The Security Incident Response Team - SIRT is on the forefront of security events that impact both GitLab.com and GitLab the company.
To detect security incidents before they happen and to respond promptly when they do happen.
Ensure maximum operational uptime of mission critical infrastructure and informational assets in its daily operations. This mission is achieved by providing effective crisis response, timely distribution of security notifications, continuous monitoring of potential issues, postmortem of major incidents for training and environmental awareness.
The following people are permanent members of the SIRT
| Person | Role |
|---|---|
| Joaquin Fuentes | Director, SIRT |
| Andrew Kelly | Acting Manager, SIRT |
| Valentine Mairet | Acting Manager, SIRT |
| Mitra Jozenazemian | Senior Security Engineer, SIRT |
| Corey McCarty | Senior Security Engineer, SIRT |
| Harjeet Sharma | Senior Security Engineer, SIRT |
| Aaron Blanco | Senior Security Engineer, SIRT |
| Tuan Lam | Senior Security Engineer, SIRT |
| Bala Allam | Security Engineer, SIRT |
| Laurens Van Dijk | Security Engineer, SIRT |
The SIRT is on-call 24/7/365 to assist with any security incidents. If an urgent security incident has been identified or you suspect an incident may have occurred, please refer to Engaging the Security Engineer On-Call.
Information about SIRT responsibilities and incident ownership is available in the SIRT On-Call Guide.
As part of the incident management and review process the SIRT maintains a recurring meeting that takes place on Monday of each week. During this meeting all of the previous weeks incidents, and any incidents that are currently open are reviewed. The review process covers the incident's scope, impact, the work performed to mitigate and remediate the incident, next steps, blockers, and current status. These meetings are also an opportunity to discuss mishandled incidents and process improvements.
