Security Shadow: Security Operations

Completion of each course you will receive a certificate. At the completion of all 3 courses your name will be recognized on this page.

Security Incident Response Team (SIRT)

GitLab’s Security Incident Response Team is the first line of defense for the GitLab SaaS and GitLab as an organization. The primary goal of SIRT is to minimize and control damage from security incidents. This is accomplished through the development and deployment of detection tools to identify when a security incident has occurred, taking action to identify and contain the event to limit its scope and impact, remediating the underlying issue that led to the security event, and recovering from the security event so that operations can return to normal. In addition to responding to incidents, the SIRT works to proactively prevent security incidents through the management and deployment of cyber defense tools, ensuring compliance with security best practices for our infrastructure and team members, and maintenance and training around the incident response process.

Schedule / Topics Covered:

  • SIRT101.1: Intro to Incident Response
  • SIRT101.2: Log investigation
  • SIRT101.3: Detection, triage, remediation
  • SIRT101.4: Hands-on SIRT Team Exercise

Course Length: 4 days, 8 hours

Team Manager: Valentine Mairet @vmairet, Matt Coons @mcoons

Trust and Safety

Have you ever debated why something is right or wrong, questioned a rule and wondered how to get around it? Do you prefer the uneasiness of ambiguity over the monotony of always knowing what to do? If you answered yes to the above, Trust and Safety might be the place you discover what happens behind the curtains… or not, who knows?

The Trust and Safety teams’ purpose is to try and ensure that users of operate within the scope of the GitLab Website Terms of Use, more specifically, our Acceptable Use Policy (AUP). As the name implies, the AUP is a policy that governs what the business has deemed to be the acceptable use of The AUP mainly consists of 3 parts:

  • Compliance: Ensuring that we are enforcing the relevant laws and regulations that are applicable to
    • These are non-negtiables and include things like complying with the DMCA and removing illegal content.
  • Principles: Ensuring that is not used in a way that negatively impacts others.
    • This is primarily based on our Values and include things like removing content that is concidered harmful and protecting others privacy.
  • Goal: Ensuring that is not used in a way that would negatively impact our Vision.
    • This is primarily used to ensure that is used for it’s intented purpose, and to reduce any negatvie impact caused by an unintended and/or unforseen use of it.

If you think this is something you would be interested in learning about, maybe even do one day, come join us for a crash course in understanding the world of the Trust and Safety team!

Schedule / Topics Covered:

  • TS101.1: What we do and why - Introduction
  • TS101.2: How we do it - Tooling and Workflows
  • TS101.3: Hands-on Experience

Course Length: 3 days, 6 hours

Team Manager: Charl de Wit @cjdewit


Ready to enroll? Click here for more information.

Last modified September 6, 2023: Replace taps with spaces (69f17a79)