Corporate Security (CorpSec)
π Welcome to Corporate Security, we’re glad you’re here! You may also know us as the former IT Operations team that moved from the Finance to Security division in early 2024.
Need Help?
Please try exploring the following pages to see if your question has been answered in the handbook pages. If not, please ask in the #it_help
channel and one of our Support Analysts will reply as soon as possible.
- CorpSec Onboarding 101 Guide
- CorpSec Support Guide
- CorpSec Services
- CorpSec Systems and Tech Stack Apps
- Internal Handbook
- System Administration and Runbooks Handbook
- Ask in the
#it_help
Slack channel
What We Do
Mission
As a remote company, we do not have office buildings, physical datacenters, or other traditional IT environments. All of our team members are issued a laptop that they use to work from home or on the road. Although our engineering and product teams are building software that is deployed on AWS and GCP, almost all of our corporate software is vendor-managed software-as-a-service (SaaS). Although this results in a simpler physical threat landscape, the cybersecurity threat landscape is vast and still requires a lot of attention to do it right.
Our mission is to empower our employees to be productive with the technology provided by the business, enable the business to be successful, protect our customers and their data, and provide internal security for GitLab (the company) and our team member’s use of GitLab (the product).
GitLab is both a company and a product. The Corporate Security department focuses on protecting the technology that the company uses to conduct business internally, and provides the hardware, software, and tools that our team members need to get their job done. We have a 24x5 technical support helpdesk for team members and have engineers that configure and maintain many of our company-wide tech stack applications. We also invest heavily in device trust and identity management to provide the highest level of security assurance for the administrators of our product and ensure all appropriate controls are in place when handling customer data.
Prime Directive
- Safeguard our organization’s digital assets, ensuring the integrity, confidentiality, and availability of all data.
- Implement robust security measures, fostering a culture of awareness and compliance among employees, and continuously monitoring and enhancing our information technology systems to protect against evolving threats.
- Leverage the GitLab platform (dogfooding) to assist us in the securing of GitLab.
- Provide reliable, secure and efficient IT and Security engineering, innovation, and services with Zero Trust principals to support cross-functional organizational goals
Scope
- Architecting next-generation automation and integration between security-related systems that provides data consistency, reliability, strong security, and auditability.
- Building relationships with cross-department system owners and proposing solutions to ensure our tech stack applications conform to our latest security best practices
- Consolidating and refactoring legacy tech debt
- Designing processes and choosing software tools that improves back office automation or mitigates security risks
- Escalation engineering and crisis response for leadership teams
- Factor in cost, security, compatibility, maintainability and user experience when making decisions
- Growing other team membersβ skill sets through mentorship to improve operational efficiency and encourage professional development
- Handbook documentation for processes and systems architecture
- Identity and access management (IAM)
- Joint collaboration with process and system owners across the company for improving automation efficiency, security posture, and vulnerability management
- Keeping leaders and stakeholders informed of next-gen initiatives and contributing to creating automated analytics for day-to-day IT and Security operations
- Leading innovation opportunities between several teams with a willingness to experiment and to boldly confront problems of large complexity and scope
- Making technical decisions on behalf of the department and organization while providing presentation support to leaders during technical discussions
- New tech stack (vendor) application onboarding and provisioning
- Onboarding provisioning, offboarding deprovisioning
- Policy and configuration management for organization-wide applications and systems that we manage
- Role-based access control (RBAC)
- Shipping laptops to new team members and refreshing older models
- Tech support for team members and temporary service providers
- User experience and productivity optimization for internal software and tools
- Vulnerability and malware risk mitigation
- Workflow automation for employee lifecycle
- X-Men, we are. Always be saving the day with a smile on your face!
- Yesterday’s problems are tomorrow’s opportunties for iteration
- Zero trust implementation
Direction and Strategy
- (Internal) CISO Multi-Year Information Security Goals and Priorities
- (Internal) CorpSec Direction and Strategy
- (Internal) CorpSec OKRs and Roadmap
- (Internal) CorpSec Projects and Initiatives
- Security Division OKRs
- (Internal) Corporate Security Epics List
- (Internal) Corporate Security Epics Gantt Chart
- (Internal) CorpSec Issue Tracker
- How We Work
Services
- π Please see CorpSec Support if you are looking for help.
- π Applications and Systems
- π Helpdesk Services
- π Access Requests
- π» Laptop and Logistics Services
- π¬ Onboarding
- π« Offboarding
- π§βπ» Tech Support (for Team Members)
- β Infrastructure Services
Engineering
- π How We Work
- π» Device Trust Engineering
- π Identity Engineering
- β Infrastructure Engineering
- π Platform Engineering
- π· SaaS Engineering
Who We Are
See the Team Directory.
Contact Us
- Tier 1 Self Service
- Tier 2 Helpdesk Support
- Tier 3 Escalation and Systems Engineering
- Tier 4 Automation Engineering
- Tier 5 Architecture and Crisis Management
- CorpSec Issue Tracker
- Engineers and System Owners - See CorpSec Systems for GitLab group handle and Slack group handle.
#corpsec
Slack Channel (for technical support, please ask in#it_help
)
- Helpdesk Team
#it_help
Slack Channel@it-help
Slack groupit-help [at] gitlab [dot] com
@gitlab-com/gl-security/corp/services
- Management Team
@gitlab-com/gl-security/corp/managers
- Tag the respective functional team manager or director in Slack.
- Director - Steve Manzuik
- Program Management - Steve Manzuik, Kim Waters
- Device Trust - Eric Rubin
- Helpdesk Support - Michael Beltran
- Infrastructure - Jeff Martin
- Laptops and Logistics - Michael Beltran
- Onboarding and Offboarding Day-to-Day Operations (Helpdesk Services) - Michael Beltran
- Onboarding and Offboarding Policy and Strategy (Identity Engineering) - David Zhu
- Platform Engineering (Custom Software Development) - Jeff Martin
- SaaS Engineering - David Zhu, Eric Rubin
- Sensitive Data or Employment Requests - Michael Beltran
Corporate Security (CorpSec) Support
CorpSec Direction
CorpSec Engineering
CorpSec Services
CorpSec Systems and Tech Stack
CorpSec Team Directory
How We Work
b684cdaf
)