Security Operations
Vision
Protect company property by identifying, preventing, detecting and responding to risks and security events targeting the business and GitLab.com and its users. We are at the forefront of GitLab’s security.
Mission
The Security Operations department focuses on the operational aspect of security. Our department consists of experienced breakers, builders, and defenders from all walks of life and geographic locations. We are responsible for improving GitLab’s security capabilities and metrics in the areas of security anomaly/event detection and incident response and abuse of GitLab.com.
Our department consists of:
- Senior Director, Security Operations - Joaquin Fuentes
- Security Incident Response Team (SIRT) - Security detection engineering and incident response
- Trust & Safety - Prevention and mitigation of abuse of the GitLab.com platform
- Red Team - Adversary emulation
- Threat Intelligence - Actionable insights on real-world threats
Contacting Security Operations
- Slack channel to interact with the Security Operations Department #security-department
- The Security Operations department follows the Security Team On-Call Rotation with more details available in Security Operations On-Call
- How to Engage the Security Engineer On-Call
Common Links
Red Team
GitLab’s internal Red Team conducts security exercises that emulate real-world threats. We do this to help assess and improve the effectiveness of the people, processes, and technologies used to keep our organization secure.
The Red Team does not perform penetration tests, and the work we do is not focused on delivering a list of vulnerabilities in a specific application or service.
Malicious actors are not constrained by the narrow focus of traditional security testing.
Security Incident Response Team - SIRT
GitLab Security Incident Response Team Overview
Security Logging Overview
Security Logging supports and develops GitLab's security log ingestion platform.
Threat Intelligence Team
Engaging Threat Intelligence Please follow our RFI process to contact the team.
For a less formal discussion, you can find us in Slack in the #sd_security_threat_intel channel.
Our Vision Empower GitLab to make informed, intelligence-driven decisions that keep our company and customers secure, while setting a new standard for transparency and collaboration across the industry.
Our Mission Statement Our mission is to provide actionable intelligence that empowers GitLab to make informed, proactive decisions about security.
Trust & Safety Team
GitLab.com Trust & Safety Team Overview
Last modified June 26, 2024: Add Threat Intelligence program (
947a4bbd
)