goes into lighter-touch HubSpot workflows. Tier 3 gets added to a post-event campaign.

Event-specific angles are the piece most teams skip. A generic outbound cadence that says “we will be at RSA, want to meet” gets roughly a 2% reply rate. An angle that says “you are speaking on Tuesday at 11 about zero-trust architecture, we built our SOC automation around the problem you described in your Q3 keynote, can we grab 20 minutes Wednesday afternoon” gets closer to 10%. The angle depends on the signal source from stage 1. Speakers get a speaker-angle. Exhibitor-list matches get a peer angle. LinkedIn-signal attendees get a show-specific angle.

Sequence length: 4 touches over 3 weeks. Email one, LinkedIn connection, email two with meeting slot, LinkedIn message with specific time offer. This is Apollo-native; the customer’s existing sequencer does the work. Luminik just ranked and tagged the list.

Output at stage 3: meetings booked. For the RSA program, the team pre-booked 40 meetings on the floor and 12 meetings at adjacent executive dinners. For Black Hat, 25 pre-booked meetings. For the regional summit, 8 pre-booked meetings. Total: 85 meetings on the calendar before the booth ever opened.

Stage 4. Capture

During the event, on the floor.

The mobile app (iOS and Android) is what reps use on the floor. Three capture methods: QR scan on badges, on-device badge OCR with per-field confidence scoring (for events where the QR is locked behind the organizer’s app), and manual entry for booth conversations that did not start with a scan.

The capture surface matters because conference Wi-Fi is reliably broken. RSA’s exhibit hall, Black Hat’s Mandalay Bay floor, and every regional summit I have ever worked had Wi-Fi dead zones. A real-time capture tool drops data. An offline-first tool queues it and syncs when connectivity returns. Luminik’s app queues up to 200 captures with 5-retry exponential backoff. Nothing lost, even if the booth is in a dead zone for three hours.

The capture that matters most is not the badge scan. It is the voice note plus meeting log attached to it. The rep scans a badge, the app pulls the pre-event ICP score and deal-stage context, the rep records a 30-second voice note summarizing the conversation, tags the meeting outcome (hot, warm, nurture, non-buyer, competitor), and moves on. The voice note transcribes to text on sync. All of that lands on the contact record in Salesforce.

Output at stage 4 for the RSA program: 1,500+ booth scans across three days, 85 meeting logs with voice notes, and roughly 220 captures that were already pre-scored as Tier 1 or Tier 2 from stage 2. The pre-scored captures are worth more than the cold scans. More on that in pre-booked vs booth-scanned: how event pipeline actually compounds.

Stage 5. Attribute

Within 48 hours of floor close.

Attribution is three-tier matching. Tier one: email match, highest confidence. Tier two: domain match, medium confidence. Tier three: company name match, lowest confidence. Each match writes a field on the Salesforce Opportunity or HubSpot Deal record: event-sourced, event-influenced, confidence badge (HIGH, MEDIUM, LOW), first touch date, last event touch date.

The two-field split (sourced versus influenced) is non-negotiable. Collapsing them into one “campaign revenue” number destroys the signal. See your event attribution model inherited inbound logic for the full argument.

For the RSA program, within 48 hours of floor close, the Salesforce Opportunity records had attribution writeback on 62 opportunities. Over the following 8 months (matched to their actual sales cycle), those opportunities produced $720K closed and $1.1M open pipeline. Black Hat added another cycle. The regional summit added a third. Total across the three events, over the 8-month window: $2.4M in sourced plus influenced pipeline.

The speed of the writeback matters. 48 hours is the window in which the VP of Marketing has a QBR or a board update, and needs a number. If attribution lands in week four, the number is useless for that meeting. It lands in the next QBR, which means the budget defense is a full quarter late, which means the event line gets cut before the number is visible.

What the worked example makes visible

Each stage has a distinct output and a distinct failure mode. Stage 1 fails if coverage is low (missing the actual ICP attendees). Stage 2 fails if enrichment is stale or mismatched to ICP. Stage 3 fails if the angle is generic. Stage 4 fails if Wi-Fi eats the captures. Stage 5 fails if attribution lands late or lives in a dashboard instead of the CRM.

The reason the five-stage shape produces compounding pipeline is that each stage’s output is the next stage’s input, and the data model is shared across all five. You cannot sequence a list you did not score. You cannot score a list you did not build. You cannot attribute a meeting you did not capture. You cannot capture a target you did not sequence. Stage 5 closes back into stage 1 because the writeback lands in the CRM, where the next event’s sequencing starts with a contact record that already has event history.

Teams that run these five stages on separate vendors, with separate data models, lose the compounding. A Vendelux-plus-Mobly-plus-manual-attribution stack gives you three islands and three CSVs. The $2.4M cybersecurity program was not the result of three best-in-class point tools. It was the result of one shared data model across five stages, with the customer’s own CRM and enrichment contracts doing the heavy lifting at the edges, and Luminik in the middle doing the orchestration.

If you want to see the same pattern applied to a fintech program instead of cybersecurity, the IDV $2M across 15 events case study walks through a similar five-stage run with different event shapes.