Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / Fieldsecurity-SKO 2021 / 26 Jan 2021
GitLab / Fieldsecurity-SKO 2021 / 26 Jan 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Walkthrough of AnswerBase and Requesting Customer Assurance Activities

Description

@dsharris from Risk and Field Security walks through using GitLab AnswerBase to support answering customer questions and to request assistance in developing answers for unanswered questions.



Links -

Risk and Field Security - https://about.gitlab.com/handbook/engineering/security/security-assurance/risk-field-security/

AnswerBase - https://about.gitlab.com/handbook/engineering/security/security-assurance/risk-field-security/common-security-questions.html

Customer Assurance Activities Workflow - https://about.gitlab.com/handbook/engineering/security/security-assurance/risk-field-security/customer-security-assessment-process.html

A

Hi, my name is devin harris, I'm a senior security engineer here on the risk and field security team at gitlab. Today, I'm going to be doing a brief intro to two different topics. The first is using gitlab answer base to find answers to customer questions relevant to security and privacy, and the second is going to be an asking for field security, assistance and answering questions that you cannot find an answer to pretty. Please feel free to reach out and schedule some time on my calendar. I love working with those of you in the field.

A

Today, I'm going to be playing the role of somebody on an account team like a technical account manager, solutions, architect, account executive, and you can see here. I've got some quick, just call notes. um My customer asked me three questions. The first place, I'm going to start here is on our handbook page, the risking field security team handbook, page field security is the function that does customer insurance activities, which would include customer phone calls customer security questionnaires and we're going to start here with git lab, assisted information gathering.

A

This is where somebody on the account team tries to answer the questions before handing it off to our team for further assistance and in this case, we're going to make use of answer base when you open this link up that will take you to a private project within git lab. I'm going to look for a keyword that stands out to me and infrastructure as a service really stands out.

A

Provider also stands out, but I'm going to search for infrastructure as a service, so you can see there's two questions relevant to this keyword, and this looks to be exactly what they're what they're asking. um So, let's take a look here.

A

The answer is yes, and if we wanted to get more in depth, we have more information here. We can give them that were deployed on gcp us east, one, the next one I'm going to key into penetration tests. That seems pretty specific, I'm going to search for penetration tests.

A

We have quite a few. It looks like there's eight here. This looks to be exactly what they're asking are the results available upon request? So the answer to that is going to be. Yes,.

A

And if, for some reason they came back with more information, we have a detailed response here, so we can only provide a dloe and there has to be an nda in place to do that and then the last thing is solarwinds is very specific. So let's take a look for solarwinds. So there's nothing here. uh This is exactly where it comes into creating a new issue so that we can get you the answer to that question and document it for everybody else. We can actually paste the exact question from the customer.

A

And paste it in the title and then let's go to preview, you can see here. What have you already searched for and question will paste under question as well.

A

All right, I've listed some key search terms that you may have searched for and then, if you want to stay up to date on status of the issue, you can do a sign to me and it'll keep you posted as to what's going on, but once you've submitted it, our team has it from there and we're good to go, and this would be the perfect place to dovetail into asking our team for assistance.

A

You're gonna be right here on three after you've gathered the information you can uh then you're gonna come into the security field, security, slack channel, we're gonna, be using slack's, workflow automations and the set field security channel to request customer assurance activities just go ahead and populate the form with the required information for revenue. We're gonna want um the revenue associated with the account product hosting uh choose the appropriate one. Others would be for like third party integrators or partners.

A

If you have somebody else that you would like to notify that works, adjacent of you, for example, if you're an account executive and you might want to notify your solutions architect or vice versa- find their name here and add them. It's based off of slack handle put in the due date that you would like to see. It turned around so I'm going to put for tomorrow, but please do note that we ask for 10 business days, you're going to want to link the non-disclosure agreement or current terms from.

A

Salesforce and then any other information you might have uh relating to this, um so this would be a great place to place the question and also to paste a link to the issue that you opened on the issue board. You can see once we submitted a customer assurance activity uh notification pops up here. We also get one in our private team channel. If you have anything that you would like to thread and reply to this activity, please go ahead and thread it here.

A

Any additional information is always helpful and if you want to ask about status, please ask in the thread as well. We went over how to look for answers in gitlab answer base and then how to ask for a question to be answered that you are not able to find an answer for have a great day, and thank you for your time.