Secure Workshop

Overview

The Secure Workshop is a Customer Success activity to provide customer enablement on Secure stage features.

The objectives of a Secure Workshop are to:

  • Provide the customer with best practices for Secure capabilities
  • Help the customer to adopt Secure stage features they already have access to
  • Show the customer the value of the Secure stage to position tier upgrade

A Secure Workshop is not a hands-on-keyboard demo or implementation effort.

Getting Started

When first discussing a Secure Workshop with your customer, you can use these points to describe the purpose of the workshop and set expectations.

  • The Secure Workshop is tailored to your interest in Secure capabilities.
  • We will work with you to determine which information to cover, and the objectives you are looking to achieve with Secure.
  • We will work with you to determine when to schedule the workshop, who to invite, and what to expect.
  • Your CSM will deliver the workshop and answer questions and may bring additional team members for support.
  • Depending on the number of topics to be covered the workshop, length will vary, but you should plan for a minimum of 60 minutes.

Discovery Questions

Once a customer has agreed to conduct a Secure Workshop session, we need to scope the workshop and what topics should be covered.

To determine the scope and contents of the workshop, refer to the discovery questionnaire which provides guidance on information to gather and questions to ask, as well as links to additional questions and resources to use.

Workshop Development

Use the information you attained during discovery to plan how you will deliver the workshop, and collaborate with the customer to make sure you’re covering the right information. Use the provided materials to assemble the workshop modules that your customer is interested in.

Generally speaking, you should expect the workshop to follow this format:

  1. Overview of Secure capabilities (20-30 minutes)
  2. Click-through demo from developer & security perspective (10-15 minutes)
  3. Q&A (5-10 minutes)

For planning and scheduling purposes, it’s safe to aim for the upper end of each estimate. If there are no questions, the workshop can be done within 45 minutes, but realistically questions can easily add 15 minutes or more.

Workshop Materials

The materials for this workshop are intended to be delivered based on the customer’s expressed interest in Secure capabilities. Depending on your level of familiarity with the Secure stage capabilities, you (and your supporting team members) can conduct the session directly or utilize available pre-recorded videos.

The slide decks provided contain information for the entire Secure stage. Please make a copy of the deck(s) you need for your workshop and tailor the content to the features you’ll be covering with the customer.

  • Secure Workshop This deck is built by the CSM team and provides the slides needed to deliver the workshop directly, with a talk track and click-through demo.
  • GitLab Security & Compliance Capabilities This deck is built by product marketing and will likely be best used as an initial overview of Secure, either as part of selling the workshop or as a basic introduction.

Team Support

It is highly recommended that you have at least one other team member helping you to deliver the workshop. This person can monitor the chat (or other designated locations) for questions and provide answers, as well as moderate the chat.

Attendee Registration

The recommended way to manage attendees is creating a signup page for the workshop for your customer to share internally. The benefit of a signup page is that:

  • You can understand in advance the number of expected attendees, and prepare accordingly (i.e. by engaging volunteer resources to handle Q&A in chat)
  • You will know who is coming and can tailor content to specific levels/titles of attendees (don’t forget to add a title question to your signup page!)
  • You will have a list of attendees to follow up with, which is incredibly significant as this workshop becomes a means to engage with dev leads and end users that we often may not have otherwise

If your customer would prefer not to use this method, you can suggest that they provide you a list of attendees that you can subsequently send out a meeting invite to.

Supplemental Videos

Videos by Feature


CSM Secure Workshop Discovery Questionnaire

Use this questionnaire to determine what information to cover in the workshop you are conducting with your customer. Copy the information below into an issue in your customer collaboration project, and fill in the details either by asking the questions during your initial planning session (recommended), or asynchronously by asking the customer to answer the questions in the issue.

A few things to keep in mind about this questionnaire:

## Product Capabilities

Please indicate which [areas of the Secure stage](https://about.gitlab.com/stages-devops-lifecycle/secure/) you would like covered in the session:

- [ ] [SAST](https://docs.gitlab.com/ee/user/application_security/sast/)
- [ ] [DAST](https://docs.gitlab.com/ee/user/application_security/dast/)

## Objectives & Scoping

**What tool(s) are you currently using for `[Secure capability (SAST/DAST, etc.)]`?**



**What is your biggest concern regarding application security and scanning?**



**What would you like to change about your current security scanning process?**



**What is the outcome you're looking to achieve with this workshop?**



## Attendees

**Who will be the primary audience for this session (e.g. developers, security team members, etc.)?**



**Have we invited members of your organization's application security team?**
Last modified June 27, 2024: Fix various vale errors (46417d02)