Log in
Book a demo
burger menu iconburger menu icon_close
Product
Changelog
Feb 13, 2026
Rootly On-call Health

Rootly On-call Health

Solutions
KnowBe4 turns Incident Response into a repeatable, predictable system with Rootly.
How Achievers productized reliability on Microsoft Teams with Rootly AI.
How ROLLER scales globally while keeping a lean SRE team.
How Momentum minimizes the number of engineers on-call with Rootly AI.
How Motive achieves 99.99% reliability with Rootly.
How Clay uses Rootly to streamline incident management.
How Webflow uses Rootly to build a proactive reliability culture.
How Wealthsimple uses Rootly to create a culture of wellness and psychological safety for incident commanders.
How Lucidworks uses Rootly to create bespoke incident management for their distinct product offering.
How Upstart uses Rootly to create an incident response system that grows with them.
How Rootly helps Replit make better business decisions after incidents.
Customers
Resources
Latest Blog
Feb 18, 2026
Claude Sonnet 4.6: Benchmark Results and Lessons for AI SRE

Claude Sonnet 4.6: Benchmark Results and Lessons for AI SRE

Pricing
Log in
Book a demo

KnowBe4 turns Incident Response into a repeatable, predictable system with Rootly.

KnowBe4rootly-logo

“Rootly turned our incident response into an operating system that scales: clearer ownership, faster resolution, stronger retros, and less reliance on heroics.”

Matthew Duren

Matthew Duren

VP of Engineering

About KnowBe4

KnowBe4 helps organizations reduce human risk by enabling better security decisions across the entire workforce, and increasingly across AI-assisted workflows. KnowBe4 operates in 11 countries and supports customers ranging from startups to the largest enterprises.

Founded: 2010 in Clearwater, Florida, USA

Size: ~2500 employees

KnowBe4’s platform spans security awareness training, phishing triage and response (including PhishER), and cloud email security. When coaching, reporting workflows, or inbox protection degrade, the consequences are immediate: missed learning moments, missed threats, and degraded trust.

KnowBe4 engineering operates with a mature SDLC (CI/CD, peer review, QA gates, staging validation, and separation between staging and production) under heavy compliance expectations, including third-party audit requirements for parts of the platform such as FedRAMP Moderate, ISO 27001, and SOC 2.

That operational bar makes incident response a core product capability, not a side process.

Rootly's Impact at KnowBe4

  • 40% reduction in time to resolve
  • 90% completion for retrospectives
  • 100% ownership and tracking

The “scary slack channel” problem: high urgency, low structure.

Before Rootly, incidents centered on a large private Slack channel with hundreds of stakeholders. Over time, it became the “scary channel.” Everything looked urgent, even exploratory issues. Prioritization got fuzzy. Ownership wasn’t explicit, so the same people often became de facto leaders simply because they were present.

The biggest pain points were operational, and they compounded during incidents:

  • Ownership drift led to slower decisions. Incidents were a “free-for-all.” Accountability blurred, and customer-facing wording and retrospectives inputs often fell to whoever happened to be in the room.
  • Thread fragmentation led to missed context. Alerts paged responders, but conversations could start in an application channel, a product channel, or a private team channel, while another thread spun up in the incident response channel. Parallel threads meant duplicated work and lost signal.
  • Manual coordination led to engineer fatigue. Engineers spent time reconstructing timelines, pulling the right people into the right place, and translating between channels, while the incident clock kept ticking.

KnowBe4 already believed in transparency. They maintained a public status page and published detailed retrospectives for higher-severity events. But internally, they lacked a consistent mechanism to ensure every incident had a single source of truth, clear roles, and reliable follow-through.

They didn’t need more communication. They needed an operational system for incidents.

“Before Rootly, incident response was all effort and no system. Threads scattered across Slack, ownership was implicit, and we spent too much time coordinating instead of resolving.”‍

Matthew Duren, VP of Engineering at KnowBe4

Replacing PagerDuty without rewriting the way engineers work.

KnowBe4 adopted Rootly the way durable operational change happens: in production, during real incidents, with minimal ceremony.

Instead of rolling out a sweeping “new process,” a small group of engineering leaders started using Rootly in live incidents and let the workflow prove itself. This rollout wasn’t training-driven: it was stress-tested.

What changed (clear scope):

  • PagerDuty out; Rootly On-call in
  • Rootly Incident Response + Retrospectives + Jira integration adopted

Rootly became the incident control plane inside Slack:

  1. Rootly creates a dedicated incident channel automatically. The channel is public, improving discoverability and enabling faster swarm response without waiting for invites or hunting for the “right” place to coordinate.
  2. Rootly pulls in the right responders automatically. KnowBe4 routes responders based on the affected product/service so incidents begin with the right expertise in the room.
  3. Roles are assigned early and consistently. KnowBe4 runs with an Incident Lead, an Incident Tech Lead, and an owner for follow-up cadence. A comms function leveraging Rootly’s AI curates status updates so responders stay focused on mitigation while stakeholder updates stay consistent.
  4. Rootly auto-creates the Jira record. Incidents generate an incident ticket by default, and prevention work ties directly to follow-ups, so next steps don’t disappear into Slack history.

Time to first value showed up within the first few incidents. Maximum value compounded over a few short months, especially as teams with fewer incidents built muscle memory.

“Rootly fit how our engineers already work. We started using it in real incidents, and it immediately brought structure and order: one channel, the right responders automatically, clear roles, and tracking by default.”‍

Matthew Duren, VP of Engineering at KnowBe4

The real win: reduced coordination cost and higher resilience.

KnowBe4’s intrinsic value from Rootly wasn’t “a nicer incident tool.” Rootly gave them something more durable: a repeatable operational system for incident response, a way to reduce the human cost of coordination, make accountability consistent, and improve resilience at scale.

Coordination overhead dropped.

KnowBe4 called out coordination overhead as the biggest technical problem Rootly solved. Rootly reduced it by defaulting incidents into one canonical workspace and automating the early steps that normally burn time:

  • Form the incident channel
  • Route the right responders
  • Assign roles
  • Create the tracking record
  • Curate next steps and comms
  • Add the appropriate context

The result: less time spent getting organized and sifting through logs, more time spent resolving.

KnowBe4 also improved velocity in acknowledging and resolving incidents, with a meaningful qualitative reduction in time to resolve, more than 40% reduction.

Accountability became built-in, not social.

Before Rootly, loud voices often became de facto owners. With Rootly, ownership became explicit and repeatable. Running incidents with clear roles in a public incident channel made accountability part of the workflow, not something teams had to negotiate mid-incident.

This also made incident response safer for engineers: the process didn’t depend on tribal knowledge or “who happened to be online.”

Follow-through became reliable and measurable.

Retrospective execution shifted dramatically. KnowBe4’s retros went from inconsistent completion to ~90% completion. Rootly’s structured workflow, AI-assistance, and Jira integration made it easier to convert incident learnings into tracked prevention work.

Incident culture matured: more “incidents,” earlier triage, fewer customer impacts.

KnowBe4 now declares more incidents, intentionally. That’s a sign of maturity, not instability. Rootly helped remove the stigma of incidents as a “black eye,” enabling teams to triage earlier, classify low-impact issues as SEV3, and resolve them before they become customer-facing.

“The biggest win was reducing coordination overhead. Rootly made incident response repeatable so we could move faster, communicate more consistently, and actually follow through on prevention work.”‍

Matthew Duren, VP of Engineering at KnowBe4

Better resilience during peak demand.

KnowBe4 sees predictable peak usage during Cyber Security Awareness Month (October). With a full year of Rootly in place, KnowBe4 credited improved incident attentiveness and follow-through leading into peak season with enabling meaningful performance improvements, delivering a stronger customer experience even amid external cloud-provider disruptions.

Focus shifted back to product value.

Rootly didn’t just improve incident execution: it reduced the need for KnowBe4 to build and maintain internal incident tooling. With incident response and on-call standardized in Rootly, KnowBe4 avoided spending engineering cycles on bespoke workflows and automation across Slack, paging, and ticketing.

That freed engineering to focus on the reliability and performance of KnowBe4’s core security products so customers consistently get the outcomes they depend on.

Proof points (KnowBe4’s internal read-out)

  • 5/5: pager fatigue lower
  • 5/5: time to first status update improved
  • 5/5: retro completion improved
  • 5/5: stakeholder comms are consistent
  • 5/5: engineering morale improved (more clarity + consistency, even with increased accountability)

KnowBe4 adopted Rootly to standardize incident response into a repeatable, reliable, automated system. A system that keeps humans aligned under pressure, makes accountability consistent, and turns every incident into operational learning.

If your incident process still depends on heroic coordination and manual efforts, Rootly is how you graduate from effort to execution, when your customers are counting on you most.

See how the best are managing their incidents

Book a demo
Our Product Philosophy

More customer stories

Lucidworks

How Lucidworks uses Rootly to create bespoke incident management for their distinct product offering.

Dave BastomskiBernard Boateng
Achievers

How Achievers productized reliability on Microsoft Teams with Rootly AI.

Stefan Kolesnikowicz
ROLLER

How ROLLER scales globally while keeping a lean SRE team.

Sean Fernandez
Back to Customers
Back to Customers
©Rootly 2025. All rights reserved.
Privacy policy
·
Terms of use