Engineering handbook/etc changes from sec section realignment
Ref: gitlab-com/www-gitlab-com!78416 (merged)
Summary of changes for the context of this issue:
- All groups under the sectionsec are consolidating under @tstadelhofer
- EMs @thiagocsf & @lkerr will report to Todd (previously reporting to @whaber)
- The Threat Management subdepartment is no longer needed
Engineering portions of handbook
Ready to action:
-
Move relevant Threat Management content (if any) to https://about.gitlab.com/handbook/engineering/development/secure/ (or sub-pages) -
Move relevant Threat Management content (if any) to https://about.gitlab.com/handbook/engineering/development/protect/ (or sub-pages) -
Delete https://about.gitlab.com/handbook/engineering/development/threat-management/ -
Remove mentions to threat management from https://about.gitlab.com/handbook/communication/chat/#sub-department-channels-sd_ -
Remove https://about.gitlab.com/handbook/engineering/development/performance-indicators/threat-management/ -
Create https://about.gitlab.com/handbook/engineering/development/performance-indicators/protect/ -
Remove Threat Management from sub-department list from https://about.gitlab.com/handbook/engineering/development/ -
TBC Add Protect sub-department to https://about.gitlab.com/handbook/engineering/development/ -
Remove references to Threat Management sub-department from https://about.gitlab.com/handbook/engineering/development/secure/ (top of page & delineation section) -
@lkerr Rename/relabel & update https://about.gitlab.com/handbook/engineering/development/threat-management/delineate-secure-threat-management.html gitlab-com/www-gitlab-com!81980 (merged) -
team.yml
updates - after the Bamboo changes are done -
Bamboo update: Job Title Speciality (currently Threat Management for all)
Sisense
-
Determine which sisense dashboards need to be updated and add tasks below -
Find new home for velocity charts from https://app.periscopedata.com/app/gitlab/556285/Threat-Management-Development-Metrics -
Archive https://app.periscopedata.com/app/gitlab/556285/Threat-Management-Development-Metrics -
Move Threat Monitoring charts from https://app.periscopedata.com/app/gitlab/671986/Threat-Management-Metrics to https://app.periscopedata.com/app/gitlab/694854/Container-Security-Metrics -
Rename https://app.periscopedata.com/app/gitlab/671986/Threat-Management-Metrics to Vulnerability ManagementThreat Insights Metrics -
@lkerr Add link to Protect on Performance Indicator page (sites/handbook/source/handbook/engineering/development/performance-indicators/groups/index.html.md.erb)
Issue and MR label(s)
-
Start using Deliverable labels -
Determine which issue and MR labels need to be updated and add tasks below
@lkerr
Google calendar(s)-
Move Threat Management recurring meetings to new shared calendars (or remove if unnecessary) -
Threat Mgmt Milestone Retrospective (EMEA/NAM + NAM/APAC) -
Threat Management Office Hours - US/APAC friendly [REC] -
Threat Management Staff Meeting (US/APAC-friendly time) [REC]
-
-
Remove Threat Mgmt Sub-Department
calendar -
SplitRemove Threat Management Community Office hoursinto group-based discussions. In the future, consider combining with general Threat Mgmt Office hours (see above) - example issue (w/ calendar link)
@thiagocsf
Google groups --
Determine which groups need to be updated and add tasks below
Slack channels and groups
-
Remove aliases: @threat_mgmt_be
,@threat_mgmt_fe
,@threat_mgmt_eng
(https://gitlab.com/gitlab-com/team-member-epics/access-requests/-/issues/9321) -
Create channels: #g_secure_threat-insights_standup
,#g_protect_container-security_standup
-
Configure Geekbot on channels above -
Archive channels: -
#sd_threat_mgmt_backend
,#sd_threat_mgmt_and_growth_managers
,#s_growth_threatmgmt_em
-
#sd_threat_mgmt_frontend
,#sd_threat_mgmt_standup
-
From 2021-04-01, archive #s_growth_threatmgmt_em
&#sd_threat_mgmt
channels
-
-
Delete the threat mgmt standup in geekbot: https://app.geekbot.com/dashboard/standup/47611/manage/advanced -
@lkerr Determine new names/locations/solutions for channels: sd_threat_mgmt_social
,#sd_threat_mgmt_frontend
(Lindsay's direct reports),#sd_threat_mgmt_backend
(Thiago's direct reports) -
@lkerr Ensure Slack aliases exist at the group level for FE & BE teams
@thiagocsf
Youtube playlist(s) --
Create GitLab Group Kickoffs - Secure:Threat Insights -
Create GitLab Group Kickoffs - Protect:Container Security -
Update description on Threat Management playlists to refer to new playlists -
Threat Management Department https://www.youtube.com/playlist?list=PL05JrBw4t0KpqY7EwA_JaCtb9YrfPLA6d -
Threat Management Community Office Hours https://www.youtube.com/playlist?list=PL05JrBw4t0KrmpGUt33tVXzONJiwCgb_S
-
Retrospectives
-
Create new retro configs for groupthreat insights -
Create new retro configs for ~"group::container security" -
determine what to do with existing retro issues - since we've just renamed the Threat Managment
retro project toProtect
, our previous retro issues will live on under theProtect
retro project
@thiagocsf
gitlab-org/threat-management-
https://gitlab.com/gitlab-org/threat-management/secure/threat-insights/backend: delete (replaced by gitlab-org/secure/threat-insights-frontend-team
) -
https://gitlab.com/gitlab-org/threat-management/secure/threat-insights/frontend: delete (replaced by gitlab-org/secure/threat-insights-backend-team
) -
https://gitlab.com/gitlab-org/threat-management/secure/threat-insights/jira-test: delete (if necessary, recreate under https://gitlab.com/gitlab-org/security-products) -
https://gitlab.com/gitlab-org/threat-management/secure/threat-insights/json-schema-ref-parser: delete -
https://gitlab.com/gitlab-org/threat-management/managers: delete (replaced by https://gitlab.com/gitlab-org/secure/managers and https://gitlab.com/gitlab-org/protect/managers) -
https://gitlab.com/gitlab-org/threat-management/fullstack: delete (any fullstack engineers to be added to the relevant backend/frontend groups as needed) -
https://gitlab.com/gitlab-org/threat-management/backend: delete -
https://gitlab.com/gitlab-org/threat-management/frontend: delete -
https://gitlab.com/gitlab-org/threat-management/defend: move contents to https://gitlab.com/gitlab-org/protect/ -
https://gitlab.com/gitlab-org/threat-management/general: -
move issues to secure, protect or the relevant project -
delete copy office hours template - this has been retained under the Protect project: https://gitlab.com/gitlab-org/protect/general/-/blob/master/.gitlab/issue_templates/Community%20Office%20Hours.md -
update list of projects so MR rate calculation stays correct. https://gitlab.com/gitlab-data/analytics/-/merge_requests/4902 -
delete
-
-
https://gitlab.com/gitlab-org/threat-management/onboarding -
move https://gitlab.com/gitlab-org/threat-management/onboarding/-/blob/master/.gitlab/issue_templates/ContainerSecurity-TechnicalOnboarding.md to https://gitlab.com/gitlab-org/protect/onboarding -
move https://gitlab.com/gitlab-org/threat-management/onboarding/-/blob/master/.gitlab/issue_templates/ThreatInsights-TechnicalOnboarding.md to https://gitlab.com/gitlab-org/secure/onboarding (or remove & use secure/onboarding for all groups) -
incorporate https://gitlab.com/gitlab-org/threat-management/onboarding/-/blob/master/.gitlab/issue_templates/Onboarding.md to https://gitlab.com/gitlab-org/secure/onboarding/-/blob/master/.gitlab/issue_templates/Technical_Onboarding.md gitlab-org/secure/onboarding!56 (merged) -
move issues to secure or protect, as needed -
delete https://gitlab.com/gitlab-org/threat-management/ -
fix team members listed on https://about.gitlab.com/handbook/engineering/development/protect/
-
Other stuff
-
Geekbot updates -
https://timezone.io/team/threat-management updates - @thiagocsf -
Create https://gitlab.com/gitlab-org/protect (https://gitlab.com/gitlab-com/team-member-epics/access-requests/-/issues/9342) -
Determine fate of items under https://gitlab.com/gitlab-org/threat-management -
Rename https://gitlab.com/gitlab-org/quality/triage-ops/-/tree/master/policies/groups/gitlab-org/threat-management to https://gitlab.com/gitlab-org/quality/triage-ops/-/tree/master/policies/sections/ or create two sets of group-based files
Edited by Lindsay Kerr