The Secure Workshop is a Customer Success activity to provide customer enablement on Secure stage features.
The objectives of a Secure Workshop are to:
Provide the customer with best practices for Secure capabilities
Help the customer to adopt Secure stage features they already have access to
Show the customer the value of the Secure stage to position tier upgrade
A Secure Workshop is not a hands-on-keyboard demo or implementation effort.
Getting Started
When first discussing a Secure Workshop with your customer, you can use these points to describe the purpose of the workshop and set expectations.
The Secure Workshop is tailored to your interest in Secure capabilities.
We will work with you to determine which information to cover, and the objectives you are looking to achieve with Secure.
We will work with you to determine when to schedule the workshop, who to invite, and what to expect.
Your CSM will deliver the workshop and answer questions and may bring additional team members for support.
Depending on the number of topics to be covered the workshop, length will vary, but you should plan for a minimum of 60 minutes.
Discovery Questions
Once a customer has agreed to conduct a Secure Workshop session, we need to scope the workshop and what topics should be covered.
To determine the scope and contents of the workshop, refer to the discovery questionnaire which provides guidance on information to gather and questions to ask, as well as links to additional questions and resources to use.
Workshop Development
Use the information you attained during discovery to plan how you will deliver the workshop, and collaborate with the customer to make sure you’re covering the right information. Use the provided materials to assemble the workshop modules that your customer is interested in.
Generally speaking, you should expect the workshop to follow this format:
Overview of Secure capabilities (20-30 minutes)
Click-through demo from developer & security perspective (10-15 minutes)
Q&A (5-10 minutes)
For planning and scheduling purposes, it’s safe to aim for the upper end of each estimate. If there are no questions, the workshop can be done within 45 minutes, but realistically questions can easily add 15 minutes or more.
Workshop Materials
The materials for this workshop are intended to be delivered based on the customer’s expressed interest in Secure capabilities. Depending on your level of familiarity with the Secure stage capabilities, you (and your supporting team members) can conduct the session directly or utilize available pre-recorded videos.
The slide decks provided contain information for the entire Secure stage. Please make a copy of the deck(s) you need for your workshop and tailor the content to the features you’ll be covering with the customer.
Secure WorkshopThis deck is built by the CSM team and provides the slides needed to deliver the workshop directly, with a talk track and click-through demo.
GitLab Security & Compliance CapabilitiesThis deck is built by product marketing and will likely be best used as an initial overview of Secure, either as part of selling the workshop or as a basic introduction.
Team Support
It is highly recommended that you have at least one other team member helping you to deliver the workshop. This person can monitor the chat (or other designated locations) for questions and provide answers, as well as moderate the chat.
Attendee Registration
The recommended way to manage attendees is creating a signup page for the workshop for your customer to share internally. The benefit of a signup page is that:
You can understand in advance the number of expected attendees, and prepare accordingly (i.e. by engaging volunteer resources to handle Q&A in chat)
You will know who is coming and can tailor content to specific levels/titles of attendees (don’t forget to add a title question to your signup page!)
You will have a list of attendees to follow up with, which is incredibly significant as this workshop becomes a means to engage with dev leads and end users that we often may not have otherwise
If your customer would prefer not to use this method, you can suggest that they provide you a list of attendees that you can subsequently send out a meeting invite to.
Use this questionnaire to determine what information to cover in the workshop you are conducting with your customer. Copy the information below into an issue in your customer collaboration project, and fill in the details either by asking the questions during your initial planning session (recommended), or asynchronously by asking the customer to answer the questions in the issue.
A few things to keep in mind about this questionnaire:
The capabilities listed are based on what the Secure Workshop materials currently support. As additional materials are added, this list will be expanded.
## Product Capabilities
Please indicate which [areas of the Secure stage](https://about.gitlab.com/stages-devops-lifecycle/secure/) you would like covered in the session:
- [ ] [SAST](https://docs.gitlab.com/ee/user/application_security/sast/)
- [ ] [DAST](https://docs.gitlab.com/ee/user/application_security/dast/)
## Objectives & Scoping
**What tool(s) are you currently using for `[Secure capability (SAST/DAST, etc.)]`?****What is your biggest concern regarding application security and scanning?****What would you like to change about your current security scanning process?****What is the outcome you're looking to achieve with this workshop?**## Attendees
**Who will be the primary audience for this session (e.g. developers, security team members, etc.)?****Have we invited members of your organization's application security team?**
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
Cookie Policy
User ID: ec89d0f5-7a10-438b-9e3f-97669a4ac0d8
This User ID will be used as a unique identifier while storing and accessing your preferences for future.
Timestamp: --
Strictly Necessary Cookies
Always Active
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, enabling you to securely log into the site, filling in forms, or using the customer checkout. GitLab processes any personal data collected through these cookies on the basis of our legitimate interest.
Functionality Cookies
These cookies enable helpful but non-essential website functions that improve your website experience. By recognizing you when you return to our website, they may, for example, allow us to personalize our content for you or remember your preferences. If you do not allow these cookies then some or all of these services may not function properly. GitLab processes any personal data collected through these cookies on the basis of your consent
Performance and Analytics Cookies
These cookies allow us and our third-party service providers to recognize and count the number of visitors on our websites and to see how visitors move around our websites when they are using it. This helps us improve our products and ensures that users can easily find what they need on our websites. These cookies usually generate aggregate statistics that are not associated with an individual. To the extent any personal data is collected through these cookies, GitLab processes that data on the basis of your consent.
Targeting and Advertising Cookies
These cookies enable different advertising related functions. They may allow us to record information about your visit to our websites, such as pages visited, links followed, and videos viewed so we can make our websites and the advertising displayed on it more relevant to your interests. They may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other websites. GitLab processes any personal data collected through these cookies on the basis of your consent.