Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Security OKRs

  1. You are here:
  2. Handbook
  3. Security at GitLab
  4. Security OKRs

Security OKRs

The Security organization executes quarterly Objectives and Key Results or OKRs.

How We Plan, Assign, and Execute Work

Four Mondays before the start of the fiscal quarter, in the days after the CEO shares OKRs with all of GitLab in the #okr channel, the CISO proposes OKRs for the Security department in the OKR draft review meeting agenda for a maximum of 3 objectives. Security leaders are to propose draft OKRs to the CISO prior to the meeting for inclusion.

From FY24 Q1 forward all Security OKRs are documented in the GitLab OKR project. For easy filtering, all Security Objective and KR issues have Label = Department::Security applied.

Larger initiatives that span the scope of multiple teams or projects may require a Working Group.

Templates

New Security KR - GitLab Template

:scissors: Copy and paste the below into the GitLab Issue Description

`Issue Title: Fiscal Year Quarter KR# (OKR Title Reference) measurable title. Example: FY22 Q3 KR1 (Security Training) Achieve 90% completion rate org wide for annual security training.`

## Dependencies 
`what do you need to be succcessful with this KR`
## Milestones
- [ ] Milestone 1: Description: `add here` Due Date: `add here` DRI: `add here` 
- [ ] Milestone 2: Description: `add here` Due Date: `add here` DRI: `add here`
- etc.

`Additional instructions: update due date of issue to final milestone due date and assign issue to overall DRI. For additional details around KR DRI responsibilities please refer to [this runbook](https://gitlab.com/gitlab-com/gl-security/security-assurance/quarterly-okrs/-/blob/main/runbooks/kr_ownership_responsibilities.md).`

Security Objective Monthly Update - Objective Template

Field updates:

:scissors: Copy and paste the below into the GitLab.com Objective Issue(s)

# Monthly update
`On Schedule/At Risk/Behind Schedule`

## Major deliverables
`What did you accomplish this month?`

## Risks
`What risks are you tracking that could impact this obective`

## Asks
'Any new asks that have emerged for this objective'

## Next steps
`What will you work on next month?`

Security KR Weekly Update - GitLab.com or Ally Template

Field updates:

:scissors: Copy and paste the below into the GitLab.com KR Issue(s)

## Weekly KR Update for the week of YYYY-MM-DD
Status: :white_check_mark: - On Track, :warning: - Requires Escalation, :octagonal_sign: - Blocked (Leave the relevant status, remove the rest and this note)
Percentage complete: XX%

## What was accomplished this week
`What did you accomplish this week?`

## What will be accomplished next week
`What will you work on next week?`
Open in Web IDE View source