Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Defend Section

Vision

For more details about the vision for this area of the product, see the Defend stage page.

Mission

The Defend team works on GitLab's Defend stage.

Team Members

The following people are permanent members of the Defend Section:

Person Role
Wayne Haber Director of Engineering, Defend
Philippe Lafoucrière Distinguished Backend Engineer, Secure, Defend
Lindsay Kerr Frontend Engineering Manager, Defend
New Vacancy - Thomas W. (Interim) Backend Engineering Manager, Defend

Backend

Person Role
New Vacancy - Thomas W. (Interim) Backend Engineering Manager, Defend
Jonathan Schafer Backend Engineer, Defend
Arthur Evstifeev Backend Engineer, Defend
Zamir Martins Filho Backend Engineer, Defend

Frontend

Person Role
Lindsay Kerr Frontend Engineering Manager, Defend
Daniel Tian Senior Frontend Engineer, Defend
New Vacancy - Sam B. (Interim) Frontend Engineer, Defend

Stable Counterparts

The following members of other functional teams are our stable counterparts:

Person Role
Achilleas Pipinellis Technical Writer, Create, Package, Monitor, Secure, Defend
Andy Volpe Senior Product Designer, Defend
Valerie Karnes UX Manager, Secure & Defend
Lukas Eipert Interim Frontend Engineering Manager, Secure, Defend
Thomas Woodham Engineering Manager, Secure:Static Analysis, Defend
Lucas Charles Senior Backend Engineer, Secure:Static Analysis, Defend
Mark Florian Senior Frontend Engineer, Secure, Defend
Daniel Tian Senior Frontend Engineer, Defend
New Vacancy - Sam B. (Interim) Frontend Engineer, Defend
Jonathan Schafer Backend Engineer, Defend
Arthur Evstifeev Backend Engineer, Defend
Zamir Martins Filho Backend Engineer, Defend
Sam Kerr Principal Product Manager, Defend:Runtime Application Security
Matt Wilson Senior Product Manager, Defend
Rebecca 'Becka' Lippert Product Designer, Defend
Tali Lavi UX Researcher, Secure & Defend and Ops (Interim)

Defend Team

The Defend Team is responsible for defending applications, networks and infrastructure from security intrusions. The team maps to the defend transversal page. You can learn more about our approach on the Defend Vision page.

Categories

There are a few product categories that are critical for success here; each one is intended to represent what you might find as an entire product out in the market. We want our single application to solve the important problems solved by other tools in this space - if you see an opportunity where we can deliver a specific solution that would be enough for you to switch over to GitLab, please reach out to the PM for this stage and let us know.

Each of these categories has a designated level of maturity; you can read more about our category maturity model to help you decide which categories you want to start using and when.

WAF

A Web Application Firewall (WAF) is able to examine traffic being sent to an application and can block malicious traffic before they reach your application. This category is at the "minimal" level of maturity.

Documentation • Strategy

Threat Detection

Detect and respond to security threats. This category is planned, but not yet available.

Strategy

Vulnerability Management

Security dashboards to help you manage vulnerabilities in your application. This category is planned, but not yet available.

Strategy

Container Network Security

This category is planned, but not yet available.
Strategy

RASP

When applications are deployed to production, they are subject to real security threats that may lead to unauthorized access to sensitive data. Runtime Application Self Protection (RASP) actively monitor and block threats before they can exploit vulnerability in the target application. This category is planned, but not yet available.

Strategy

UEBA

User and Entity Behavior Analytics (UEBA) is a machine learning solution to analyze normal and aberrant behavior. This category is planned, but not yet available.

Strategy

Storage Security

This category is planned, but not yet available.
Strategy

DLP

Data Loss Prevention (DLP) is a way to monitor systems for sensitive data and identify when that data is being moved to other systems and potentially shared outside your organization. This category is planned, but not yet available.

Strategy

Label Usage

TBD

Release process

Our release process is specified in this project. The vulnerability database is updated on a regular basis.

Skills

Because we have a wide range of domains to cover, it requires a lot of different expertises and skills:

Technology skills Areas of interest
Ruby on Rails Backend development
Go Backend development
Javascript Frontend development
SQL (PostgreSQL) Various
Docker/Kubernetes Threat Detection
Network Security Container network security
Host Security Various

Engineering Rhythm

TBD

Product Documentation

TBD

Highlights on how we operate

How to work with us

TBD