►
From YouTube: Working Remote in Security at GitLab
Description
This is a discussion between Ryan Demmer - Technical Recruiter and Jan Urbanc - Director, Security Operations about what it's like to work all remote on the Security team at GitLab. We hope you enjoy!
Join our GitLab Talent Community!
https://about.gitlab.com/jobs/
Find more information about being a Security Engineer at GitLab here:
https://about.gitlab.com/job-families/engineering/security-engineer/
Security Team Page:
https://about.gitlab.com/handbook/engineering/security/
A
Doing
really
well
I
really
appreciate
you
setting
up
some
time.
I
know
we
usually
talk
regular
basis,
but
I
wanted
to
set
a
few
minutes
decide
today
to
really
discuss
with
you
about
get
laughs
about
what
security
is,
what
it
means
to
work
in
security.
It
get
lab
and
really
just
get
an
idea
of
you
learn
about
you,
your
team
and
just
have
a
kind
of
quick
conversation
about
it.
Sound
good,
yeah.
A
B
Absolutely
so
my
name
is
Yan.
I
am
a
director
of
security
here
at
get
lab
in
the
lab
security
department.
The
kid
lab
security
department
and
this
time
is
around
45
people,
or
so
we
have
three.
The
sub
departments,
one
is
focused
on
security
assurance.
One
is
focused
on
application,
security
and
the
third
one,
which
is
the
one
that
that
I'm
in
charge
of
is
responsible
for
anything
related
to
operational
security.
So
I
have
three
teams
that
report
to
me
at
the
security
operations
team,
which
is
the
proverbial
blue
team.
B
The
abuse
operations
team
is
which
is
the
team
that
is
dedicated
to
identifying
curbing
abusive
activity
on
our
honor
SAS,
so
gitlab
calm
and
the
red
team
and
red
team
is
the
preferable
red
team.
So
they
are
the
breakers
and
the
you
know
the
rascals
looking
for
holes
to
exploit
and
then
help
the
blue
team
builds
mitigation
surround
around
those
issues.
I
have
been
with
get
laugh
for
well,
it's
gonna
be
two
two
years
in
in
two
months.
So
it's
what
whether
it
makes
like
twenty
two
months.
B
Yeah,
it's
been.
It's
been
a
fun
ride
so
far,
I've
loved
every
every
minute
of
it,
I'm
located
in
in
Slovenia
in
Europe,
I
live
about
30
kilometres
outside
of
the
capital.
Serene
is
one
of
those
I
know,
drive-through,
States
or
country.
So
to
say,
when
people
go
to
Croatia
or
other
more
interesting
locations
for
vacation,
they
drive
through
Slovenia.
That's
how
most
people
remember
it.
Oh
yes,
I
drove
through
it.
I
was
in
it
for
three
hours
when
we
were
driving
through
either
yeah.
B
B
A
That's
actually
something
I
wanted
to
kind
of
discuss
with
you
today
a
lot
of
security
teams.
They
work
in
a
co-located
space
in
one
office
or
a
sock
operation,
some
like
big
office
building,
but,
obviously
being
that
we're
all
remote.
We
don't
have
the
opportunity
to
sit
next
to
each
other
every
day,
physically.
Right,
so
tell
me
a
little
bit
about
what
is
different
about
working
in
security
and
working,
promote
at
gitlab
versus
working
in
a
co-located
space
with
a
more
traditional
office
setup.
A
B
You
know
the
fact
that
that
we
are
all
remote
goes
where
hand-in-hand
with
the
fact
that
we
are
globally
dispersed
right.
That
means
that
we
can.
We
can
get
the
right
people
whenever,
wherever
they
are
allocated
in
a
in
the
world
right,
it
means
a
painless
transition
for
these
people
to
to
start
working
with
us.
There
is
no.
B
There
are
required
to
to
move
countries,
move
cities
readjust
their
lifestyles,
move
whole
families,
which
you
know,
is
what
I
have
done
in
the
past
when
I,
when
I
was
picking
up
jobs
internationally
right
and
it
can
be
a
huge
pain,
especially
as
you
as
you
get
older.
As
you
get
more
senior
you
get
better.
Ten
you'll
get
a
better
status
so
to
say
in
the
in
the
security
industry
right,
but
but
accepting
new
jobs,
new
opportunities
can
become
really
really
challenging
because
of
the
of
the
whole
moving
part
right.
So
what
makes
this
difference?
B
The
main
difference
I
would
say
is
that
we
are
definitely
relying
on
a
synchronous
communication.
More
than
anything
else
right
this
it
can
be
very
challenging
for
for
teams
that
are
focused
on
on
operations
things.
You
know,
teams
that
work
in
the
right
now
and
right
here
right.
These
are
teams
just
an
example.
The
security
operations
team
is
the
instant
response
team
here
at
gate
lab.
You
know
they
are
not
in
control
of
their
time.
They
have.
You
know
rough
deadlines
to
deliver
projects
and
stuff
like
that.
B
But
you
know
when,
when
things
fall
from
the
sky
into
the
lab,
they
have
to
pick
it
up
and
run
with
it
right
so
so
that
makes
it
a
bit
challenging
to
have
this
kind
of
quick
synchronous
exchanges
between
security
engineers
when
everyone
is
so
dispersed
around
the
globe
right.
What
what
we
do
is
then
we
have.
B
This
is
extremely
challenging,
especially
when
you're
used
to
dealing
to
engaging
with
your
peers
in
a
in
a
face-to-face
fashion
in
a
single
room
right.
You
don't
write
things
down.
You
write
things
down
at
the
end,
or
maybe
you
just
scribble
down
some
notes,
while
you're
working
on
a
on
a
on
an
incident.
B
However,
if
if
everyone
is
in
the
same
in
the
same
room
in
the
same
building
a
same
time
zone
right,
what
that
means
is
that,
once
when
things
get
serious
and
you
have
to
hit
the
ground,
you
know
the
ground
running,
someone
is
going
to
be
working
overtime,
someone's
going
to
be
working
through
the
night
to
get
things
done
by
the
morning
and
so
forth.
We
being
a
global
company.
B
Have
people
in
you
know
in
many
different
time
zones
and
that
allows
us
to
do
that
kind
of
I,
wouldn't
call
it
to
follow
the
Sun
rotation,
because
it's
not
rotation,
but
we
have
people
waking
up
when
others
are
going
to
sleep
right,
so
they
can
pass
off
their
work
to
D
to
the
next
person
who's
who's
awake,
and
in
this
way
we
ensure
that
issues
are
being
constantly
worked
upon.
If
there
is
a
need
to
okay.
B
Absolutely
yes,
it's
it's
good
for
the
business,
it's
good
for
the
team,
it's
good
for
for
people's
work
to
life
balance
right.
They
are
not
expected
to
be
working
20
hours
a
day.
They
work
there.
You
know
810
hours
for
there,
whatever
they
want
to
do,
and
then
they
pass
off
pass
on
the
work
to
the
to
the
next
person.
Also,
what
what
would
what
it
gives
us
is
is
a
is
the
diversity
that
I
have
not
encountered
in
other
companies
right.
B
Everyone
speaks
with
a
different
English
accent,
and
many
of
us
are
native
English
speakers.
So
you
know
sometimes
we
struggle,
but
now
it's
this
small
nuances,
small
in
a
bits
and
pieces
that
did
add
to
the
variety
and
the
richness
sort
of
the
culture
and
the
team,
and
that
really
helps
it
helps
prove
it
prevents
us
from
becoming
this.
You
know
a
company
that
is
a
monoculture
so
to
say
right,
there's
definitely
it
improves
or
it
it
affects
diversity.
Great
yeah,.
A
B
Yes,
absolutely
we
have
well
depending
on
the
teams,
but
generally
what
every
team
has
at
least
one
weekly
sync
up.
When
you
know
everyone
gets
together
and
if
time
zones
do
not
allow
for
this,
then
usually
what
we
would
do
is
a
let's
call
the
rotation
of
suck
right.
So
I
don't
know
one
week,
you
know
it
sucks
for
you
and
next
week
it's
going
to
suck
for
someone
else,
go
see
on
the
other
side
of
the
world
right.
B
So
that
way
we
ensure
that
we
still
get
some
face
time
engagements
with
one
another
and
as
a
security
department.
We
have
bi-weekly
meetings
where
everyone
from
each
lab
security,
I,
guess
together
and
discusses
things,
and
you
know
important
announcements
are
made
and
so
forth
and
all
of
course
there's.
B
You
know
that
the
one
on
one
thing
right,
which
is
the
the
thing
that
we
do
most
of
my
days,
I
spent
in
in
one-on-ones
talking
to
people
talking
to
my
to
the
managers
reporting
to
me
to
the
ISIS
reporting
to
me
and
to
my
peers,
and
in
you
know,
within
the
good
lab
security
department
and
in
other
departments
as
well.
You
know
such
as
yourself
such
as
zero
people
from
legal
people,
ops
and
so
forth.
B
A
Now
it
makes
it
a
ton
of
sense.
I
I've
never
worked
for
a
company
that
is
as
intentional,
with
our
communication.
Every
company
I've
ever
worked
in.
It's
always
been,
you
know,
sitting
in
a
desk
or
cubicle
next
to
someone
else,
and
you
might
sit
next
to
someone,
but
you
never
have
an
intentional
conversation
other
than
hey
what'd.
You
do
this
weekend.
B
A
You
know
having
issues
like
this.
You
have
to
have
scheduled
time
with
your
team
members.
It
makes
it
really
productive
and-
and
it
feel
that
you
feel
very
connected
to
people,
even
though
you're
not
necessarily
sitting
next
to
them
everyday,
that's
something
that
I
have
really
found.
This
that
was
really
surprised
me
about
get
lab
was
that
it
feels
very
human.
If
you
will
that's
the
best
way,
I
can
describe
it
versus
you
know.
Looking
at
a
computer
screen
every
day
right.
B
Yeah
I
think
that's,
that's
a
that's
a
pretty
pretty
solid
description.
You
know
when
I
started,
I
think
it
took
10
or
11
months
of
me
being
with
a
company
until
I
met
the
people
that
I
work
with
every
day
right
and
we
met
in
New
Orleans
last
year
and
it
was
fantastic.
It's
great
to
see
these
people,
you
know,
and
it's
always
funny
when
you
see
someone
live
I
mean
you
know,
they're
they're
tall
they're
shorter
than
you
expect.
You
know
it's
always
the
you
you
can
recognize.
B
The
face
is
obviously-
and
you
recognize
the
voices,
but
everything
else
is
it's
a
bit
funny
yeah,
it's
I
mean
you
know,
I
joined
gitlab
because
because
it
an
opportunity
was
extended
to
me
to
build
the
security
operations
team.
That's
what
it
was.
The
prime
reason
why
I
joined
and
I
worked
in
operation
security
operations
before
an
AWS,
so
I
immediately,
you
know,
I
was
like
yep
I'm,
yeah
I'm
gonna
do
this.
B
This
sounds
great
and
you
know
do
the
ability
to
push
change,
not
just
within
the
team
or
the
department
but
company-wide
with
such
ease.
That's
just
that's
the
most
amazing
part
of
of
being
with
this
company
I
think
and
that
resonates
really
well
with
many
people
that
have
spent
time
doing
security
in
in
larger
enterprises
or
more
traditional
companies
and
where,
where
change
is
really
always
something
that
is
very
hard
to
to
push
and
achieve
right.
This
is
not
the
case
with
gitlab.
A
B
Absolutely
like
there's
nothing
without
iteration
it's.
You
know
it's
one
of
our
core
values,
of
course
right,
but
it's
also
how
we
do
things.
It's
not
just
the
value
on
a
paper
or
in
the
handbook.
Actually,
you
know,
having
said
that,
I
think
it's
important
to
call
it
out
it
things
that
are
in
the
handbook.
That's
actually
how
things
are
in
the
company.
Well,
at
least
for
the
for
the
vast
vast
majority
of
things
right,
everything
when
it
comes
to
values
and
and
benefits,
like
you
know,
taking
time
off
all
that
stuff.
B
It's
not
it's
not
just
be
alright,
and
especially,
if
you're
having
a
hard
time
in
your
personal
life
and
you,
you
need
to
take
time
off
you're
more
than
welcome
to
take
time
off
and
if
you're
not
taking
time
off,
your
manager
should
encourage
you
to
take
time
off.
I
personally
have
sent
people
on
vacations
because
they
were
burning
out
and
I
noticed
that
and
they
didn't
notice
it
because
you
know
burnout
is
something
that
is
it's
a
challenge.
B
It's
a
real
thing
right
when
you're
working
when
your
work
environment,
overlaps
with
your
home
environment,
it's
very
easy
to
get
sucked
into
this
mindset
that,
oh,
you
know
what
I'm
just
gonna
work
for
it
for
an
additional
hour.
I
know:
I
have
a
spare
a
spare
hour
I'll.
Just
you
know:
I'll
just
gonna
write
some
code
or
whatever,
so
it
takes.
You
know
self-discipline
to
to
kind
of
start,
differential
and
and
and
and
emphasis.
B
A
Know
I
actually
going
through
the
recruiting
process.
I
was
reading
all
the
handbook
pages
and
videos
and
I
started
asking.
Is
this
real
like
to
really
do
this,
and
now
that
I'm
here
and
pleasantly
surprised
that
it's
all
very
true
and
I'm
so
excited
to
be
here
as
well?
I
I
realized
that
what
I
was
missing
when
I
was
working
at
kind
of
in
a
covert
co-located
space
and
so
so
excited
to
be
here
well
yawn.
Thank
you
very
much.
I
really
appreciate
your
time.
A
I
realize
also
that
I
did
not
introduce
myself
at
the
beginning
of
the
conversation,
but
my
name's
Ryan,
a
technical
recruiter
here
to
get
lab
and
I
I
support
our
security
team,
which
is
John's
team
or
part
of
the
team,
as
well
as
other
teams
and
security,
as
well
as
our
secure
and
defense
gauges
lab.
So
I'm
always
looking
for
great
people
to
talk
to
so
again
yawn.
Thank
you
very
much
for
your
time
today,
really
appreciate
it
and
look
forward
to
working
with
you.