Field Security Team

1. You are here:
2. Handbook
3. Security at GitLab
4. Security Assurance
5. Field Security Team

On this page

• Governance and Field Security team charter
• Field Security Team
• Core Competencies
• Metrics and Measures of Success
• Contact the Team
• Feedback and the Future of Field Security
• References

Governance and Field Security team charter

Field Security Team

The Field Security team serves as the public representation of GitLab's internal Security function. Our vision is to be the leading example in collaborative and transparent Customer Assurance Programs. Our mission is to empower the GitLab community with confidence and trust that their data is protected with high levels of security assurance to drive revenue growth. We partner with our fellow GitLab team members and customers to provide a pathway to yes!

Core Competencies

The Field Security team is tasked with providing high levels of security assurance to internal and external customers. We work with all GitLab departments to document requests, analyze the risks associated with those requests, and provide value-added remediation recommendations. We do this in four main ways:

• Conducting Customer Assurance Activities such as completing Security, Privacy, and Risk Management Questionnaires, assisting in Contract Reviews, participating in Customer Pre-Sales Meetings, and providing Security Documents (such as GitLab’s SOC2 or Penetration Test reports). These activities are managed through the Customer Assurance Activities Service Desk.
• Proactively maintaining self-service security and privacy resources including the Customer Assurance Package, the Trust Center and the internal only AnswerBase and OneTrust Vendorpedia.
• Providing recommendations based on customer security concerns in support of revenue growth through the annual Field Security Study and participation in the Quarterly Business Review Process.
• Building the GitLab Security brand by improving internal and external awareness of GitLab's security practices and the security of our platform. Engaging with customers and prospects through Evangelism Activities and with internal stakeholders via the Field Security Sales Training Program.

---

Metrics and Measures of Success

Security Impact on Net ARR

Contact the Team

Ayoub Fandi, @ayofan, Senior Security Assurance Engineer, Field Security

• Customer Assurance Activities
• Evangelism
• Collateral Development for the Customer Assurance Package
• Field Security Sales Training Program
• Customer Engagements
• Contract Reviews
• Self-Service Sales Enablement (AnswerBase, CAP, Trust Center, Self-Attestations)

Joe Longo, @jlongo_gitlab, Manager, Governance and Field Security

• Customer Assurance Activities
• Field Security Study
• Independent Security Assurance
• Contract Reviews
• Self-Service Sales Enablement (AnswerBase, CAP, Trust Center, Self-Attestations)

Note: The areas above related to each team members primary responsibility. However, each team member is cross trained in all processes and provide back up to each other if applicable.

• GitLab Issues
  • /gitlab-com/gl-security/security-assurance/field-security-team
• Email
  • security-assurance@gitlab.com
• Slack
  • Group Handle
    • @field-security
  • Primary Slack Channels
    • #sec-fieldsecurity
    • #sec-assurance

Feedback and the Future of Field Security

Do you have an idea, feedback, or recommendation for how Field Security can better support you? Please open a General Request issue in the Field Security Project.

References

• Customer Assurance Activities Procedure
• Customer Assurance Package
• Customer Assurance Package Internal Request Process
• Trust Center
• Vendorpedia
• RFP Completion
• AnswerBase
• Field Security Study
• Evangelism
• Field Security Sales Training Program
• Independent Security Assurance
• Security Shadow Program