Field Security Team
Governance and Field Security team charter
Field Security Team
The Field Security team serves as the public representation of GitLab’s internal Security function. Our vision is to be the leading example in collaborative and transparent Customer Assurance Programs. Our mission is to empower the GitLab community with confidence and trust that their data is protected with high levels of security assurance to drive revenue growth. We partner with our fellow GitLab team members and customers to provide a pathway to yes!
Core Competencies
The Field Security team is tasked with providing high levels of security assurance to internal and external customers. We work with all GitLab departments to document requests, analyze the risks associated with those requests, and provide value-added remediation recommendations. We do this in four main ways:
- Conducting Customer Assurance Activities such as completing Security, Privacy, and Risk Management Questionnaires, assisting in Contract Reviews, participating in Customer Pre-Sales Meetings, and making available our Security Documents (such as GitLab’s SOC2 or Penetration Test reports). These activities are managed through the Customer Assurance Activities Service Desk.
- Proactively maintaining self-service security and privacy resources including the SafeBase Trust Center and the Knowledge Base.
- Providing recommendations based on customer security concerns in support of revenue growth through the annual Field Security Study and participation in the Quarterly Business Review Process.
- Building the GitLab Security brand by improving internal and external awareness of GitLab’s security practices and the security of our platform. Engaging with customers and prospects through Evangelism Activities and with internal stakeholders via the Field Security Sales Training Program.
Metrics and Measures of Success
Contact the Team
Ayoub Fandi, @ayofan, Staff Security Assurance Engineer, Field Security
- Customer Assurance Activities
- Evangelism
- Collateral Development for the Trust Center
- Field Security Sales Training Program
- Customer Engagements
- Contract Reviews
- Trust Center administration, maintenance and development (Knowledge Base, content, documents, integrations and metrics)
Jonathan Snow, @jgsnow, Senior Security Assurance Engineer, Field Security
- Customer Assurance Activities
- Trust Center maintenance and development (Knowledge Base, content, documents, integrations and metrics)
Joe Longo, @jlongo_gitlab, Senior Manager, Governance and Field Security
- Customer Assurance Activities
- Field Security Study
- Independent Security Assurance
- Contract Reviews
- Trust Center administration and development (Knowledge Base, content, documents, integrations and metrics)
Note: The areas above related to each team members primary responsibility. However, each team member is cross trained in all processes and provide back up to each other if applicable.
- GitLab Issues
/gitlab-com/gl-security/security-assurance/field-security-team
- Email
security-assurance@gitlab.com
- Slack
- Group Handle
@field-security
- Primary Slack Channels
#sec-fieldsecurity
#sec-assurance
- Group Handle
Feedback and the Future of Field Security
Do you have an idea, feedback, or recommendation for how Field Security can better support you? Please open a General Request issue in the Field Security Project.
References
- Customer Assurance Activities Procedure
- Trust Center
- RFP Completion
- Knowledge Base
- Field Security Study
- Evangelism
- Field Security Sales Training Program
- Independent Security Assurance
- Security Shadow Program
AnswerBase Quality Guide
Field Security Engagement in QBRs
Field Security Observation and OFI Quality Guide
Field Security Research Program
Field Security Sales Training Program
GitLab's Customer Assurance Activities
Independent Security Assurance
Knowledge Base
Request for Information Process
Security Evangelism
Trust Center Guide
b66a7c53
)