Back to resources

Preparing to Transition to an IPO

Strategy
Stakeholders

20 July, 2021

Tina Cessna
Tina Cessna

Senior VP of Engineering at Blackblaze

Tina Cessna, Senior Vice President of Engineering at Backblaze, was well-prepared to lay the groundwork for a more secure organization when her company decided to move toward becoming an IPO.

Problem

I work for a private company that plans to IPO in the future. This requires a fair amount of preparative work across the entire organization. Different departments needed to meet different standards of compliance. We needed to undergo a SOC 2 audit, and I wanted to make sure that we were prepared to be assessed as a company.

When you work with major, enterprise-level customers, they want to know whether or not you’re SOC 2 compliant, or up to the standard of any of a number of other bodies of certification. Earning official certification in cybersecurity checks off many indicators of a company worth trusting your data with.

Privacy and security are company-wide issues, not just the concern of engineering or IT. Each department has different things that they can do in order to contribute to this holistic effort.

Actions taken

Three years before this, I was already working toward a more refined engineering organization in terms of our focus on security. We were always looking for new ways to implement various processes throughout the company. We had grown from twelve to forty-five during this time.

We wanted to ensure that, as we grew, we remained just as productive as we were before. This included making sure that communication on who was doing what within the company was very clear. When you’re still small, it’s easy to simply talk to one another. As you scale, it becomes more difficult to sustain this direct way of exchanging information at every level.

Our QA team needed to be informed on what they had coming so that they could prepare themselves for any changes in our weekly releases. Before preparing to go IPO as we scaled, this process was much more ad hoc. One of my goals was to find a more efficient process for them. Change management control was another area that I wanted to focus on. We needed a better way of organizing the work to be done in regard to our product.

We put plenty of documentation in place after institutionalizing these changes. We wanted to make sure that the team knew what we were doing; the process of refining ourselves needed to be very collaborative. It was important to me that we earned everybody’s buy-in honestly.

My documentation describing our processes was also necessary to have in place before being audited. This included documentation on everything from code reviews to design estimation.

Earning this certification involved protecting not only our internal data, but the data of our customers, as well. The work involved taking a closer look at how our product could be built more securely. We used source code scanning to identify security vulnerabilities and we do bi-annual penetration tests. Last time, no major security issues were uncovered, which is something that we’re all really proud of. Our last audit necessitated zero corrective action.

Lessons learned

  • If you’re building a cloud-based app or some other cloud-adjacent service or product, security has to be a top priority for the entire company. We were lucky enough to have the resources to incorporate this priority into our work as an engineering team right from the beginning. This put us in a very good position to prepare for all of the assessments that an IPO company requires.
  • Our company built an entire internal cybersecurity organization last year. They have been able to provide company-level security for us. A couple of engineers on my own team focus specifically on application-level security. These devoted experts help us maintain compliance with all of the rigorous standards that operating out of California requires of us. Our customers’ data is protected at every intersection.
  • Being proactive about a lot of these things allowed us to naturally prepare ourselves to become an IPO. My advice for engineering leaders is to always do the right thing. We are often working without processes already in place; thinking about processes that enhance security within the company is always time well-spent.

Discover Plato

Scale your coaching effort for your engineering and product teams
Develop yourself to become a stronger engineering / product leader


Related stories

A Day in the Life of a Product Lead in FinTech – A Series

31 January

Discover the daily struggles, challenges, and moments of delight encountered when delivering banking products around the world. I will share my story candidly and honestly, without filter as much as I am allowed, and offer insights into my approach while providing retrospectives of the results.

Strategy
Embracing Failures
Cultural Differences
Career Path
Loussaief Fayssal

Loussaief Fayssal

Director of CX at FLF PRODUCT DESIGN

Myth Busting

10 December

Supporting principles on why being data led (not driven) helps with the story telling.

Alignment
Managing Expectations
Building A Team
Leadership
Collaboration
Productivity
Feedback
Psychological Safety
Stakeholders
Vikash Chhaganlal

Vikash Chhaganlal

Head of Engineering at Xero

DevSecOps: Why, Benefits and Culture Shift

29 November

Why DevSecOps matter and what's really in it for you, the team and the organisation?

Innovation / Experiment
Building A Team
Leadership
Ownership
Stakeholders
Cross-Functional Collaboration
Vikash Chhaganlal

Vikash Chhaganlal

Head of Engineering at Xero

The Growth Mindset in Modern Product Engineering

28 November

The impact you can have with a Growth Mindset' and the factors involved in driving orchestrated change.

Building A Team
Leadership
Collaboration
Feedback
Ownership
Stakeholders
Vikash Chhaganlal

Vikash Chhaganlal

Head of Engineering at Xero

How I failed at my startup

14 October

There are nine specific building blocks and functional areas every org/company need to work to launch the product and provide services to customers. How effectively founders tackle them determine the destiny of the company.

Mission / Vision / Charter
Scaling Team
Building A Team
Impact
Strategy
Prioritization
Praveen Cheruvu

Praveen Cheruvu

Senior Software Engineering Manager at Anaplan