The Risk and Field Security team serves as the public representation of GitLab's internal Security function. The team is tasked with providing high levels of security assurance to internal and external customers. We work with all GitLab departments to document requests, analyze the risks associated with those requests, and provide value-added remediation recommendations.
Hear more about our team and how we support GitLab in this interview with the Manager of Risk and Field Security..
In support of GitLab’s Sales and Customer Success Teams, the Risk and Field Security team maintains the Customer Assurance Activities Procedure for the intake, tracking, and responding to GitLab Customer and Prospect Security Assurance Activity request. This includes, but is not limited to:
Requests for Customer Assurance Activities should be submitted using the Customer Assurance workflow in the
#sec-fieldsecurity Slack Channel. Detailed work instructions are located in the Field Security Project.
Whenever a Third Party is introduced into the GitLab environment, there is a risk that their security posture can negatively impact GitLab. In order to reduce this risk, the Risk and Field Security team maintains the Third Party Risk Management Procedure for the intake, assessment, tracking and responding to GitLab Third Party Risk Management requests.
Focused on Tier 2/Operational Risks, the Risk and Field Security team maintains the Security Operational Risk Management Procedure- StORM for the intake, assessment, tracking and responding to GitLab StORM requests.
Need to communicate a potential risk to the team? Please refer to the various communication methods documented on the StORM Program handbook page.