← All work
A market of dim gray dots, a few glowing amber and connected by lines that converge into a single pipeline.

Signal-Based Lead Generator · TrustNet · 2026

Detecting compliance buying windows before the buyer starts shopping

The buyers who'll renew next quarter leave traces now. This finds them before they start shopping, so every outbound call opens from a position, not a guess.

Open a vertical

pick an industry + framework

Harvest signals

scrape where windows leak

Score & rank

who's about to buy

Work the window

outreach, then close the harvest

The whole system: one expedition per vertical, not a 24/7 monitor.
High-confidence
buying signals vs. low-confidence intent
Solo
full cycle, one operator
Annual
buying window, mapped per vertical

01 · Problem

Compliance is the worst category in B2B for lead gen

Inbound is priced out. Audit keywords are some of the most expensive in paid search, and the buyer cycle is annual. You can’t run ads against a customer who buys once every twelve months and doesn’t know they need you until two weeks before they do.

Outbound is dressed-up guessing. Apollo, Clay, and ZoomInfo sell contact databases enriched with signals that sound useful but aren’t.

What the tools sell you

“They have a security team.” “They raised a Series B.” Tells: who might be a buyer.

What actually matters

A renewal is due next quarter. Triggers: who is about to buy, right now.

For three years I ran the full TrustNet sales cycle solo. I needed a third option.

02 · Solution

Reject the category: build buying-window radar, not a lead list

A renewing SOC 2 audit leaves traces in specific places, weeks before the buyer starts shopping. So does a HITRUST renewal, an ISO 27001 surveillance audit, a PCI re-attestation. The traces differ per vertical, per framework, per company size.

This is industry knowledge, not a scraping problem. Anyone can write the scraper. Almost no one knows where to point it.

So I built a one-shot, per-vertical signal harvester instead of a continuous monitoring pipeline. Compliance audits are annual; buying windows open on a calendar a quarter wide. There’s no value in running 24/7 to catch a signal that updates once a year per company.

The system runs as expeditions: open a vertical, harvest the signal, score the list, work the list, close the harvest. System cadence matches buyer cadence, not the other way around.

03 · How I built it

Boring stack, deliberate cadence

Scrape

Firecrawl

Score

OpenAI

Orchestrate

Trigger.dev jobs

Route

n8n → Sheets · CRM · Slack

Commodity parts. The cadence is the idea.

TypeScript on Node. Firecrawl for scraping, OpenAI for scoring, Trigger.dev to run harvests as discrete async jobs, n8n to route outputs. None of those choices are interesting on their own, and that’s the point. The decision that matters isn’t the stack. It’s running the whole thing as expeditions instead of a cron-and-dashboard that would have matched my tools instead of the buyer’s behavior.

04 · The moat

The code is commodity. The intake question is the moat.

I built a pipeline where forking the repo gets you nothing without the per-vertical playbook that feeds it. The hard-won asset is the answer to “where does a buying window leak for this kind of company?” It is not the orchestration that processes the answer.

Most builders would hide this; they want the code to be the impressive thing, because code is the part you can show. I’m calling it out on purpose. If you’re hiring me or buying my time, the build isn’t what you’re paying for. The build is reproducible in a weekend. The playbook is what makes the build matter.

05 · Proof

Same product, same buyer, a completely different conversation

Before

“Do you need a SOC 2 audit?” and hope the answer is yes.

After

“I noticed a compliance-lead posting and a trust-center update. That usually means a renewal next planning cycle. Worth a conversation?”

We moved from “they might need an audit” to “this guy will renew next year, just need to be there when they do.”
That's the shift in sales conviction the system enabled: a different starting position for every conversation.

Bought lists give you “possible interest”—low-confidence intent inferred from hiring patterns or funding events. This system infers high-confidence buying signals from public compliance disclosures: a company that just updated its trust center and posted a compliance-lead role isn’t a guess, it’s a window. That difference in signal quality is what changes the starting position of every outbound conversation.

06 · What's next

Productize the playbook so I'm not the bottleneck

The current system needs me in the loop on every vertical setup. Fine for one or two industries, untenable past five. The next version turns the per-vertical playbook itself into a guided intake: walk through “what does a buying window look like here, what frameworks apply, where do the signals leak,” and produce a configured harvester at the end.

The build was always going to be easy. The intake is the work.

Want the code, or a version tuned for your team? The build is on request.

Request the code

raph@raphaelmercado.devlinkedin.com/in/raphmercadogithub.com/raphaelmercado-coder