Corporate Security (CorpSec) Support

As GitLab has grown organically, several departments and functional groups have their own System Administrators (“Tech Stack App/System Owners”) that handle day-to-day management of the tech stack applications that are specific to that department or functional group, within the framework of organization-wide compliance, infrastructure, and security best practices. Each tech stack application at GitLab has a System Owner that is the DRI for handling the implementation and day-to-day operational support for the team members that utilize that application (in their department or functional group). This has an added benefit of preventing the traditional IT department from being a bottleneck and allows each department to self-service as part of GitLab’s efficiency for the right group subvalue.

The Corporate Security team provides tech support helpdesk services for team members and temporary service providers (aka contractors, vendors, etc.), and configuration management engineering for the company-wide systems that we manage.

Corporate Security Support

Tier 1. Self Service

As part of our self-service and self-learning efficiency value, we encourage you to check out the security self-service guides and systems documentation to see if you can find the answer to your question.

If you can’t find what you’re looking for, please ask in #it_help.

Future State

• (Internal) Why: Direction and Strategy
• (Internal) What: Initiatives and Projects
• (Internal) When: OKRs and Roadmap
• (Internal) How: CorpSec Issue Tracker
• (Public) Who: Team Functions and Team Directory

Current State

• Team Directory
• 👀 New Team Members: Security Onboarding 101 Guide
• 👀 Existing Team Members: Corporate Security Systems Documentation, Access Requests, and Self Service Guides
• 👷 Administration Docs: (Internal) Systems Handbook (Configuration and Runbooks)
• 👷 Engineering
  • Device Trust Engineering
  • Identity Engineering
  • Infrastructure Engineering
  • Platform Engineering (Self-Service Tool Software Development)
  • SaaS Engineering (Corporate Tech Stack Applications and Platforms)
• 💻 Services
  • Access Requests
    • Need Access? See the Systems page for instructions for each specific system.
    • External Collaborators (Auditors, Customers, Partners, Vendors)
    • Infrastructure Provisioning (AWS, Azure, GCP, Sandbox Cloud)
    • Okta Applications
    • Service Accounts
    • Temporary Service Providers (Contractor Users)
  • Change Management
  • Email
  • Device Management
    • Cell Phones and Mobile Devices
    • Laptops
      • New Laptops
        • 👀 Onboarding Hardware Ordering Guide
        • 👀 Onboarding Software Setup Guide
        • 👀 Apple macOS Setup Guide
        • Linux Setup Guide
      • Laptop Replacement and Repairs
        • Refresh/Replace Guide
        • Repair Guide
      • Old Laptops
        • Wipe (Factory Reset) Guide
        • Buy Back Guide
        • Donation Guide
        • Recycle/Return Guide
      • Laptop Policies
        • Procurement Guide and Shipping Times
        • Hardware Models and Specs
        • Operating System Standards
        • Apps and Software Standards
        • Security Configuration Standards
          • Apple ID for Work
          • Backups
          • Disk Encryption
          • Firewall
          • Hostnames and Usernames
          • iCloud Drive
          • Locking When Unattended
          • Password Management
          • Personal Use
          • Remote Management (MDM and EDR)
          • Software Updates
          • Touch ID (Biometric Passwords and 2FA)
          • Web Browsers
          • Wireless Networks and VPN
• Employment Lifecycle
  • Onboarding
  • Role Changes (Career Mobility)
  • Offboarding
• Helpdesk Support
  • See Support and/or Systems pages to get help.
  • If you can’t find the answer you’re looking for, scroll down for Tier 2 support.

Tier 2. Helpdesk Support

We have 24x5 coverage provided by Helpdesk Support Analysts that can help you with access requests, account lockouts, authentication issues, laptop hardware, laptop software configuration problems, 1:1 training for unfamiliar technologies, and triage problems for any Corporate Security Systems.

• Identity and Access Management
  • Access Requests
  • Career Mobility (Mover) and Role Changes Provisioning
  • External Collaborators (Customers, Partners, Vendors)
  • Onboarding (Joiner) Provisioning (Baseline Entitlements) and User Support
  • Offboarding (Leaver) Deprovisioning
  • Service Accounts
  • Temporary Service Providers
• Infrastructure Management
  • AWS
  • GCP
• Laptops and Logistics
• Tech Support for Team Members
  • Account Password and 2FA Resets

Please ask for assistance in the #it_help Slack channel.

Our team members have scheduled on-call shifts, so we kindly ask that you ask in the channel and not send Slack direct messages to specific individuals.

For systems not managed by Corporate Security, you can locate the owner in the tech stack. If you’re not sure where to ask, please ask in #it_help and we will redirect you to the right person or place.

Tier 3. Escalation and Systems Engineering

Our Support Analysts are trained to provide user support. If there is a problem that the Support Analysts cannot answer, they will escalate it to the Corporate Security Engineers.

Our Security Engineers and Systems Engineers are the technical owners for our Corporate Security Systems and handle configuration management and engineering work for optimizing and supporting our business requirements and mitigating any security risks.

For team member support requests, please ask for assistance in the #it_help Slack channel.

For advanced requests or change/configuration management, please open a GitLab issue in the Corporate Security Issue Tracker and choose the appropriate issue template that will automatically add the appropriate labels and assign it to the respective system owners.

Courtesy Reminder: We do not provide same day support in our engineering issues. We have a prioritized queue for our issues that is managed by our engineering managers and program managers. We have allocated buffer in each team to triage new day-to-day requests within a few business days. Please add the appropriate priority label to any issues that you create. Please ask in the #it_help Slack channel for anything urgent and we will handle escalations and prioritization internally.

Tier 4. Automation Engineering

As any company or team evolves and scales, it is important to automate and streamline processes. Most tech companies improve automation and processes using some form of scripting.

At GitLab, each of our departments solves their automation problems independently (organic evolution of our values and solving your own niche problems).

As time allows, our Security Engineers and Systems Engineers work on automation projects to streamline our processes and systems configuration, usually aligned with our security strategy, compliance observations, and/or mitigating identified security risks.

See our automation handbook page to learn more.

Tier 5. Architecture and Crisis Management

Our Staff Engineers and Managers are focused on driving the meta-level direction and improved automation and efficiency of the Corporate Security team and our cross-functional stakeholders that provide a strong security posture in alignment with the security vision while providing great internal customer experience. We also provide swarm-style guidance and engineering for cross-functional or leadership-level crisis and incident mitigation.

View page source - Edit this page - please contribute.