Plato Elevate Winter Summit has been announced (Dec 7th-8th)

🔥

Back to resources

Preparing to Transition to an IPO

Strategy
Stakeholders

20 July, 2021

Tina Cessna
Tina Cessna

SVP of Engineering at Blackblaze

Tina Cessna, Senior Vice President of Engineering at Backblaze, was well-prepared to lay the groundwork for a more secure organization when her company decided to move toward becoming an IPO.

Problem

I work for a private company that plans to IPO in the future. This requires a fair amount of preparative work across the entire organization. Different departments needed to meet different standards of compliance. We needed to undergo a SOC 2 audit, and I wanted to make sure that we were prepared to be assessed as a company.

When you work with major, enterprise-level customers, they want to know whether or not you’re SOC 2 compliant, or up to the standard of any of a number of other bodies of certification. Earning official certification in cybersecurity checks off many indicators of a company worth trusting your data with.

Privacy and security are company-wide issues, not just the concern of engineering or IT. Each department has different things that they can do in order to contribute to this holistic effort.

Actions taken

Three years before this, I was already working toward a more refined engineering organization in terms of our focus on security. We were always looking for new ways to implement various processes throughout the company. We had grown from twelve to forty-five during this time.

We wanted to ensure that, as we grew, we remained just as productive as we were before. This included making sure that communication on who was doing what within the company was very clear. When you’re still small, it’s easy to simply talk to one another. As you scale, it becomes more difficult to sustain this direct way of exchanging information at every level.

Our QA team needed to be informed on what they had coming so that they could prepare themselves for any changes in our weekly releases. Before preparing to go IPO as we scaled, this process was much more ad hoc. One of my goals was to find a more efficient process for them. Change management control was another area that I wanted to focus on. We needed a better way of organizing the work to be done in regard to our product.

We put plenty of documentation in place after institutionalizing these changes. We wanted to make sure that the team knew what we were doing; the process of refining ourselves needed to be very collaborative. It was important to me that we earned everybody’s buy-in honestly.

My documentation describing our processes was also necessary to have in place before being audited. This included documentation on everything from code reviews to design estimation.

Earning this certification involved protecting not only our internal data, but the data of our customers, as well. The work involved taking a closer look at how our product could be built more securely. We used source code scanning to identify security vulnerabilities and we do bi-annual penetration tests. Last time, no major security issues were uncovered, which is something that we’re all really proud of. Our last audit necessitated zero corrective action.

Lessons learned

  • If you’re building a cloud-based app or some other cloud-adjacent service or product, security has to be a top priority for the entire company. We were lucky enough to have the resources to incorporate this priority into our work as an engineering team right from the beginning. This put us in a very good position to prepare for all of the assessments that an IPO company requires.
  • Our company built an entire internal cybersecurity organization last year. They have been able to provide company-level security for us. A couple of engineers on my own team focus specifically on application-level security. These devoted experts help us maintain compliance with all of the rigorous standards that operating out of California requires of us. Our customers’ data is protected at every intersection.
  • Being proactive about a lot of these things allowed us to naturally prepare ourselves to become an IPO. My advice for engineering leaders is to always do the right thing. We are often working without processes already in place; thinking about processes that enhance security within the company is always time well-spent.

Discover Plato

Scale your coaching effort for your engineering and product teams
Develop yourself to become a stronger engineering / product leader


Related stories

Why Overloading Product Teams Never Work

23 November

Adi Purwanto Sujarwadi, VP of Product at Evermos, shares how he identified the symptoms of his overworked product team and worked towards defining conflicting priorities.

Managing Expectations
Product Team
Deadlines
Stakeholders
Adi Purwanto Sujarwadi

Adi Purwanto Sujarwadi

VP of Product at Evermos

What it takes to become a great product manager

19 November

James Engelbert, Head of Product at BT, shares his deep understanding of the traits of a successful product manager and how to get aligned with the organization’s path to success.

Product Team
Personal Growth
Leadership
Strategy
James Engelbert

James Engelbert

Head of Product at BT

The art of managing up

19 November

James Engelbert, Head of Product at BT, shares how managing up is all about being an excellent manager to bring the best out of a team.

Mission / Vision / Charter
Managing Up
Internal Communication
Strategy
Stakeholders
Cross-Functional Collaboration
James Engelbert

James Engelbert

Head of Product at BT

The Benefits of Stakeholder Communication

17 November

Piyush Dubey, Senior Software Engineer at Microsoft, shares how to understand the stakeholder communication process better and why it is essential.

Meetings
Internal Communication
Collaboration
Ownership
Stakeholders
Piyush Dubey

Piyush Dubey

Senior Software Engineer at Microsoft

How to Scale Product Teams for Empowerment & Impact?

5 November

Prasad Gupte, Director of Product at Babbel, shares his insights into the challenges behind successfully growing a team.

Customers
Product
Scaling Team
Strategy
Users
Prasad Gupte

Prasad Gupte

Director of Product at Babbel

You're a great engineer.
Become a great engineering leader.

Plato (platohq.com) is the world's biggest mentorship platform for engineering managers & product managers. We've curated a community of mentors who are the tech industry's best engineering & product leaders from companies like Facebook, Lyft, Slack, Airbnb, Gusto, and more.