►
From YouTube: Threat Management Staff Meeting 2020-11-17
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Welcome
to
the
threat
management
staff
meeting
since
I've
got
the
first
item
in
the
agenda
I'll
go
ahead
and
get
started
up
until
this
week
we
have
been
sharing
accomplishments
in
the
we've.
Had
the
intention
of
sharing
accomplishments
in
the
weekly
group
calls,
which
hasn't
always
happened.
That's
on
me
we're
working
on
automating
that,
but
we
are
also
in
an
attempt
to
better
share
information
and
put
things
in
one
place:
we're
going
to
start
to
put
all
of
the
weekly
accomplishments
or
the
bi-weekly
accomplishments
now
in
this
agenda.
A
A
And
then
I
have
a
couple
of
other
items
in
the
agenda
so
unless,
if
anyone
has
anything,
they
want
to
call
out
around
accomplishments
or
thoughts
on
this
change
of
plan
and
how
to
share
them
I'll
move
on
okay,
we've
finalized
our
okrs.
I
just
want
to
make
sure
we
don't
talk
about
them
a
lot,
but
when
we
get
the
beginning
of
the
quarter,
I
want
to
make
sure
we
point
them
out
to
everybody.
So
you
know
I
want
to
encourage
you
to
look
at
the
okrs
and
ask
questions
in
line
in
the
comments.
A
There's
some
new
ones
and
some
very
familiar
ones
in
there.
So
we'll
just
leave
it
at
that
and
then
a
reminder
that
our
employee
engagement
survey
is
kicking
off
this
week.
You
probably
received
an
email
yesterday
on
that,
and
it
only
took
about
five
minutes.
So
don't
forget.
Does
somebody
want
to
verbalize
thiago's
update.
C
I
can
do
it
since
I
mentioned
somewhere
there,
so
we
have
two
backend
engineers
that
we
are
actually
there.
We
have
offers
for
two
backend
engineers.
We
keep
those
names
confidential
until
those
offers
are
accepted.
C
I
will
move
to
on
13th
of
of
december
to
containers
security,
but
I'll
still
review
like
helping
whenever
there
will
be
a
need
for
that
within
threat,
insight
and
and
the
next
candidate,
like
okay
I'll
start
with
with
the
one
candidate,
and
there
will
be
another
candidate
that
that
should
start
on
in
the
middle
of
march.
C
B
A
And
we
do
have
an
okr
around
putting
together
sort
of
a
team
building,
whether
it's
asynchronous
or
synchronous
or
combination
of
both,
and
I
think
we
should
wait
until
january
once
at
least
one
of
the
new
hires
is
on
board.
So
I'll
be
getting
your
input
on
thoughts
on
that
closer
to
the
beginning
of
2021..
A
Last
agenda
item
is
a
call
for
agenda
items.
If
you
have
ever
attended
the
secure
stage.
Meeting
most
of
the
agenda
is
contributed
to
by
the
engineers
on
the
team.
This
shouldn't
be
a
time
for
just
thiago
wayne
and
myself
to
share
stuff
with
you,
because
we
have
other
other
means
of
doing
that.
So
I
want
to
encourage
you
to
use
this
space
as
a
place
to
share.
You
know
something
you've
learned
recently,
something
that
you
think
would
be
helpful
to
the
whole
group,
an
idea
you
had.
A
Just
putting
that
out
there,
I
know
we
have
a
lot
of
places
to
do
that,
given
our
slack
channels,
but
we
want
to
make
this
a
useful
time
for
everybody.
D
I
just
have
a
question:
that's
happened
recently.
I
just
have
a
question
for
lindsay
on
that.
We
on
my
side,
we
have
the
container
security
weekly
meeting
and
then
sometimes
it's
hard
to
know
what
I
would
share
over
there
and
what
I
would
share
over
here.
Would
you
have
a
couple
of
examples
on
how
to
create
this
realistic.
A
That's
a
great
question
and
I
think
the
same
thing
applies
to
you
know.
What
do
I
share
in
the
container
security
slack
channel
versus
the
threat
management
slack
channel
and
my
answer
to
that
and
I'll?
Let
everyone
else
chime
in
with
their
thoughts
is
that,
if
it's
specific
to
something
you're
working
on
in
container
security,
an
issue-
something
that
you
know
is
a
requirement
from
sam
or
a
design
from
kyle
that
should
be
in
your
weekly
container
security
meeting
or
in
the
container
security
select
channel
something
about
the
team.
A
You
know,
maybe
a
process
improvement
that
you're
thinking
about
or
something
that
you
learn
about
like
get
lab
as
a
whole.
That
might
help
everybody
be
more
efficient
and
you
know
how
they're
iterating
on
their
mrs
or
an
educational
opportunity,
maybe
you're
getting
a
new
certification
and
you
think
it'd
be
something
that
other
people
would
be
interested.
I'd
say
that
would
belong
more
in
the
threat
management,
because
it's
not
specific
to
container
security.
Everybody
can
benefit
from
it.
B
Good
stuff,
so
I
just
there
are
some
recent
slack
messages
in
sd
threat
management.
I
just
wanted
to
throw
it
out
there.
It
was
only
a
day
ago,
roughly
so
any
volunteers,
to
look
at
and
organize
something
for
our
sub
department
on
a
holiday
session.
You
know
a
year
ago.
B
I
think
we
had
four
people
on
the
team.
They
made
four
or
five
permanent
members,
so
not
that
many
so
or
people
were
really
really
new.
It
didn't
make
sense
to
do
this.
I
didn't
actually
even
know
this
existed,
I'm
glad
it
does.
Anybody
want
a
volunteer
whose
name
is
not
lindsey.
B
Right,
if
so,
you
know,
may
comment
here,
comment
in
the
slack
message
which
I
didn't
like
something
else
so
also
just
a
heads
up,
so
I
find
and
as
there's
lindsay
and
thiago
interesting
things
in
other
slack
channels
and
meetings
just
to
let
the
group
know
about
it.
So
I
posted
this.
B
One
too,
is
that
stan
is
working
on
retiring,
almost
13
13
000,
deprecation
warnings
from
the
ruby
2.7
upgrade
and
he's
looking
for
help
to
help
with
a
couple
of
them
and
there's
an
issue
there
and
dong
also
put
in
a
slack
channel.
So
if
anybody's
in
don't
have
to
be
interested,
if
anybody's
interested,
you
know
take
a
look,
thinks
I'm
not
and
so
cool
the.
So
you
guys
don't
have
to
just
they're
looking
for
volunteers,
they
really
mean
volunteer.
B
So
if
you're
interested
look,
if
you're
not
interested,
feel
free
to
ignore
anything
else
in
our
slack
channel
that
we
haven't
discussed
that
may
be
doing
so.
Synchronous
would
be
a
useful
thing
to
do
we're
doing
a
book
club
on
who
moved
my
cheese,
which
is
about
change.
There's
there's
if
you're
interested
in
doing
I
I've
only
done
my
first
book
club
that
get
recently
so
it's
kind
of
a
neat
way
to
talk
about
a
book,
I'm
really
interested.
B
So
if
you're
interested
take
a
look
at
that
just
scrolling
past
a
little
more,
I
think
those
are
the
only
kind
of
fyi
on
certain
things.
So.
B
B
So
on
that
note,
I
saw
somebody
use
breakout
rooms
and
zoom.
Has
anybody
done
a
breakout
room
in
zoom
before
lindsay's
nodding
a
lot
of
people
saying
no
so.
B
Yep
yep
yep,
that's
it
so
anybody
folks,
okay
with
humoring
me
as
we
try
it
here
and
maybe
break
up
into
groups,
maybe
for
just
two
minutes
to
talk
about
the
you
know
two
group,
each
two
people
talk
about
the
q4
okrs
and
what
they
like
about
them
and
what
they
don't
I'm
seeing
one
thumbs
up
any
other
all
right.
Let
me
see
if
I
can
figure
this
out
breakout
rooms,
some
of
the
participants
there's.
B
A
And
while
he's
figuring
that
out,
you
guys
just
a
reminder
that
friends
and
family
day
is
next
wednesday
and
there's
a
us
holiday
following
that,
so
thanksgiving
and
a
lot
of
people
end
up
taking
thanksgiving
and
the
following
day.
Folks,
like
me,
are
taking
the
entire
week
so
keep
in
mind
that
it's
going
to
be
a
real
quiet
week
next
week.
A
B
All
right,
so
the
goal
here
is
you're
going
to
be
shoved
into
a
breakout
room
and
then
take
a
look
at
that.
Q4
okrs
just
discuss
it
amongst
the
the
two
of
you
and
then
go
back
in
two
minutes
and
discuss
as
a
group.
B
A
B
Yeah
people
got
messy,
I
didn't,
I
didn't
put
you
in
one
since
you
and
I
oh
okay,
but
we
can
still
talk
about
it.
So
taking
a
step
back
on
the
okrs.
What
what.
A
So
I
guess
the
main
thing
that
I
have
to
talk
to
you
about.
Okay,
ours
is
that
I
still
have
one
in
that
draft
mode,
and
I'm
you
know
we.
I
haven't
replied
back
to
your
comment
on
the
lcp
I
was
looking
at
the
spreadsheet
for
that
recently,
and
the
pages
that
don't
have
a
green
rating
of
ours
are
only
getting
that
because
they're
getting
a
404
response,
which
is
interesting
so.
A
B
B
A
The
other
okay,
our
thought
I
had
is
that,
given
our
our
goal
of
three
mrs
a
month
now
for
managers
with
the
holidays,
that's
going
to
be
a
little
harder.
We
may
have
wanted
to
stick
with
two
until
next
quarter
and
been
more
ambitious
when
we
weren't
going
to
be
taking.
You
know
one
or
you
know
a
week
off
for
november
and
december,
so
just
putting
that
out
there
as
it
might
be
a
little
risky
with
the
3mrs.
F
I'm
sure
yeah
I
mean
I
I
think
it
can.
I
think
it
definitely
got
some
uses
for
sure
that
one
was
pretty
short.
F
B
Thanks
jonathan
see
me
having
zumer
laughing
and
me
how
nautic.
B
So
that
note
in
the
extremely
short
120
seconds
somebody
somebody
want
to
volunteer
from
each
breakout
room
to
say
you
know
what
what
your
initial
impressions
were
in,
that
very
short
period
of
time,.
D
I
can
talk
about
mine,
we
were
talking
about
okay,
general,
we
didn't
went
through
each
of
them,
but
basically
we
were
discussing
the
difference
between
how
things
are
in
threats
inside
in
terms
of
okrs
and
container
security.
But
that's
it's.
It's
a
slightly
different
dynamic.
A
D
Yeah,
I
can
mention
a
couple
examples,
sometimes
in
container
security,
we
have
to
explore
third
party
solutions,
and
that
means,
for
example,
that
the
mrh
is
going
down
a
lot
right
in
comparison
like
if
we
had
like
a
solid
feature
that
users
are
using,
and
then
you
start
having
like
bugs
and
things
like
this,
then
then
my
rate
can
go
up
a
little
bit
more.
That
was
the
two
minutes
that
one
that
was.
We
went
through.
E
It
also
kind
of
depends
what
we're
dealing
with
like
this
cycle.
I
barely
did
get
three
merge
requests
done
and
the
third
one
is
basically
me
trying
to
migrate
five
million
rows
in
our
database,
which
is
getting
significant
push
back
pushback
from
the
maintainers
and
inconsistent
feedback
from
them
as
well.
So
this
is
like
me
trying
to
put
together
a
puzzle,
but
I'm
missing
three
or
four
pieces.
A
And
I
know
other
people
have
had
that
same
experience
where
it's
you
know
for
one
milestone:
they've
only
gotten
a
couple
of
mrs
merged
because
they
were
focused
on
something
really
complicated,
and
I
think
that's
why
we
make
the
reminder
that
it's
a
team
goal
and
it's
an
average
of
the
whole
team.
And
if
everyone
on
the
team,
which
is
what
zamir
just
described,
is
focused
on
these.
Like
long
investigative
tasks,
then
you
know
the
whole
average
is
lower.
So
that
all
makes
sense.
Thanks
for
explaining.
F
It
would
be
awesome
if
there
was
a
way
to
like
take
into
account
complexity
of
mrs
in
the
rate
rather
than
just
like,
because
every
mr
is
not
rated
the
same.
Every
r
is
not
the
same,
so
you
get
something
from
like
from
me.
How
that
would
that
just
is
very
time
consuming
a
highly
complex
task
that
you
can't
break
up,
and
I
mean
you
could
balance
that
out
with
like
the
rest
of
us
doing
as
small
as,
like.
F
F
G
D
Thanks
just
to
finalize
the
logic
that
I
was
thinking
of,
not
that
I
was
cut
off,
it's
just
that
k
me
later
and
when
I
see,
for
example,
they
are
more
rate,
and
I
know
that
I'm
not
contributing
much
because
I'm
doing
other
you
just
feel
bad
because
you're
pushing
the
rates
down
right.
It's
just
that's
why
I
was
mentioning
the
difference
between
the
two
teams.
It's
I,
but
I
don't
have
a
solution
on
how
to
improve
on
that.
So
then
it's
just
something
to
think
about.
B
It's
it's
about
the
team
and
the
average
overall
and
average
overtimes
not
per
person,
but
I
I
definitely
get
where
you're
coming
from
on
terms.
You
might
see
terms
in
the
handbook,
in
other
places
narrow,
mr
rate
so
narrow.
It
means
that
that's
the
the
the
metric
we
track.
It
hasn't
changed.
It's
just
the
terminology
which
mrs
done
by
us
in
any
part
of
the
product
or
documentation,
not
the
handbook
but
project
or
documentation
by
our
team.
So
it
does
not
include
community
contributions,
which
is
important
too.
That's
the
broad
mr8
it.
B
But
you
know,
let's
say
you
know,
no
alan!
You
do
a
change
to
a
different
part
of
the
product.
That's
not
right,
insights
or
container
that
counts
on
our
team.
Mr
raid,
let's
say.
B
In
another
team
member
makes
a
change
to
you
know
the
vulnerability
dashboards
somebody
on
the
secure
in
the
secure
department
or
some
other
developer
that
doesn't
count
in
our
narrow
end
rate.
So
that's
just
how
what
the
term
narrow
mr8
means.
It's
only.
I
think
we've
only
started
using
in
the
last
four
or
six
weeks.
B
F
C
Yeah
yeah:
we
need
to
the
one
thing
that
is
important
in
terms
of
mri:
it's
it's
not
just
metrics,
it's
just
something
that
will
should
force
us
to
think
iteratively,
like
think
in
small
changes,
because
these
are
easier
to
merge
and
all
of
that
and
I
get
that
it's
like
the
biggest
problem
of
the
whole
container
like
computer
science,
is
how
to
measure
effectiveness
of
our
work.
And
it's
really
it's
really
hard
to
measure
that,
because
sometimes
you're,
just
taking
a
shower
and
just
thinking
about
that.
C
That
doesn't
count
to
your
mr
rate
right,
but
at
the
same
time,
when
you're
doing
small
changes,
these
are
easy
to
be
like
either
reverted,
but
first
of
all
it's
easy
to
be
reviewed.
C
So
for
for
me,
I'm
I
I
like
that
that
we're
trying
hard
and
if
we
think
as
a
team,
how
to
make
sure
that
we
deliver
like
lots
of
mrs
that
and
contributing
to
the
product.
So
so
that's
that's
a
good
thing.
B
I've
been
trying
to
take
good
notes
and
what
people
have
been
saying.
So
please
take
your
own
notes
when
you,
when
you
say
things
or
before
you
say
them
or
just
correct
whether
people
have
written
what
you
said.
So
I
may
have
gotten
what
people
said
really
inaccurately
and
if
I
did,
I
apologize
so
but
please
correct
for
folks
who
couldn't
make
the
meeting
today
but
still
review
the
notes.
So.
A
I
want
to
add
a
thought
you
know.
I
don't
know
what
the
background
equivalent
of
this
is,
but
for
the
front
end,
we've
got
these
small
pajamas
migration
issues
that
you
can
pick
up.
You
know
no
one
wants
to
be
stuck
on
the
same
time,
consuming
challenging
exhausting
investigation
for
months
on
end.
So
you
know-
and
we
also
don't
want
to
punish
anyone
for
putting
hard
work
into
those
things.
A
C
Yeah
for
for
us,
it
would
be
probably
errors
and
century.
So
whenever
there
are
some
like
these
are
usually
one-liners
that
there
is
some
kind
of
exception
that
was
not
captured
by
us.
So
so
that's
one
thing
that
we
could
do
look
through
center
and
we're
doing
that
on
weekly
basis,
we're
looking
at
the
things
that
are
there
and
and
just
resolving
the
issues.
C
The
other
thing
is
one
thing
that
wayne
mentioned
about,
like
fixing
warnings
for
ruby
2.7,
so
that
that
could
also
improve
those
small
changes
are
really
really
good
thing,
because
there's
easy
they're
very
easy
to
be
merged.
At
the
same
time,
you
just
feel
happy
that
you
did
something
and
you
contributed.
B
Yeah,
the
pajama
changes
are
bigger
than
I
think,
probably
those
ruby
warnings
but
they're
in
the
same
class.
I
think
of
relatively
small,
and
you
know,
when
waiting
on
a
on
a
pipeline
to
run
we're
waiting
on
a
person
to
get
back
to
you
or
you
know,
or
multiple
of
those
things
in
flight
or
waiting
on.
You
know
your
coffee
machine
to
heat
up.
Some
of
those
might
be,
you
know
a
10
or
you
know
60
minute
change.
B
It
might
be
good
things
to
look
at
because
also,
I
sure,
love
when
something
something
I've
worked
on
gets
merged
and
it's
just
kind
of
I'm
sure.
Many
are
like
that.
So
even
if
it's
a
small
little
like
I
made
a
typo
change
yesterday
to
a
handbook
page,
just
a
word
was
spelled
wrong.
It
was
kind
of
me.
B
I
still
feel
good
about
it
when
I
saw
it
get
merged
or-
and
it
gives
that
combination
of
these
much
bigger
things
that
take
a
lot
longer
like
investigational
like
investigating
new
new
software
to
incorporate,
or
you
know,
I'm
not
like
me
how
much
you
know
five
million.
I
think
those
five
million
rows
need
to
be
migrated
and
a
lot
of
feedback
on
that
in
mr
to
you
know
to
normal
size,
things
or
average.
I
think
two
really
small
things
on
the
small
side.
B
We
have
it
but
still
important.
So
some
something
to
think
about
the
other
thing
is,
I
think
it's
been
a
very
interactive
session.
Maybe
one
of
the
most
interactive
we've
had.
I
think
we
should
consider
other
breakout
rooms
in
the
future
and
just
on
a
subject,
make
it
to
jonathan's
point
more
than
two
minutes.
Apologies
and
then
you
know
then
come
back
to
the
group
and
report
back.
How
long
should
one
be
five?
B
C
Minutes
five
and
that
would
also
work
whenever
someone
new
is
joining
us,
so
we
can
like
during
the
onboarding
we
could
have
a
call
and
we
could
have
like
five
minutes
session
with
each
of
us
and
then
we
could
have
like
other
five
minutes.
Breakout
calls
with
others.
So
we
can,
you
know
just
like,
like
it
happened
during
the
it
was
summit,
or
I
don't
remember.
The
name
of
our
yeah
that
was
summit
right
sounds.