Security Department Learning & Development


This page is created as a result of the FY21Q4 Culture Amp survey, where Security team members expressed a desire to improve on the currently available L&D opportunities at GitLab. In order to paint a holistic picture of L&D resources available to team members, some of the resources detailed on this page are not Security-specific and are already documented in the handbook.

L&D resources available to all team members

GitLab provides a multitude of opportunities to learn and develop new skills on the topics of leadership, management, and DIB. GitLab Learn is the platform of choice that allows self-paced, on-demand courses. It also contains trainings offered through LinkedIn Learning. If you’re looking for a more flexible approach to learning the aforementioned skills, then perhaps the learning initiatives provided by the L&D team are something for you to consider.

Growth and Development Budget

Within the Growth and Development benefit, GitLab allows team members to spend $10,000 on Growth and Development annually. The individual Growth and Development budget can be used to attend conferences and workshops, obtain certifications, professional coaching, academic study and more. The extensive list of Growth and Development types of reimbursement can be found on this page.

Learning and development within GitLab Security

Professional Trainings

The ability to pursue professional trainings is of critical importance to security professionals due to the fast and ever-changing security landscape. Team members are encouraged to identify training courses, certifications, and conferences that of interest that are related to their roles and responsibilities. If seen as relevant, these resources are going to be added to the team member’s Individual Development Plan (IDP). Trainings are a great way to empower team members to gain new knowledge and approaches to situations they face in their roles. Trainings are a great tool to improve productivity and efficiency at work, but they must not be seen as a goal in itself - while knowledge gained from trainings can positively impact you career growth, if applied, the trainings alone bear no weight the likelihood of your progressing your career.

Some great security trainings are available at the following providers:

Dedicate time to L&D

As a Security team member, you have the opportunity to dedicate 8 working hours per month to L&D. This does not account for multi-day trainings.

It is recognized that there is a trade off with this initiative using the fundamental concepts of a cut-off line and one-in, one-out philosophy. In order to prioritize this time the opportunity cost should be clearly identified and impact assessed. Therefore, team members who decide to make use of this initiative will need to discuss the ideas with their direct manager. The 8 hours are to be used on an agreed upon schedule. The schedule can be can be 1 day per month, 4 hours twice per month, 2 hours weekly, and so forth. This is also to ensure that the effort is used towards career objectives and professional growth. As such, dedicated L&D time should be captured in participating team member’s IDP.

Leadership shadowing

We currently have the Security Shadow programme available to all team members. In addition to that we’re also working on a Security Leadership shadowing idea, which would be based around the CEO Shadow model. We’ll update this entry as we make progress on it.

Share what you have learned with other team members

A big part of an informal learning process is leaning on what your peers are doing and what they have accomplished. As such, it is very important to take the time to document what you have learned from official trainings that you’ve attended, provide any materials that you’re allowed to, and present any major developments in the monthly Show & Tell meeting.

Security knowledge base

You’ll be expected to provide a summary, key take-aways, and any supporting materials to other Security team members whenever you complete a training that GitLab pays for. To do this, make use of the dedicated Security Knowledge Base group:

  • Create a new project and name it accordingly
  • Provide a markup formatted write-up in the form of a in the project, documenting as much you can, but at least the following:
    • Name of the training
    • Date of the training
    • URLs to the training
    • Description of the training
    • Personal impression
  • Upload as much supporting material to the project as you’re allowed to by the authors of the training

Show & Tell

The Security Department Show & Tell takes place every 2nd Thrusday, changing times each time to ensure both APAC and EMEA team members are able to attend at least once a month. Everyone at GitLab is welcome to join the Show & Tell and it’s actively advertised in #security-department. The purpose of the Show & Tell is to encourage the sharing of knowledge with your Security peers and other team members - anything from proof-of-concepts, demos, ideas, books, trainings will do.