Field Security Team

Governance and Field Security team charter

Field Security Team

The Field Security team serves as the public representation of GitLab’s internal Security function. Our vision is to be the leading example in collaborative and transparent Customer Assurance Programs. Our mission is to empower the GitLab community with confidence and trust that their data is protected with high levels of security assurance to drive revenue growth. We partner with our fellow GitLab team members and customers to provide a pathway to yes!

Core Competencies

The Field Security team is tasked with providing high levels of security assurance to internal and external customers. We work with all GitLab departments to document requests, analyze the risks associated with those requests, and provide value-added remediation recommendations. We do this in four main ways:

• Conducting Customer Assurance Activities such as completing Security, Privacy, and Risk Management Questionnaires, assisting in Contract Reviews, participating in Customer Pre-Sales Meetings, and making available our Security Documents (such as GitLab’s SOC2 or Penetration Test reports). These activities are managed through the Customer Assurance Activities Service Desk.
• Proactively maintaining self-service security and privacy resources including the SafeBase Trust Center and the Knowledge Base.
• Providing recommendations based on customer security concerns in support of revenue growth through the annual Field Security Study and participation in the Quarterly Business Review Process.
• Building the GitLab Security brand by improving internal and external awareness of GitLab’s security practices and the security of our platform. Engaging with customers and prospects through Evangelism Activities and with internal stakeholders via the Field Security Sales Training Program.

Metrics and Measures of Success

Security Impact on Net ARR

Contact the Team

Ayoub Fandi, @ayofan, Staff Security Assurance Engineer, Field Security

• Customer Assurance Activities
• Evangelism
• Collateral Development for the Trust Center
• Field Security Sales Training Program
• Customer Engagements
• Contract Reviews
• Trust Center administration, maintenance and development (Knowledge Base, content, documents, integrations and metrics)

Jonathan Snow, @jgsnow, Senior Security Assurance Engineer, Field Security

• Customer Assurance Activities
• Trust Center maintenance and development (Knowledge Base, content, documents, integrations and metrics)

Joe Longo, @jlongo_gitlab, Senior Manager, Governance and Field Security

• Customer Assurance Activities
• Field Security Study
• Independent Security Assurance
• Contract Reviews
• Trust Center administration and development (Knowledge Base, content, documents, integrations and metrics)

• GitLab Issues
  • /gitlab-com/gl-security/security-assurance/field-security-team
• Email
  • security-assurance@gitlab.com
• Slack
  • Group Handle
    • @field-security
  • Primary Slack Channels
    • #sec-fieldsecurity
    • #sec-assurance

Feedback and the Future of Field Security

Do you have an idea, feedback, or recommendation for how Field Security can better support you? Please open a General Request issue in the Field Security Project.

References

• Customer Assurance Activities Procedure
• Trust Center
• RFP Completion
• Knowledge Base
• Field Security Study
• Evangelism
• Field Security Sales Training Program
• Independent Security Assurance
• Security Shadow Program

View page source - Edit this page - please contribute.