User input on secure capabilities

Proposal

Increase customer input earlier in the SDLC for UX to work with more proactively to identify user requirements.

Context

For most GitLab capabilities, development or operations is our primary target. Developers can easily relate to the features and requirements used to plan, create and deploy applications. But developers are not also security users. Understanding what a security person wants to see is more foreign, even to the secure dev team. Often it seems we guess at what is needed and seek rapid feedback. However, iteration takes time and requires patience from the users. We need some rapid success if we are to have the Ultimate penetration we expect this year.

Steps suggested

• For urgent short-term, work with @KimLock and sales to identify a couple of customers/prospects with whom we can work for things like https://gitlab.com/gitlab-org/gitlab-ee/issues/10734#note_160556318. We could have a slack channel and ask their input on things very early when are uncertain over which path to take.
• For longer term, as secure customers come on line, establish a secure and defend off shoot of CAB to provide more strategic-level roadmap and messaging input.
• Cindy has been accepted to speak at Gluecon May 17 (Denver, CO). The proposal was for a focus-group-like session to ask developer's their opinions about security. It would be great to have a UX team member attend also.

cc: @sarahod @andyvolpe @kuthiala @kencjohnston @plafoucriere

Thoughts?