►
Description
@dsharris from Risk and Field Security walks through using GitLab AnswerBase to support answering customer questions and to request assistance in developing answers for unanswered questions.
Links -
Risk and Field Security - https://about.gitlab.com/handbook/engineering/security/security-assurance/risk-field-security/
AnswerBase - https://about.gitlab.com/handbook/engineering/security/security-assurance/risk-field-security/common-security-questions.html
Customer Assurance Activities Workflow - https://about.gitlab.com/handbook/engineering/security/security-assurance/risk-field-security/customer-security-assessment-process.html
A
Hi,
my
name
is
devin
harris,
I'm
a
senior
security
engineer
here
on
the
risk
and
field
security
team
at
gitlab.
Today,
I'm
going
to
be
doing
a
brief
intro
to
two
different
topics.
The
first
is
using
gitlab
answer
base
to
find
answers
to
customer
questions
relevant
to
security
and
privacy,
and
the
second
is
going
to
be
an
asking
for
field
security,
assistance
and
answering
questions
that
you
cannot
find
an
answer
to
pretty.
Please
feel
free
to
reach
out
and
schedule
some
time
on
my
calendar.
I
love
working
with
those
of
you
in
the
field.
A
Today,
I'm
going
to
be
playing
the
role
of
somebody
on
an
account
team
like
a
technical
account
manager,
solutions,
architect,
account
executive,
and
you
can
see
here.
I've
got
some
quick,
just
call
notes.
My
customer
asked
me
three
questions.
The
first
place,
I'm
going
to
start
here
is
on
our
handbook
page,
the
risking
field
security
team
handbook,
page
field
security
is
the
function
that
does
customer
insurance
activities,
which
would
include
customer
phone
calls
customer
security
questionnaires
and
we're
going
to
start
here
with
git
lab,
assisted
information
gathering.
A
This
is
where
somebody
on
the
account
team
tries
to
answer
the
questions
before
handing
it
off
to
our
team
for
further
assistance
and
in
this
case,
we're
going
to
make
use
of
answer
base
when
you
open
this
link
up
that
will
take
you
to
a
private
project
within
git
lab.
I'm
going
to
look
for
a
keyword
that
stands
out
to
me
and
infrastructure
as
a
service
really
stands
out.
A
A
A
A
And
if,
for
some
reason
they
came
back
with
more
information,
we
have
a
detailed
response
here,
so
we
can
only
provide
a
dloe
and
there
has
to
be
an
nda
in
place
to
do
that
and
then
the
last
thing
is
solarwinds
is
very
specific.
So
let's
take
a
look
for
solarwinds.
So
there's
nothing
here.
This
is
exactly
where
it
comes
into
creating
a
new
issue
so
that
we
can
get
you
the
answer
to
that
question
and
document
it
for
everybody
else.
We
can
actually
paste
the
exact
question
from
the
customer.
A
A
You're
gonna
be
right
here
on
three
after
you've
gathered
the
information
you
can
then
you're
gonna
come
into
the
security
field,
security,
slack
channel,
we're
gonna,
be
using
slack's,
workflow
automations
and
the
set
field
security
channel
to
request
customer
assurance
activities
just
go
ahead
and
populate
the
form
with
the
required
information
for
revenue.
We're
gonna
want
the
revenue
associated
with
the
account
product
hosting
choose
the
appropriate
one.
Others
would
be
for
like
third
party
integrators
or
partners.
A
If
you
have
somebody
else
that
you
would
like
to
notify
that
works,
adjacent
of
you,
for
example,
if
you're
an
account
executive
and
you
might
want
to
notify
your
solutions
architect
or
vice
versa-
find
their
name
here
and
add
them.
It's
based
off
of
slack
handle
put
in
the
due
date
that
you
would
like
to
see.
It
turned
around
so
I'm
going
to
put
for
tomorrow,
but
please
do
note
that
we
ask
for
10
business
days,
you're
going
to
want
to
link
the
non-disclosure
agreement
or
current
terms
from.
A
Salesforce
and
then
any
other
information
you
might
have
relating
to
this,
so
this
would
be
a
great
place
to
place
the
question
and
also
to
paste
a
link
to
the
issue
that
you
opened
on
the
issue
board.
You
can
see
once
we
submitted
a
customer
assurance
activity
notification
pops
up
here.
We
also
get
one
in
our
private
team
channel.
If
you
have
anything
that
you
would
like
to
thread
and
reply
to
this
activity,
please
go
ahead
and
thread
it
here.
A
Any
additional
information
is
always
helpful
and
if
you
want
to
ask
about
status,
please
ask
in
the
thread
as
well.
We
went
over
how
to
look
for
answers
in
gitlab
answer
base
and
then
how
to
ask
for
a
question
to
be
answered
that
you
are
not
able
to
find
an
answer
for
have
a
great
day,
and
thank
you
for
your
time.