Security Operations
Vision
Protect company property by identifying, preventing, detecting and responding to risks and security events targeting the business and GitLab.com and its users. We are at the forefront of GitLab’s security.
Mission
The Security Operations department focuses on the operational aspect of security. Our department consists of experienced breakers, builders, and defenders from all walks of life and geographic locations. We are responsible for improving GitLab’s security capabilities and metrics in the areas of security anomaly/event detection and incident response and abuse of GitLab.com.
Our department consists of:
- Director, Security Operations - Joaquin Fuentes
- Security Incident Response Team (SIRT) - Security detection engineering and incident response
- Trust & Safety - Prevention and mitigation of abuse of the GitLab.com platform
- Red Team - Adversary emulation
Contacting Security Operations
- Slack channel to interact with the Security Operations Department #security-department
- The Security Operations department follows the Security Team On-Call Rotation with more details available in Security Operations On-Call
- How to Engage the Security Engineer On-Call
Common Links
Red Team
GitLab’s internal Red Team conducts security exercises that emulate real-world threats. We do this to help assess and improve the effectiveness of the people, processes, and technologies used to keep our organization secure.
The Red Team does not perform penetration tests, and the work we do is not focused on delivering a list of vulnerabilities in a specific application or service.
Malicious actors are not constrained by the narrow focus of traditional security testing.
Security Incident Response Team - SIRT
GitLab Security Incident Response Team Overview
Security Logging Overview
Security Logging supports and develops GitLab's security log ingestion platform.
Trust & Safety Team
GitLab.com Trust & Safety Team Overview
Last modified April 29, 2024: Move Red Team to secops (
f5b9eae9
)