To be a trusted sales enablement partner that is recognized internally and externally for collaborative and transparent security assurance programs.
Overview
As a member of the Security department, the Security Assurance sub-department provides GitLab customers with a high level of assurance around the security of GitLab SaaS service offerings.
There are five teams in the Security Assurance sub-department.
The Security Assurance sub department utilizes a variety of tools to carry out day to day activities. The system admin is responsible for the following:
Configuration changes
Onboarding/offboarding/transfers (ie Access)
Upgrades/patching/incidents
Migrations to new environments
Restores from backup
Admin level audit evidence
Quality oversight (limited scope)
All other actions are the responsibility of the assigned DRI.
Key system utilized for the creation and distribution of our security training and phishing simulations to provide ongoing testing for adherence of various compliance frameworks.
The goal of this handbook page is to document the goals and priorities for the automation in compliance within the Security Compliance team at GitLab. Automations are built and enabled through the support of GitLab’s Security Assurance Automation team for technical implementations.
Core Focuses
Support the business by automating security processes, compliance controls, and finding automation efficiencies.
Develop and maintain automated solutions that enhance our security posture, streamline compliance efforts, and provide continuous monitoring of our systems and infrastructure.
Enable security to scale through the discovery and application of compliance automation.
Key priorities for Compliance Automation (in order)
Control Automations - Automated testing and alert on failures of controls
Control Automations - Automated testing and workbook creation
Metrics - Key insights into compliance/risk metrics to inform scope
User Access Reviews - Process automation and risk based review enablement
Process Automations - Process automation around compliance activities such as observation management, audit management, etc.
Possible areas of opportunity
Developing and implementing automated security controls and processes
Creating and maintaining compliance automation tools and scripts
Integrating security and compliance checks into CI/CD pipelines
Automating vulnerability scanning and remediation processes
Implementing automated security testing and validation
Developing dashboards and reporting tools for security metrics and compliance status
Collaborating with other security teams to identify automation opportunities
Continuously improving and optimizing existing compliance automation solutions
The Field Security team serves as the public representation of GitLab’s internal Security function. Our vision is to be the leading example in collaborative and transparent Customer Assurance Programs. Our mission is to empower the GitLab community with confidence and trust that their data is protected with high levels of security assurance to drive revenue growth. We partner with our fellow GitLab team members and customers to provide a pathway to yes!
The Compliance Production Readiness Assessment is a process designed to make it clear what obligations systems owners have for configuring and hardening a system/tool/service in order for GitLab to meet its compliance and regulatory obligations.
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
Cookie Policy
User ID: 5628bb31-4b85-41c0-8899-877bfeb6211c
This User ID will be used as a unique identifier while storing and accessing your preferences for future.
Timestamp: --
Strictly Necessary Cookies
Always Active
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, enabling you to securely log into the site, filling in forms, or using the customer checkout. GitLab processes any personal data collected through these cookies on the basis of our legitimate interest.
Functionality Cookies
These cookies enable helpful but non-essential website functions that improve your website experience. By recognizing you when you return to our website, they may, for example, allow us to personalize our content for you or remember your preferences. If you do not allow these cookies then some or all of these services may not function properly. GitLab processes any personal data collected through these cookies on the basis of your consent
Performance and Analytics Cookies
These cookies allow us and our third-party service providers to recognize and count the number of visitors on our websites and to see how visitors move around our websites when they are using it. This helps us improve our products and ensures that users can easily find what they need on our websites. These cookies usually generate aggregate statistics that are not associated with an individual. To the extent any personal data is collected through these cookies, GitLab processes that data on the basis of your consent.
Targeting and Advertising Cookies
These cookies enable different advertising related functions. They may allow us to record information about your visit to our websites, such as pages visited, links followed, and videos viewed so we can make our websites and the advertising displayed on it more relevant to your interests. They may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other websites. GitLab processes any personal data collected through these cookies on the basis of your consent.