Compliance Uncomplicated Episode 3: The Common Language of Security With LinearB

In the third episode of Compliance Uncomplicated, we interview Yishai Beeri, the CTO of LinearB. Yishai shares insights on creating a cross-departmental culture of security and the importance of automation in growth.
Asset - Alexa Ovenshire Headshot

by Alexa Ovenshire

February 23, 2023
Asset - Podcast Episode 3 - Linear B

In the third episode of our Compliance Uncomplicated podcast, Drata co-hosts, Daniel Marashlian (Co-Founder & CTO) and Helina Medhin (Senior Community Strategist), talk to ​​Yishai Beeri, the CTO of developer workflow optimization company, LinearB. 

Drata's Compliance Uncomplicated podcast explores how compliance pathways can help scale your growing business. Compliance can be a daunting and complex topic, but it’s an essential component of any successful business. We aim to make compliance easy to understand and help you unlock the benefits of building a security-first culture that builds trust with your customers. Featuring a wide variety of guests from different backgrounds and industries, each episode explores how startup founders and visionaries are using compliance pathways to accelerate their growth and success. 

In this episode, Yishai shares his insights on the inevitable importance of automation in growth and his positive cross-departmental experiences incorporating compliance into LinearB.

What Does LinearB Do?

LinearB is a platform that enables software engineering teams to improve their productivity and performance with software delivery intelligence. 

By correlating hundreds of signals every hour to provide the right data, their platform helps dev teams communicate more effectively with business leaders, predict and remove bottlenecks, automate menial tasks and help devs merge faster, accelerate delivery, and ultimately increase job satisfaction for developers.

Diving into what LinearB is building, Yishai describes it as: 

“A platform for engineering productivity, excellence, and experience. These are all tied together. We believe that engineers, software engineers are happy when they're productive. Engineers that are stuck or using a broken process are not happy.”

CISOs and Creating a Cross-Departmental Culture of Security

A culture of security is important across every department—not just product and engineering. Yishai and Daniel discuss how the company’s champion of security can play a key role in educating and partnering with other departments to have security be inherent to success across the business.

As Yishai says, the goal is “for people to be able to leverage security as an advantage, not just as a requirement.” 

He also points out the direct benefits of a strong security program. “The advances we're able to make in security and compliance are, first of all, material for our salespeople and marketing people—part of their war chest and part of their objection handling comes from there.”

A company’s security owner should be “providing value to those teams and creating the relationships.” Yishai gives the example of LinearB’s security owner building great rapport with their sales team, by helping respond to questionnaires. “Again, this is product security reflected through questionnaires, through DPAs, through jumping on calls to explain how we do things in the product so that our customers’ security teams are happy and get their answers.”

When asked about his views on the collaboration between a company’s CTO and CISO, Yishai shares his product-centric approach. 

“Product is the important thing. For me, the security owner is not the traditional CISO that is in charge of laptops and firewalls and logins, right? It's part of what they do, but their key ownership is our product, and the compliance within our development processes, which directly impacts the products,” Yishai explains. “So instead of having two functions, where the CISO is the password guy and then the CTO is the product guy, I have one owner. I hired a strong owner for this.”

Why Compliance, and Why Now?

To Yishai, compliance is “a common language for people to understand” security standards and what companies are doing to meet them. 

“I see compliance as a way to make sure I'm doing the right thing regarding security. Make sure that we're not just saying something, but we're actually doing it… We use Drata to achieve that and maintain that.”

One key driver for getting compliance established was simply the fact that it was coming up in sales discussions—it could save team members time, better serve their growing customer base, and “make customers or prospects happier, faster.”

“The other was it was always obvious that we're gonna do this, right?” Yishai points out. “Everyone needs it. It's become a table stakes and at some point, it's ridiculous not to have SOC 2 Type 2.”

In addition to helping sales start calls from a better place and get to the real questions faster, Yishai has sensed internal pride within the LinearB organization after receiving their SOC 2 Type 2 report. An external measure can build internal trust, and give employees more confidence even in their day-to-day work.

Advice for Ramping up a Tech Team

If anyone knows how to best ramp up a technology team, it’s Yishai. So, we asked him if he had advice for other companies in the ramp-up phase.

“Get visibility on the core physics of how your dev team works and where the bottlenecks are,” Yishai advises. “And always couple that with tooling and automation that actually helps improve [things].” (We second the importance of automation!)

Plus, building a platform for engineers by engineers has its benefits too. “We dog food everything we do… All of our developers identify and understand exactly what our customers are going through, and what our users are going through, and they come up with the greatest ideas on how to improve that.”

Yishai also understands the challenges of moving fast and scaling teams firsthand. Not only does fast growth make automation a necessity—it also highlights the importance of taking the time to build in the “why.” 

“It's hard when your engineers are not necessarily always fully in the loop on the business context.” It’s important that businesses address this and provide that context “so engineers know not just the priorities, but why we are doing this, who the customer is, and how they are using the product.” As Yishai says, “Engineers without context cannot do a good job.”

Listen to the Latest Episode

If you’re looking to improve your engineering efficiency and improve your DORA metrics, be sure to check out LinearB.

To hear more from Yishai, listen to episode three of Compliance Uncomplicated on Spotify, Apple Podcasts, YouTube, and Amazon Music.

You can also discuss this episode on Drata’s community, Secured, or subscribe to our newsletter, Trusted to get the latest news.

Trusted Newsletter
Resources for you
New Launches From Drataverse

New Launches From Drataverse: Chart Your Course

Highlights From Drataverse: Chart Your Course

Highlights From Drataverse: Chart Your Course

Image - SOC 2 penetration test list

Penetration Tests and SOC 2: Preference, Tradition, or Requirement?

Asset - Alexa Ovenshire Headshot
Alexa Ovenshire
Drata Multimedia Producer

Put Security & Compliance on Autopilot®

Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.

Related Resources
Image - RSA AI Recap

RSA Conference 2024: Regulations and AI Set to Clash

GRC Maturity: Manual Risk Management Programs Fall Behind

GRC Maturity: Manual Risk Management Programs Fall Behind

DDRR Recap

A Recap of Drataverse Digital: Risk and Reward

NIST AI RMF

Drata's New NIST AI RMF: A Game-Changer for AI Risk Management