The Govern engineering groups are responsible for the Govern Stage of the product.
Help users manage security vulnerabilities, policies, and compliance across their organization.
The stage vision is captured on the Govern product direction pages.
Group priorities are reviewed collaboratively with product counterparts and published on the Govern direction pages
| Person | Role |
|---|---|
| Phil Calder | Senior Engineering Manager, Govern and Growth |
| Adil Farrukh | Engineering Manager, Govern:Authentication |
| Jay Swain | Engineering Manager, Govern:Authorization and Anti-abuse |
| Kamil Niechajewicz | Engineering Manager, Growth and Govern:Threat Insights |
| Alan (Maciej) Paruszewski | Engineering Manager, Govern:Security Policies |
| Neil McCorrison | Engineering Manager, Govern:Threat Insights |
| Nathan Rosandich | Engineering Manager, Govern:Compliance |
To contact Govern stage development people leaders leaders use the following aliases:
@gitlab-org/govern/managers@s_govern_managers| Person | Role |
|---|---|
| Jay Swain | Engineering Manager, Govern:Authorization and Anti-abuse |
| Eugie Limpin | Senior Fullstack Engineer, Govern:Anti-Abuse |
| Hinam Mehra | Fullstack Engineer, Govern:Anti-Abuse |
| Person | Role |
|---|---|
| Adil Farrukh | Engineering Manager, Govern:Authentication |
| Bogdan Denkovych | Backend Engineer, Govern:Authentication |
| Drew Blessing | Senior Backend Engineer, Govern:Authentication |
| Eduardo Sanz-Garcia | Senior Frontend Engineer, Govern:Authentication |
| Imre Farkas | Staff Backend Engineer, Govern:Authentication and Authorization |
| Smriti Garg | Senior Backend Engineer, Govern:Authentication |
| Aboobacker MK | Senior Backend Engineer, Govern:Authentication and Authorization |
| Person | Role |
|---|---|
| Jay Swain | Engineering Manager, Govern:Authorization and Anti-abuse |
| Alex Buijs | Senior Fullstack Engineer, Govern:Authorization |
| Daniel Tian | Senior Frontend Engineer, Govern:Authorization |
| Jarka Košanová | Staff Backend Engineer, Govern:Authorization |
| Mo Khan | Senior Backend Engineer, Govern:Authorization |
| Person | Role |
|---|---|
| Nathan Rosandich | Engineering Manager, Govern:Compliance |
| Aaron Huntsman | Senior Backend Engineer, Govern:Compliance |
| Harsimar Sandhu | Backend Engineer, Govern:Compliance |
| Hitesh Raghuvanshi | Senior Backend Engineer, Govern:Compliance |
| Huzaifa Iftikhar | Senior Backend Engineer, Govern:Compliance |
| Illya Klymov | Senior Frontend Engineer, Govern:Compliance |
| Jay Montal | Fullstack Engineer, Govern:Compliance |
| Sam Figueroa | Fullstack Engineer, Govern:Compliance |
The following members of other functional teams are our stable counterparts:
| Person | Role |
|---|---|
| Alana Bellucci | Senior Product Manager, Govern:Threat Insights |
| Grant Hickman | Senior Product Manager, Govern:Security Policies |
| Hannah Sutor | Principal Product Manager, Govern:Authentication and Authorization |
| Joe Randazzo | Product Manager, Govern:Authorization |
| Evan Read | Senior Technical Writer, Govern:Compliance, Manage:Import and Integrate, Systems:Distribution, Systems:Gitaly |
| Alishan 'Ali' Ladhani | Backend Engineer, Govern:Security Policies |
| Harsha Muralidhar | Senior Software Engineer in Test, Govern:Threat Insights |
| Ottilia Westerlund | Security Engineer, Fulfillment (Fulfillment Platform, Billing and Subscription Management), Govern (Security Policies, Threat Insights), Monitor (Observability), Plan (Product Planning), AI-powered:AI Framework |
| Joseph Longo | Senior Manager, Governance and Field Security |
Because we have a wide range of domains to cover, it requires a lot of different expertise and skills:
| Technology skills | Areas of interest |
|---|---|
| Ruby on Rails | Backend development |
| Go | Backend development |
| Vue, Vuex | Frontend development |
| GraphQL | Various |
| SQL (PostgreSQL) | Various |
| Docker/Kubernetes | Threat Detection |
We also track our backlog of issues, including past due security and infradev issues, and total open SUS-impacting issues and bugs.
MR Type labels help us report what we're working on to industry analysts in a way that's consistent across the engineering department. The dashboard below shows the trend of MR Types over time and a list of merged MRs.
We meet bi-weekly synchronously to discuss stage and group wide topics. We primarily try to use Epics/Issues to initiate discussions and maintain transparency. We use the Govern Compartment Board to better organize our discussions.
The following table lists the Govern Stage management backup plan.
| Team Member | Covered by | Escalation |
|---|---|---|
| Phil Calder | Wayne Haber | Bartek Marnane |
| Alan (Maciej) Paruszewski | Nathan Rosandich | Phil Calder |
| Nathan Rosandich | Alan (Maciej) Paruszewski | Phil Calder |
| Kamil Niechajewicz | Neil McCorrison | Phil Calder |
| Neil McCorrison | Kamil Niechajewicz | Phil Calder |
| Jay Swain | Adil Farrukh | Phil Calder |
| Adil Farrukh | Jay Swain | Phil Calder |
Team members should contact any Govern Engineering Manager by mentioning in #sd_govern_engineering or #sec-growth-development-people-leaders if they need management support for a problem that arises, such as a production incident or feature change lock, when their direct manager is not available. The Govern manager can provide guidance and coordination to ensure that the team member receives the appropriate help.
The Engineering Manager will allocate open issues and merge requests to another engineer, ideally in the same group, if an engineer is absent.
Some people management tasks, including Workday and Navan Expense, may require for escalation or delegation.
In the event that one or more team members become unavailable for any reason, this can serve as the foundation for a business continuity plan (BCP) and serve as a basic guide for Managing Engineering continuity.
The Govern development teams provide weekly status updates using an issue template and CI scheduled job. As priorities change, engineering managers update the template to include areas of interest.
An example template highlighting priorities, opportunities, risks, and security and availability concerns is:
<!--
How to fill in this section.
- Be opinionated. There are no wrong answers, we want our counterparts to know what we are working towards, and let us know if that doesn't align with their goals.
- Summarize - just enough information to provide an overview and to start a discussion
Priorities: A subset of the highest priority projects the group is working on - these could include Shared OKRs, Product priorities for Development, other initiatives (Development led, Development OKRs). List with links to epic/issue/work item. Should only include work that is currently scheduled (not a roadmap).
Risks: (One line) summary and link to discussion (epic/issue).
Opportunities: What we could do differently to mitigate risks and ensure delivery of priority projects.
Work in progress: (One line) summary and link to planning issue, workflow board, epic/issue list.
-->
## How to use this issue
Engineering Managers to provide status updates, to be shared with product counterparts and both product and engineering leadership for discussion.
<!--<details>-->
<summary>Copy this section into a new thread for your group</summary>
## Department: Group
### Priorities
<!-- Include to any relevant OKRs, or key roadmap deliverables -->
1. ...
### Risks
1. ...
### Opportunities
1. ...
### Work in progress
1. ...
### Error Budget, Security & Reliability
1. Error Budget
- ...
1. Security Issues
- ...
1. Reliability Issues
- ...
<!--</details>-->
### Updated (by EOD Monday)
- [ ] Govern: Anti-abuse
- [ ] Govern: Authentication and Authorization
- [ ] Govern: Compliance
- [ ] Govern: Security Policies
- [ ] Govern: Threat Insights
- [ ] SSCS Working Group
- [ ] Quality Engineering
#### After last update
- [ ] Add comment `cc at-mention team members here`
<!-- App appropriate assignees, epic, and labels
/label ~"workflow::in dev"
/assign `@pcalder`
/epic `epic-link`
-->
The Govern stage engineering department leaders meet every two weeks to discuss stage and group topics in the Govern and Growth staff meeting,
and optionally every week in the Expansion Development staff and Sec Growth senior leaders development staff meetings.
Meetings have an agenda and are async-first, where the aim is to resolve discussions async and leave time in the meeting to deep dive into topics that require more discussion.
gitlab-org/govern[email protected]