The Risk and Field Security team serves as the public representation of GitLab's internal Security function. The team is tasked with providing high levels of security assurance to internal and external customers. We work with all GitLab departments to document requests, analyze the risks associated with those requests, and providing value-added remediation recommendations.
The Risk and Field Security currently focuses on the following Risk Categories:
Field Security: In support of our Sales Team, the Risk and Field Security team responds to Customer Security Assessments and maintains the Customer Assurance Package. We also provide training on Security Best Practices both inside and outside of GitLab.
Third Party Risk Management: Whenever a Third Party is introduced into the GitLab environment, there is a risk that their poor security posture can negativly impact GitLab. In order to reduce this risk, the Risk and Field Security team conducts Vendor Risk Assessments- a process that can help identify potential security risks associated with a third party.
Security Operational Risk Management: Focused on Tier 2/Operational Risks, we conduct regular and ad-hoc risk assessment activities to identify opportunities for risk reduction.
#security-departmentslack channels are the best place for questions relating to our team (please add the above tag)