CISO and VP Security - Risk, Security, Compliance, protecting the business
You no longer must choose between velocity and risk.
With GitLab, you can test ALL of your code, on every commit, automatically
Because it’s not an incremental cost per app or per user (beyond using GitLab Ultimate for your entire SDLC), you can test every code change, not just critical apps or annual scans.
Better leverage your scarce security resources by putting app sec tools, that are meant for the developer, into the hands of the developer, so they may remediate more, earlier than possible with traditional app sec tools. (Enable TRUE shift-left via single application and single source-of-truth.)
Improve visibility while at the same time reducing friction between processes and tools used by dev and app sec teams.
VP Apps/Development/Engineering - Helping to meet business demand for innovation, updates, and capability. This role is typically bonused/compensated on velocity, time to market and alignment with the business.
GitLab’s single application that supports the entire DevOps lifecycle is of significant importance. The DevOps tool chain crisis is real and there is a lot of ‘bubble gum and duct tape’ going on in and around integrating all these point DevOps tools in order to convey the full story of what’s really happening.
Finding new areas across the SDLC to automate is top of mind to this role. GitLab’s Auto DevOps will be a competitive differentiator
There are several critical challenges that application development leaders are facing.
VP Ops - Keeping the business running efficiently. Uptime, recovery are important. The role is typically bonused/compensated on uptime and SLAs back to the business.
GitLab’s single application that supports the entire DevOps lifecycle is going to be important for this role. Shifting left monitoring, testing and security earlier in the SDLC is valuable to the VP Ops to reduce the risk of downtime in production. Auto Devops will be of interest here as well.
VP/Dir DevOps or Enterprise Architect - VP/Director of DevOps is a fairly new role. Enterprise Architect role is expanding with more and more control. Leading the execution of the transformation. Ensures the business and technology are in alignment. Focuses on best practices and processes as well as assists with documentation. Evangelist of DevOps best practices.
VP PMO / EPMO - Gathering and managing business projects/demand, execution, on-time, on budget
Value Prop - Issues, issue boards, etc but of interest to their Directors
Resources - future vision
Service Mgt - Service Desk, Incident mgt, responding to outages, recovery
Release Mgt - managing change and configuration of the IT systems
DevOps? - transformational role or maybe re-branded from 'release mgt'
"Business XYZ" - they own the applications for a specific business unit. Typically they own the outcome / business results of the investment. Manage demand, dev, delivery
Portfolio Mgr/Director - manages a business unit's portfolio of projects/initiatives. On-time, on budget
Testing / QA - Quality and Testing - plan testing, provide resources, execute tests, track quality
Security - establish policies, procedures, and processes to secure IT.
Application Security - a specialty within Security that focuses on finding and removing vulnerabilities in software.
Security Operations - may manage a Security Operations Center (SOC) or Security Information and Event Management (SIEM) system or service to identify and correlate security events in order to prioritize threat risk. Seldom do they focus on application security.
Risk and Compliance - usually reports separately from the IT org that may be creating the risks. May even report to CEO.
Dev Team Manager - leads development team for a specific business function/system
QA Manager - Test Leads, Automated Testing, Performance Testing, Test Environments, Test Data. Traditionally the QA manager does not engage in application security testing.
Project Manager - plan, organize, and execute projects so they deliver on time, on budget
DevOps - Probably 'release manager'
Release - Running day to day release management, documenting changes, ensuring approvals, etc
Incident / Service Desk - Responding to problems/incidents from end users, restoring service
Configuration - ensuring the configuration of environments is documented, controlled and managed
Application Security - a specialty within Security that focuses on finding and removing vulnerabilities in software. They establish policies, procedures, and processes to test application software for security vulnerabilities.
Navigating roles to get a qualified lead
For prospects not yet using GitLab, focus on:
* CxO or VP - single app story. efficiency, time to market. Ask: Are you challenged by Digital Transformation? (e.g. moving to the cloud, DevOps, etc.) Are you wanting to speed time-to-market while balancing constrained resources?
* Director or Manager - repository and CI/CD are best-in-class. Benefits of single application, less friction. Ask: are you trying to increase the velocity of your software development? Are you stitching together a diverse tool chain to manage your code repo, CI/CD, and more? Do you need modern tools to help you with modern architectures like containers and cloud?
For prospects using GitLab, up-sell to Ultimate by focusing on:
* Cxo (including CISO) or VP - test more of your apps to manage more risk without hiring additional /scarce security pros. Ask: Are you running security scans on all of your applications today? If not, do you worry about the risks? Do you wish you could find vulnerabilities earlier without adding security staff and costly security tools?
* Director or Manager - test more apps without increasing cost of tools or security staff. Ask: How do you test applications for security vulnerabilities today? Are you testing ALL of your applications? Do you wish you could find vulnerabilities earlier without adding security staff and costly security tools? Are you wanting to 'shift left' but haven't found tools that will truly help you do that?
GIT is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license