Security Operations

Vision

Protect company property by identifying, preventing, detecting and responding to risks and security events targeting the business and GitLab.com and its users. We are at the forefront of GitLab’s security.

Mission

The Security Operations department focuses on the operational aspect of security. Our department consists of experienced breakers, builders, and defenders from all walks of life and geographic locations. We are responsible for improving GitLab’s security capabilities and metrics in the areas of security anomaly/event detection and incident response and abuse of GitLab.com.

Our department consists of:

Senior Director, Security Operations - Joaquin Fuentes
Security Incident Response Team (SIRT) - Security detection engineering and incident response
Trust & Safety - Prevention and mitigation of abuse of the GitLab.com platform
Red Team - Adversary emulation
Threat Intelligence - Actionable insights on real-world threats

Contacting Security Operations

Slack channel to interact with the Security Operations Department #security-department
The Security Operations department follows the Security Team On-Call Rotation with more details available in Security Operations On-Call
How to Engage the Security Engineer On-Call

Common Links

Security Operations On-Call Guide

Red Team

GitLab’s internal Red Team conducts security exercises that emulate real-world threats. We do this to help assess and improve the effectiveness of the people, processes, and technologies used to keep our organization secure. The Red Team does not perform penetration tests, and the work we do is not focused on delivering a list of vulnerabilities in a specific application or service. Malicious actors are not constrained by the narrow focus of traditional security testing.

Security Incident Response Team - SIRT

GitLab Security Incident Response Team Overview

Security Logging Overview

Security Logging supports and develops GitLab's security log ingestion platform.

Threat Intelligence Team

Engaging Threat Intelligence Please follow our RFI process to contact the team. For a less formal discussion, you can find us in Slack in the #sd_security_threat_intel channel. Our Vision Empower GitLab to make informed, intelligence-driven decisions that keep our company and customers secure, while setting a new standard for transparency and collaboration across the industry. Our Mission Statement Our mission is to provide actionable intelligence that empowers GitLab to make informed, proactive decisions about security.

Trust & Safety Team

GitLab.com Trust & Safety Team Overview

Last modified June 26, 2024: Add Threat Intelligence program (947a4bbd)

View page source - Edit this page - please contribute.