Back to resources

Preparing to Transition to an IPO

Strategy
Stakeholders

20 July, 2021

Tina Cessna
Tina Cessna

Senior VP of Engineering at Blackblaze

Tina Cessna, Senior Vice President of Engineering at Backblaze, was well-prepared to lay the groundwork for a more secure organization when her company decided to move toward becoming an IPO.

Problem

I work for a private company that plans to IPO in the future. This requires a fair amount of preparative work across the entire organization. Different departments needed to meet different standards of compliance. We needed to undergo a SOC 2 audit, and I wanted to make sure that we were prepared to be assessed as a company.

When you work with major, enterprise-level customers, they want to know whether or not you’re SOC 2 compliant, or up to the standard of any of a number of other bodies of certification. Earning official certification in cybersecurity checks off many indicators of a company worth trusting your data with.

Privacy and security are company-wide issues, not just the concern of engineering or IT. Each department has different things that they can do in order to contribute to this holistic effort.

Actions taken

Three years before this, I was already working toward a more refined engineering organization in terms of our focus on security. We were always looking for new ways to implement various processes throughout the company. We had grown from twelve to forty-five during this time.

We wanted to ensure that, as we grew, we remained just as productive as we were before. This included making sure that communication on who was doing what within the company was very clear. When you’re still small, it’s easy to simply talk to one another. As you scale, it becomes more difficult to sustain this direct way of exchanging information at every level.

Our QA team needed to be informed on what they had coming so that they could prepare themselves for any changes in our weekly releases. Before preparing to go IPO as we scaled, this process was much more ad hoc. One of my goals was to find a more efficient process for them. Change management control was another area that I wanted to focus on. We needed a better way of organizing the work to be done in regard to our product.

We put plenty of documentation in place after institutionalizing these changes. We wanted to make sure that the team knew what we were doing; the process of refining ourselves needed to be very collaborative. It was important to me that we earned everybody’s buy-in honestly.

My documentation describing our processes was also necessary to have in place before being audited. This included documentation on everything from code reviews to design estimation.

Earning this certification involved protecting not only our internal data, but the data of our customers, as well. The work involved taking a closer look at how our product could be built more securely. We used source code scanning to identify security vulnerabilities and we do bi-annual penetration tests. Last time, no major security issues were uncovered, which is something that we’re all really proud of. Our last audit necessitated zero corrective action.

Lessons learned

  • If you’re building a cloud-based app or some other cloud-adjacent service or product, security has to be a top priority for the entire company. We were lucky enough to have the resources to incorporate this priority into our work as an engineering team right from the beginning. This put us in a very good position to prepare for all of the assessments that an IPO company requires.
  • Our company built an entire internal cybersecurity organization last year. They have been able to provide company-level security for us. A couple of engineers on my own team focus specifically on application-level security. These devoted experts help us maintain compliance with all of the rigorous standards that operating out of California requires of us. Our customers’ data is protected at every intersection.
  • Being proactive about a lot of these things allowed us to naturally prepare ourselves to become an IPO. My advice for engineering leaders is to always do the right thing. We are often working without processes already in place; thinking about processes that enhance security within the company is always time well-spent.

Discover Plato

Scale your coaching effort for your engineering and product teams
Develop yourself to become a stronger engineering / product leader


Related stories

How to Organize, Manage, and Grow Your Team

12 July

Vineet Puranik, Senior Engineering Manager at DocuSign, discusses the impact of roadmaps, organization, and proper management for your teams to procure growth.

Managing Expectations
Delegate
Collaboration
Roadmap
Strategy
Vineet Puranik

Vineet Puranik

Senior Engineering Manager at DocuSign

Bootstrapping a Startup While Working Full-Time

23 June

Lucjan Suski, CEO & Co-founder of Surfer, relates how he started a company as a side project and shares his insights on bootstrapping tech startups.

Innovation / Experiment
Motivation
Strategy
Lucjan Suski

Lucjan Suski

Co-founder, formerly CTO and CEO at Surfer

Managing Through a Team Reorganization

15 June

Mugdha Myers, former Engineering Manager at Google, discusses the challenges of leading a team through the ambiguity and anxiety caused by a large-scale team restructuring.

Alignment
Changing A Company
Strategy
Changing Company
Mugdha Myers

Mugdha Myers

Engineering Manager at N/A

Dealing with Uncertainties and Adapting as You Go

14 June

Muhammad Hamada, Engineering Manager at HelloFresh, addresses the uncertainties brought on by the pandemic, how these have affected our work environments, and how we can adapt.

Goal Setting
Internal Communication
Collaboration
Roadmap
Stakeholders
Prioritization
Muhammad Hamada

Muhammad Hamada

Engineering Manager at HelloFresh

The Art of Asking Why: Narrowing the Gap Between Customers and Users

24 May

Jord Sips, Senior Product Manager at Mews, shares his expertise on a common challenge for product managers – finding root causes and solutions.

Customers
Innovation / Experiment
Product
Personal Growth
Leadership
Stakeholders
Users
Jord Sips

Jord Sips

Senior Product Manager at Mews