The Risk and Field Security team serves as the public representation of GitLab's internal Security function. The team is tasked with providing high levels of security assurance to internal and external customers. We work with all GitLab departments to document requests, analyze the risks associated with those requests, and provide value-added remediation recommendations.
Hear more about our team and how we support GitLab in this interview with the Manager of Risk and Field Security.
The Risk and Field Security currently focuses on the following Risk Categories:
In support of our Sales Team, the Risk and Field Security team responds to Customer Assurance Activities and maintains the Customer Assurance Package. We also provide training on Security Best Practices both inside and outside of GitLab.
The Risk and Field Security team also maintains a database of frequently asked Customer Security questions and the accompanying answers. This database, GitLab AnswerBase, provides GitLab team members with a quick and easy way of finding the answers to most common security, risk, privacy and compliance questions. Requests for Customer Assurance Activities should be submitted using the workflow in the
#sec-fieldsecurity Slack Channel.
Whenever a Third Party is introduced into the GitLab environment, there is a risk that their security posture can negativly impact GitLab. In order to reduce this risk, the Risk and Field Security team conducts Vendor Risk Assessments- a process that can help identify potential security risks associated with a third party.
Focused on Tier 2/Operational Risks, we conduct regular and ad-hoc risk assessment activities to identify opportunities for risk reduction. Potential Risks should be reported using the Risk Escalation Slack workflow in the
#sec-risk-mgmt Slack Channel. ** Risks communicated through this workflow will not be posted in the public channel given that sensitive risks might be reported. This workflow will notify Risk & Field Security who will perform an initial risk analysis and determine next steps as needed.**
#security-departmentslack channels are the best place for questions relating to our team (please add the above tag)