The GitLab security awareness training program provides ongoing trainings to GitLab team members that enhances knowledge and identification of cybersecurity threats as well as helps identify social engineering vulnerabilties where additional education is provided. Security Awareness Trainings are provided by KnowBe4, GitLab's contracted solution that will help satisfy external regulatory requirements and bolster customer assurance.
GitLab's security governance discipline helps to define, train and measure security strategies and progress toward security objectives by creating a set of processes and practices that run across departments and functions.
Security awareness training seeks to educate GitLab team members with the information they need to protect themselves and GitLab from loss or harm. The purpose of the annual training is to mature our internal security posture through regular training while satisfying external compliance and regulatory requirements.
General Security Awareness training will occur annually in Q2 of each fiscal year.
Prior to the security awareness training taking place, a general notification to the GitLab organization will be posted to the
#whats-happening-at-gitlab Slack channel.
All GitLab team members should be aware of the importance of their role in securing GitLab on a daily basis, and to empower them to make the right decisions with security best-practices. All team members of the GitLab organization hired prior to June 1 of the current year will receive an email from our training vendor, KnowBe4. All GitLab team members hired after June 1 of the current year will have just completed their New Hire Security Awareness Training and therefore will not be requried to take the annual security awareness training until the following year.
The security awareness training has been limited to 30 minutes in an effort to find the best return of security investment from team-member's time.
There will be a GitLab-specific introduction module followed by industry-standard training via KnowBe4. There will be a short quiz to identify what you have learned.
The training will be available for 30 days. If the training is not completed, Security Assurance will send weekly reminder notifications requesting completion of the training.
If required, we will communicate incomplete assigned trainings to managers for assistance with completion. Demonstration of a completed training supports compliance with the Security Awareness Training program and will strengthen our regulatory requirements.
The Security Compliance team will track the annual security awareness training completion rate in the GitLab ZenGRC instance. Once the training campaign has completed, the Security Compliance team will provide results in the Security Awareness Training Program project.
Why are we using an external vendor?
How will I access training?
Why was I chosen?
I just took New Hire training, why do I have to take it again?
I don't want to be included, how do I remove myself?
Will I be publicly shamed?
How can I provide Feedback on my experience?
Please reach out to the Security Compliance team!