Security Culture Committee

Mission Statement

The security department as a part of GitLab should follow and live up to the GitLab values and mission. The transparency value can be especially difficult for a security department to embrace and embody, as due to the confidentiality of their work, security people tend to be secretive and intransparent by default.

Intent and goals

The intent of the security culture committee is to maintain a welcoming and transparent environment within the security department.

The committee goals are to:

• Identify areas where our core values can be strengthened
• Improve transparency while maintaining security & privacy across the security organization
• Foster an inviting and welcoming environment for questions, concerns and feedback
• Propose ideas to promote teamwork and collaboration
• Help drive the mission of being the most transparent security group in the world
• Provide actionable feedback and direction to the security department, so they may best live up to the GitLab values

The committee should draft the ways to reach these goals for an open, approachable and transparent culture within the security department. The department’s leadership should reinforce those ways by communicating and leading by example. The committee will provide an interface for all team members to express any concerns regarding the culture within the security department.

Participation

Current (September 2023 - Present) committee members:

• Madeline Lake
• Janina Roppelt
• Greg Myers
• James Hebden

Previously nominated committee members (July 2022 - September 2023):

• Jeff Burrows
• Mark Loveless
• Mitra Jozenazemian
• Rohit Shambhuni
• Will Szabo

Previously nominated committee members (January - June 2022):

• Chris Moberly
• Marie-Claire Cerny
• Nick Malcolm
• Valentine Mairet

Previously nominated committee members (FY22):

• Andrew Kelly
• Juliet Wanjohi
• Liz Coleman
• Philippe Lafoucrière

Participation

Participation in the committe is voluntary. The committee’s goal is to have at least one team member from each sub-department within Security represented. In order to participate in the committee, please post in the #security-culture slack channel and express your interest. Length of participation in the committee is at least 1 year in order to the committee to make a meaningful impact.

Meetings

The meetings will alternate between APAC & AMEA-friendly timezones. The recordings will be available in the GitLab Videos Recorded folder. Any team member is welcome to join - ask in #security-culture if you can’t find the event.

Process for change

To suggest a change, create an issue in the Security Culture Project.

The security culture committee has an issue template available for creating new issues.

Current Committee Projects

We are tracking our efforts in this issue: https://gitlab.com/gitlab-com/gl-security/security-culture/-/issues/33

Previous Security Committee Formation Documentation

The processes for forming the Security Culture Committee were updated in May 2024.

Previous documentation on forming the security culture committee and nomination processes can be found here.