Security OKRs
Security OKRs
The Security organization executes quarterly Objectives and Key Results or OKRs.
How We Plan, Assign, and Execute Work
Four Mondays before the start of the fiscal quarter, in the days after the CEO shares OKRs with all of GitLab in the #okr channel, the CISO proposes OKRs for the Security Division in the OKR draft review meeting agenda for a maximum of 5 objectives. Security leaders are to propose draft OKRs to the CISO prior to the meeting for inclusion.
From FY24 Q1 forward all Security OKRs are documented in the GitLab OKR project. For easy filtering, all Security Objective and KR issues have Label = Division: Security applied.
Larger initiatives that span the scope of multiple teams or projects may require a Working Group.
What does it mean to be a DRI for a KR?
A KR Directly Responsible Individual (DRI) is meant to be the person accountable for the success of that key result. This doesn’t mean you are the assignee for each individual milestone in the KR, but rather that you’re the person driving change forward to ensure the KR is successful and the progress, risk, and blockers are appropriately communicated within the Security Assurance team.
Being a DRI for a KR includes:
- Drafting KR milestones (inlcuding consistent titling)
- Monitoring weekly status of milestone progress
- Proactively alerting the appropriate stakeholders if a milestone is at risk of on-time completion
- Weekly KR reporting to support OKR-level leadership updates
Templates
New Security KR - GitLab Template
✂️ Copy and paste the below into the GitLab Issue Description
|
|
Security KR Weekly Update
Field updates:
- Progress %
- Health Status: On Track/Needs Attention/At Risk
✂️ Copy and paste the below into the GitLab.com KR Issue(s)
|
|
With YYYY-MM-DD being the beginning of the week (Monday, even if this day if a holiday or a Family and Friends day).
7dc3d6b2)