1. You are here:
2. Handbook
3. Security at GitLab
4. Security Operations Sub-department
5. Security Incident Response Team - SIRT
6. Security Shadow: Security Operations

On this page

• On this page
• Security Shadow Program: Security Operations
  • Security Incident Response Team (SIRT)
  • Trust and Safety
  • Enrollment

Security Shadow Program: Security Operations

Completion of each course you will receive a certificate. At the completion of all 3 courses your name will be recognized on this page.

Security Incident Response Team (SIRT)

GitLab’s Security Incident Response Team is the first line of defense for the GitLab SaaS and GitLab as an organization. The primary goal of SIRT is to minimize and control damage from security incidents. This is accomplished through the development and deployment of detection tools to identify when a security incident has occurred, taking action to identify and contain the event to limit its scope and impact, remediating the underlying issue that led to the security event, and recovering from the security event so that operations can return to normal. In addition to responding to incidents, the SIRT works to proactively prevent security incidents through the management and deployment of cyber defense tools, ensuring compliance with security best practices for our infrastructure and team members, and maintenance and training around the incident response process.

Schedule / Topics Covered:

• SIRT101.1: Intro to Incident Response
• SIRT101.2: Log investigation
• SIRT101.3: Detection, triage, remediation
• SIRT101.4: Hands-on SIRT Team Exercise

Course Length: 4 days, 8 hours

Team Manager: Bistra Lutz @blutz1

Trust and Safety

Have you ever debated why something is right or wrong, questioned a rule and wondered how to get around it? Do you prefer the uneasiness of ambiguity over the monotony of always knowing what to do? If you answered yes to the above, Trust and Safety might be the place you discover what happens behind the curtains… or not, who knows?

The Trust and Safety teams' purpose is to try and ensure that users of GitLab.com operate within the scope of the GitLab Website Terms of Use, more specifically, our Acceptable Use Policy (AUP). As the name implies, the AUP is a policy that governs what the business has deemed to be the acceptable use of GitLab.com. The AUP mainly consists of 3 parts:

• Compliance: Ensuring that we are enforcing the relevant laws and regulations that are applicable to GitLab.com.
  • These are non-negtiables and include things like complying with the DMCA and removing illegal content.
• Principles: Ensuring that GitLab.com is not used in a way that negatively impacts others.
  • This is primarily based on our Values and include things like removing content that is concidered harmful and protecting others privacy.
• Goal: Ensuring that GitLab.com is not used in a way that would negatively impact our Vision.
  • This is primarily used to ensure that GitLab.com is used for it's intented purpose, and to reduce any negatvie impact caused by an unintended and/or unforseen use of it.

If you think this is something you would be interested in learning about, maybe even do one day, come join us for a crash course in understanding the world of the Trust and Safety team!

Schedule / Topics Covered:

• TS101.1: What we do and why - Introduction
• TS101.2: How we do it - Tooling and Workflows
• TS101.3: Hands-on Experience

Course Length: 3 days, 6 hours

Team Manager: Charl de Wit @cjdewit

Enrollment

Ready to enroll? Click here for more information.