Back to resources

Preparing to Transition to an IPO

Strategy
Stakeholders

20 July, 2021

Tina Cessna
Tina Cessna

Senior VP of Engineering at Blackblaze

Tina Cessna, Senior Vice President of Engineering at Backblaze, was well-prepared to lay the groundwork for a more secure organization when her company decided to move toward becoming an IPO.

Problem

I work for a private company that plans to IPO in the future. This requires a fair amount of preparative work across the entire organization. Different departments needed to meet different standards of compliance. We needed to undergo a SOC 2 audit, and I wanted to make sure that we were prepared to be assessed as a company.

When you work with major, enterprise-level customers, they want to know whether or not you’re SOC 2 compliant, or up to the standard of any of a number of other bodies of certification. Earning official certification in cybersecurity checks off many indicators of a company worth trusting your data with.

Privacy and security are company-wide issues, not just the concern of engineering or IT. Each department has different things that they can do in order to contribute to this holistic effort.

Actions taken

Three years before this, I was already working toward a more refined engineering organization in terms of our focus on security. We were always looking for new ways to implement various processes throughout the company. We had grown from twelve to forty-five during this time.

We wanted to ensure that, as we grew, we remained just as productive as we were before. This included making sure that communication on who was doing what within the company was very clear. When you’re still small, it’s easy to simply talk to one another. As you scale, it becomes more difficult to sustain this direct way of exchanging information at every level.

Our QA team needed to be informed on what they had coming so that they could prepare themselves for any changes in our weekly releases. Before preparing to go IPO as we scaled, this process was much more ad hoc. One of my goals was to find a more efficient process for them. Change management control was another area that I wanted to focus on. We needed a better way of organizing the work to be done in regard to our product.

We put plenty of documentation in place after institutionalizing these changes. We wanted to make sure that the team knew what we were doing; the process of refining ourselves needed to be very collaborative. It was important to me that we earned everybody’s buy-in honestly.

My documentation describing our processes was also necessary to have in place before being audited. This included documentation on everything from code reviews to design estimation.

Earning this certification involved protecting not only our internal data, but the data of our customers, as well. The work involved taking a closer look at how our product could be built more securely. We used source code scanning to identify security vulnerabilities and we do bi-annual penetration tests. Last time, no major security issues were uncovered, which is something that we’re all really proud of. Our last audit necessitated zero corrective action.

Lessons learned

  • If you’re building a cloud-based app or some other cloud-adjacent service or product, security has to be a top priority for the entire company. We were lucky enough to have the resources to incorporate this priority into our work as an engineering team right from the beginning. This put us in a very good position to prepare for all of the assessments that an IPO company requires.
  • Our company built an entire internal cybersecurity organization last year. They have been able to provide company-level security for us. A couple of engineers on my own team focus specifically on application-level security. These devoted experts help us maintain compliance with all of the rigorous standards that operating out of California requires of us. Our customers’ data is protected at every intersection.
  • Being proactive about a lot of these things allowed us to naturally prepare ourselves to become an IPO. My advice for engineering leaders is to always do the right thing. We are often working without processes already in place; thinking about processes that enhance security within the company is always time well-spent.

Discover Plato

Scale your coaching effort for your engineering and product teams
Develop yourself to become a stronger engineering / product leader


Related stories

The Art of Asking Why: Narrowing the Gap Between Customers and Users

24 May

Jord Sips, Senior Product Manager at Mews, shares his expertise on a common challenge for product managers – finding root causes and solutions.

Customers
Innovation / Experiment
Product
Personal Growth
Leadership
Stakeholders
Users
Jord Sips

Jord Sips

Senior Product Manager at Mews

Streamlining Product Processes After a Reorganization

16 May

Snehal Shaha, Lead Technical Program Manager at Momentive (fka SurveyMonkey), details her short-term technical strategy to unify processes among teams following an acquisition.

Acquisition / Integration
Product Team
Product
Building A Team
Leadership
Internal Communication
Collaboration
Reorganization
Strategy
Team Processes
Cross-Functional Collaboration
Snehal Shaha

Snehal Shaha

Senior EPM/TPM at Apple Inc.

Navigating Disagreements When It Comes to Priorities

9 May

Pavel Safarik, Head of Product at ROI Hunter, shares his insights on how to deal with disagreements about prioritization when building a product.

Innovation / Experiment
Product Team
Product
Dev Processes
Conflict Solving
Internal Communication
Collaboration
Convincing
Strategy
Prioritization
Pavel Safarik

Pavel Safarik

Head of Product at ROI Hunter

Leading Your Team in Stressful Situations

27 April

David Kormushoff, Director at Koho, recalls how he galvanized his team to tackle a time-sensitive problem, sharing his tips on how to shift chaos into calm.

Goal Setting
Leadership
Conflict Solving
Deadlines
Collaboration
Motivation
Strategy
Health / Stress / Burn-Out
David Kormushoff

David Kormushoff

Director at Koho

Identifying Individuals for Career Growth Opportunities

22 April

Jay Dave, Sr Director Of Engineering at Synack, shares how he has learned to identify team members for promotion by observing their interactions with non-engineering leaders and how they handle stress.

Handling Promotion
Personal Growth
Sharing The Vision
Retention
Stakeholders
Jay Dave

Jay Dave

Sr Director Of Engineering at Synack

You're a great engineer.
Become a great engineering leader.

Plato (platohq.com) is the world's biggest mentorship platform for engineering managers & product managers. We've curated a community of mentors who are the tech industry's best engineering & product leaders from companies like Facebook, Lyft, Slack, Airbnb, Gusto, and more.