Secure and Govern Internship Program

Overview

The best way to learn about something is by doing it. The best feedback comes directly from working with end-users and the product directly. At GitLab, we have the opportunity to get more direct product feedback and help folks learn more about security at the same time.

For folks interested in learning more about security and/or Product Management, we are offering the opportunity to an internship with the Secure and Govern Product Management team.

Internship options and scope

Each iteration of the internship will be slightly different, depending on the intern’s interests and expertise, the specific projects involved, as well as the mentor. Interns should choose one of the following two internship track options:

  1. An internship focused on adding our Secure and Govern features to open source projects hosted on GitLab.com
  2. An internship where the intern shadows a Product Manager and plays an active, mentored role in taking responsibility for a feature

All interns will be paired with a mentor. Before starting the internship program, the intern and mentor should have a kickoff call to understand the intern’s interest, skills, and availability to then figure out specific goals to drive towards.

Open-source project internship

General goals of this internship are:

  1. Identify and help an open-source project move from a non-GitLab SCM to GitLab
  2. Identify a GitLab-hosted open-source project that would benefit from security scanning.
  3. Integrate various GitLab security scanners into the projects CI pipelines.
  4. Contribute patches and fixes for identified vulnerabilities.
  5. File bug reports and commit small enhancements to GitLab scanners.
  6. Write a report and create collateral detailing their experience and the steps above.

Product Manager shadow internship

General goals of this internship are:

  1. Become familiar with the Product Development Lifecycle and how development is done at GitLab.
  2. Become familiar with user research, including how Problem and/or Solution validation is done at GitLab.
  3. Become familiar with the relevant group’s product strategy and with how prioritization is done. Although the Product Manager remains the DRI for product priorities, interns are encouraged to openly share their insights on the priorities along with the rationale for their thoughts.
  4. Perform one or more of the following:
  5. Under the guidance of the mentor, lead research in a Problem Validation cycle to gather information about user needs. The intern will conclude by proposing next steps to be taken along with creating issues/epics for any relevant product improvements.
  6. Under the guidance of the mentor, collaborate with a Product Designer to define the requirements and user experience for a feature. The intern will be responsible for taking this feature through planning breakdown and working with the engineering team on the execution of the feature.
  7. Under the guidance of the mentor, do extensive competitive, market, and analyst research to refine our product strategy. The intern will be responsible for proposing updates to direction pages to better describe our competitive position and our strategy to prioritize development in a way that optimizes the value we provide to our users.
  8. Write a report and create collateral detailing their experience and the steps above.

Benefits

This program benefits everyone involved in a variety of different ways.

For the Intern

Open source track

  1. Learn industry-leading, modern DevSecOps practices and workflows.
  2. Learn about the latest security scanners and techniques, like SAST, DAST, Fuzz Testing, Container Scanning, and more as well as how to apply them in real-world scenarios.
  3. Learn about new open-source software projects and how to contribute.
  4. Learn about all-remote working environments.
  5. Learn more about GitLab, our users, and how they use our products, which can help in your full time role.

Shadow intern track

  1. Learn what the day-to-day responsibilities of a Product Manager are and how features move through the development lifecycle.
  2. Gain insights into how and why prioritization decisions are made as well as some of the constraints that limit what can be done when.
  3. Broaden their experience with the GitLab values of Iteration and Collaboration as they relate to product development.
  4. Experience first-hand exposure to customer, prospects, and users and their needs.
  5. Deepen their understanding of the capabilities of the Secure and Govern stages and their respective value propositions and place in the market.

For projects

Open source track

  1. Security testing in open source projects can identify bugs and vulnerabilities to be fixed.
  2. Assistance in patching any identified issues.
  3. Additional contributions to open source projects helps keep those projects active and maintained

Shadow intern track

  1. Designers, Engineers, PMMs, and the mentor have an opportunity to hear a new perspective on their work from someone outside the Product organization.
  2. Accelerates the research/validation, execution, and/or strategy development, allowing the team to move more quickly and more confidently.

For GitLab

Open source track

  1. Additional use of our scanners to learn more about what works well and what can be improved.
  2. Opportunity to showcase GitLab as a go-to place to host open source projects.
  3. Real-world examples to share with customers of our scanners.

Shadow intern track

  1. Helps inform and evangelize the capabilities of the Secure and Govern stages to other departments in the company.

Both

  1. Ability to identify and hire exceptional interns.
  2. Provides valuable feedback that can help drive better product decisions.

For the mentor

  1. Get direct access to an “end-user” to better understand their perspective and challenges.
  2. Get practice acting as a mentor and coach.

What to do

This section provides general guidance on what the internship would look like. It is meant to be demonstrative, not prescriptive, and based on what has worked for past iterations. The mentor and intern are responsible for setting the schedule and deliverables that make sense for them.

Define the goals

At the start of the internship, the mentor and intern should decide what the goals of the internship are. This should include either a hands-on application of a GitLab security tool to some open source project or a specific product task to be accomplished during the allotted time. This is the critical piece that helps the intern learn, provides GitLab good feedback, and that benefits the open source project.

Submit your final list of goals to the section leader for approval. The most effective way to do this is to work with your selected mentor and create an issue.

Deliver on the goals

The majority of the internship should be spent doing, rather than talking about doing. To that end, for the open source track, a big piece of the internship should be spent on working with the open source projects directly, rather than working with GitLab teams. For the shadow intern track, the intern should feel free to join any of the Product Manager’s regularly scheduled meetings unless there is a meeting where the PM specifically requests privacy. Shadowing meetings should be secondary; however, to accomplishing the stated goals. Priority should be given to meetings that are directly connected with accomplishing those goals.

Share your experiences

At the end of the internship, the intern should produce some sort of content about their time in the program and what they did. This could be a blog, a YouTube video, conference presentation, or anything that is agreed upon. The goal is to be able to share with others about what was done and give the intern something tangible they can point to in the future.

Example schedule

To make the above a bit more concrete, here are some examples of what a four-week long internship might look like.

| Week | Description | | 1 | Identify OSS projects to work with, scanners to add, and introduce self to the maintainers. | | 2 | Write MRs to add scanners to the projects. | | 3 | Continue with MRs to add scanners to the projects. Start addressing vulnerabilities found by the scanners. | | 4 | Finalize or handoff any open MRs to maintainers. Write blog about experience. |

| Week | Description | | 1 | Identify a feature to lead through the development process. Become familiar with relevant direction pages, problem/solution validations, and epics/issues/designs. Ensure the designs are finalized, that the requirements are comprehensive and well written, and that the feature is 100% ready for planning breakdown. | | 2 | Participate in the weekly group meeting and put the feature through the planning breakdown process. Work with engineers throughout the week to answer questions and iterate on the design as they refine their issues. | | 3 | Work with the PM to identify customers or users who are likely candidates to be early adopters of the new feature. Share the plans with them and solicit their feedback on future improvements that might be made. | | 4 | Continue to evangelize the upcoming feature. Write the release post item, inform the PMM, and share with any interested customers or SAs. Write blog about experience. |

Alumni and Past Participants

| Intern | Mentor | Time Period | Type | Write-up | | @ericrosenberg88 | @stkerr | July 2020 | Internal | Blog post | @kkwentus1 | @sam.white | January 18, 2021 - February 19, 2021 | PM Shadow | | | @jrandazzo | @matt_wilson / @abellucci | January 1, 2023 - February 28, 2023 | PM Shadow | |

How to apply

To apply, please reach out to both Hillary Benson (@hbenson) and the mentor listed below for the open time slot.

Upcoming Slots

| Time frame | Mentor | Track | | None currently available. If you are interested please comment in the #product Slack channel and tag @hillary | | |

Interns

  1. Discuss your interest with your current manager.
  2. Schedule a coffee chat with one of the mentors above to go through your interests, your availability (both calendar time and in % of your work hours), and see if there is a good fit.
  3. Create a new issue for an Internship for Learning and follow that process.

Mentors

If you are willing to act as a mentor for the program, you should do a few things:

  1. Discuss your desire to be a mentor with your own manager.
  2. Decide what product areas of focus you’d like the intern to focus on (SAST, DAST, etc) and that you’d feel comfortable coaching. This is important in case an intern is interested in an area you are unfamiliar or uncomfortable with.
  3. Add your availability and name to the chart above.

Open-source projects

If you are an open-source project hosted on GitLab.com, we would love to have you work with one of our interns as part of this program! If you’re interested, please create an issue and tag us! If you haven’t already, consider also applying for our GitLab Open Source Program.

Last modified October 31, 2023: Clean up markdown (0a9aba0b)
View page source - Edit this page - please contribute. Creative Commons License