[{"data":1,"prerenderedAt":793},["ShallowReactive",2],{"/en-us/blog/whats-it-like-to-work-security-at-gitlab":3,"navigation-en-us":37,"banner-en-us":437,"footer-en-us":447,"blog-post-authors-en-us-Heather Simpson":689,"blog-related-posts-en-us-whats-it-like-to-work-security-at-gitlab":703,"assessment-promotions-en-us":745,"next-steps-en-us":783},{"id":4,"title":5,"authorSlugs":6,"body":8,"categorySlug":9,"config":10,"content":14,"description":8,"extension":25,"isFeatured":12,"meta":26,"navigation":27,"path":28,"publishedDate":20,"seo":29,"stem":33,"tagSlugs":34,"__hash__":36},"blogPosts/en-us/blog/whats-it-like-to-work-security-at-gitlab.yml","Whats It Like To Work Security At Gitlab",[7],"heather-simpson",null,"unfiltered",{"slug":11,"featured":12,"template":13},"whats-it-like-to-work-security-at-gitlab",false,"BlogPost",{"title":15,"description":16,"authors":17,"heroImage":19,"date":20,"body":21,"category":9,"tags":22},"What’s it like to work in security at GitLab?","Job descriptions and the job they represent don't always line up.  What does someone working in our Security department actually do?",[18],"Heather Simpson","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749671032/Blog/Hero%20Images/wocintechchat_blog2.jpg","2021-01-07","\n\n{::options parse_block_html=\"true\" /}\n\n\n\nThis is post 2 of a 3 part series profiling several women in GitLab’s security organization.  See part one, [\"How to break into security\"](/blog/breaking-into-security/)and three, [\"Considering a career in security? Here’s some advice.\"](/blog/considering-a-career-in-security/).\n\n\n_Breaking into technology, and security, can be difficult for anyone. At GitLab [31% of our workforce identifies as women](https://handbook.gitlab.com/handbook/people-group/people-success-performance-indicators/#diversity---women-at-gitlab). In our security department we have ten team members who are women out of a total of 48 team members; that’s 21%.  Global women in tech numbers are around 21.4% according to [CNET](https://www.cnet.com/news/microsofts-first-in-depth-diversity-report-shows-progress-remains-slow/) and this recent study, [“Resetting Tech Culture”](https://www.accenture.com/us-en/blogs/accenture-research/why-tech-is-losing-women-just-when-we-need-them-the-most) indicates that young women who go into tech drop out by the age of 35.  How do we change this?  GitLab is looking to help there through our [outbound hiring model](https://handbook.gitlab.com/handbook/hiring/candidate-faq/), [tracking and working toward key metrics](https://handbook.gitlab.com/handbook/people-group/people-success-performance-indicators/#diversity---women-in-management), [inclusion training](https://handbook.gitlab.com/handbook/company/culture/inclusion/#diversity-inclusion--belonging-training-and-learning-opportunities), [team member resource groups](https://handbook.gitlab.com/handbook/company/culture/inclusion/erg-guide/#how-to-join-current-tmrgs-and-their-slack-channels), Engineering department-based developmental and networking groups (like our [Women in Security group](https://handbook.gitlab.com/handbook/security/women-in-security.html)), building and fostering an [inclusive remote culture](https://handbook.gitlab.com/handbook/company/culture/inclusion/building-diversity-and-inclusion/) and [mentorship programs](https://handbook.gitlab.com/handbook/company/culture/inclusion/erg-minorities-in-tech/mentoring/)._\n\nReading a job description can only shed so much light on a role.  When considering a company or career path, it helps to understand what the organization, the roles and the responsibilities look like, from the inside.  This is part 2 of a 3 part series where 8 women in our Security department share details about their roles and the actual projects they are working on.\n\n#### We asked:\n* What do you do and what are some recent projects you’re working on?\n* What’s something new and/or exciting that you’d like to learn or be involved in?\n* If someone was interested in a role like yours, what’s the most helpful piece of advice you could offer?\n\n---\n\n### [Julia Lake](/company/team/#julia.lake) - Director, [Security Risk and Compliance](https://handbook.gitlab.com/handbook/security/#assure-the-customer---the-security-assurance-sub-department)\nJoined GitLab April 2020 / Connect with Julia on [LinkedIn](https://www.linkedin.com/in/julia-lake-16843740/)\n\n![Julia Lake](https://about.gitlab.com/images/blogimages/working-in-security/jlake_blog2.png){: .shadow.small.left.wrap-text}\n\n**What do you do and who do you collaborate with in your role?**\nI am responsible for the Security Assurance sub-department, which includes the security compliance, security operational risk and field security functions. Security Assurance is part of the [Security department](https://handbook.gitlab.com/handbook/security/#security-department), which is part of the broader [Engineering organization](https://handbook.gitlab.com/handbook/engineering/) at GitLab, and we work cross-functionally across the entire organization. We are extremely focused on information security and partner with system and process owners in order to ensure security controls and best practices are embedded throughout our environment. We also support our customers in their assessment of GitLab’s security practices and provide feedback from the field to drive internal security strategy.\n\n**What are some projects you’re working on?**\nAs an organization, some recent projects we’ve embarked on include: SOC 2 Type 2 and SOC 3 audit and report reviews, third party GRC application deployment, customer and sales enablement program development, and deployment of an operational risk management function.  Personally, I’ve been focused on organizational strategy and roadmapping, policy definition and metric redesign.\n\n**What’s something new and/or exciting that you’d like to learn about or be involved in?**\nI’m always interested in learning more about the different functions of security. Lately I’ve been particularly fascinated in learning more around Zero Trust architecture and best practices and am slowly making my way through [NIST 800-207](https://csrc.nist.gov/publications/detail/sp/800-207/final).\n\n**If someone was interested in a role like yours, what’s the most helpful piece of advice you could offer?**\nGo for it! Security is so incredibly dynamic and you can choose a career path that aligns with your specific interests. Security Assurance is especially interesting to me because we are truly leading the charge on helping organizations grow and mature their security posture, and we have the opportunity to partner with our wonderful customers along the way. My biggest piece of advice for Security Assurance professionals is to challenge yourself against complacency, be adaptive to change and think critically about how new requirements can be applied to meet intent without hindering the business. Also, good documentation is a shield.\n\n---\n\n### [Jennifer Blanco](/company/team/#jblanco2) - Sr. [Risk and Field Security](https://handbook.gitlab.com/handbook/security/security-assurance/field-security/) Engineer\nJoined GitLab June 2019 / Connect with Jennifer on [LinkedIn](https://www.linkedin.com/in/jenniferblanco1/)\n\n![Jennifer Blanco](https://about.gitlab.com/images/blogimages/working-in-security/jblanco_blog2.png){: .shadow.small.right.wrap-text}\n\n**What do you do and who do you collaborate with in your role?**\nMy focus is on [Third Party Risk Management](https://handbook.gitlab.com/handbook/security/security-assurance/security-risk/third-party-risk-management.html), specifically creating processes to evaluate the security maturity of organizations to ensure they can meet or exceed GitLab’s own standards. This includes traditionally-procured vendors and other third parties that could impact GitLab through activities such as handling our sensitive data or providing a service that is a dependency to our business operations and product offerings. I’ve been iterating on the program to methodically focus on third parties most critical to GitLab while building out the security aspects assessed to identify the risk level to GitLab. Such considerations include: data protections the third party has in place, their organizational security management practices, the technical posture of products, and the ability to support our compliance to customer, industry and regulatory requirements. I partner with teams including Security Compliance, [Application Security](/topics/devsecops/), Legal, Procurement and IT to gather salient inputs that feed into the program’s evolution.\n\n**What are some projects you’re working on?**\nI partnered with my team members working on Security Operational Risk Management (StORM) to create the inherent risk rating scoring for third-party security reviews which effectively narrows the scope for our reviews to the most adverse impact on GitLab. I created a supplemental third-party hardening guide meant to be consumed by business owners and third parties directly, and I’m working on an internal guide on how to share GitLab data externally. I’ll be focusing on expanding third-party reviews to product assessment with the Application Security team and automating these in a more technical fashion. Other contributions I’ve made are identifying contractor requirements for elevated access and reviews for free apps which focus heavily around Terms of Service and Privacy Policy; since nothing is ever truly free.\n\n**What’s something new and/or exciting that you’d like to learn or be involved in?**\nMy goal is to become a Data Privacy expert to intersect my interests in systems security, regulatory compliance and ultimately contribute to industry and public policy around big data. Having worked on contracts for both the customer and vendor side, I know the importance of understanding the inner workings of generating and processing data to uncover all the critical paths to assess the adequacy of safeguards. But in addition to being a Security professional, I’m a consumer who wishes to protect my information by raising the bar in the industry and creating mechanisms to keep companies accountable. This is important work because industries can’t evolve along with the ingenious new threats without practitioners who really “get it”, from both a technical and risk perspective.\n\n**If someone was interested in a role like yours, what’s the most helpful piece of advice you could offer?**\nThird party management differs by industry but one thing is constant: risk management. I recommend learning how to think about risk so that you can sniff it out and create relevant treatment plans. If specifically interested in the technology space, I would start by reviewing top companies’ security statements to understand how the leaders in the industry are protecting their customer assets. I’ve seen a lot of companies phase from keeping information tightly restricted to becoming more transparent so you can learn a lot about an operation from their public-facing materials. Remember to “follow the data” as a detective would follow the money. Data is big business nowadays and it’s just the beginning so learning how to sleuth out data, typically one of the most important assets for companies, will help in guiding your security reviews. On a final note, don’t be discouraged if you didn’t follow an Information or Computer Science track in your academic career. In this information age, there’s no shortage of resources as long as you have the drive to take advantage of it. Be cognizant of how you want to shape your career and take even the tiniest steps towards it; it adds up over time.\n\n---\n\n### [Juliet Wanjohi](/company/team/#jwanjohi) - Security Engineer, [Security Automation](https://handbook.gitlab.com/handbook/security/security-engineering/automation/)\nJoined GitLab May 2020 / Connect with Juliet on [LinkedIn](https://www.linkedin.com/in/juliet-wanjohi/) and [Twitter](https://twitter.com/jay_wanjohi)\n\n![Juliet Wanjohi](https://about.gitlab.com/images/blogimages/working-in-security/jwanjohl_blog2.png){: .shadow.small.left.wrap-text}\n\n**What do you do and who do you collaborate with in your role?**\nI recently joined the Security Automation team as a Security Engineer after an exciting [summer internship in GitLab’s Security department](/blog/what-its-like-to-intern-in-gitlab-security/). My main responsibilities include the design, build and deployment of security tooling and automation in order to help speed up security-specific efforts. This involves working with my fellow team members as well as various GitLab users and customers. At the moment, I am ramping up my skills and knowledge in languages, tools and technologies that our team uses in their automation efforts.\n\n**What are some projects you’re working on?**\nCurrently as a team effort, we’re building an anti-spam service that will aid in the identification and prevention of spam-related content across GitLab the product. Through this project, I am getting the chance to take part in technology research and architectural conversations related to building the product and how it will ultimately be consumed by users. Previously, during my internship, I was also able to work on a variety of projects ranging from improving path traversal checks on file names and file paths for GitLab the product to using machine learning techniques for security detection use-cases.\n\n**What’s something new and/or exciting that you’d like to learn or be involved in?**\nI am interested in learning more about securing cloud infrastructure and cloud native applications. Considering a lot of applications are moving to the cloud, I feel that this would be a very strong skill set to have moving into the future. An interesting avenue that I would like to pursue further is focusing on protecting [Machine Learning as a Service](https://www.frontiersin.org/articles/10.3389/fdata.2020.587139/full) cloud platforms.\n\n**If someone was interested in a role like yours, what’s the most helpful piece of advice you could offer?**\nBuilding yourself a support network of friends, mentors and peers can go a long way in helping you shape your security career. This can be in the form of seeking advice on career goals and/or guidance on resources that can help you grow your knowledge and skill set. Taking each day as an opportunity to learn something new is also super important as one needs to keep up with changing technological trends in security.\n\n---\n\n### [Liz Coleman](/company/team/#lcoleman) - Sr. Security Assurance Engineer, [Compliance](https://handbook.gitlab.com/handbook/security/security-assurance/security-compliance/ )\nJoined GitLab January 2020 / Connect with Liz on [LinkedIn](https://www.linkedin.com/in/elizabeth-coleman-5779418b/)\n\n![Liz Coleman](https://about.gitlab.com/images/blogimages/working-in-security/lcoleman_blog2.png){: .shadow.small.right.wrap-text}\n\n**What do you do and who do you collaborate with in your role?**\nI am currently part of the Security Compliance team and my main responsibilities include managing the SOC 2 program, user access reviews, control testing and any other ad hoc security compliance related activities that come my way. As compliance initiatives span the entire organization, I work with a variety of other teams in order to get my job done.\n\n**What are some projects you’re working on?**\nRight now we are in the process of obtaining our SOC 2 Type 2 certification. This has required a continuous effort in order to get our GitLab Control Framework (GCF) control set up and running, tested, and into a state of continuous control monitoring. As the [directly responsible individual](https://handbook.gitlab.com/handbook/people-group/directly-responsible-individuals/#what-is-a-directly-responsible-individual) for the SOC 2 program, I have been living and breathing SOC-related control testing, project management and external audit preparation for the last few months now. It’s quite a bit of work but I know it will be well worth it once GitLab obtains their certification.\n\n**What’s something new and/or exciting that you’d like to learn or be involved in?**\nI’ve always been interested in learning more about the growth of cloud native computing and how organizations have had to adapt and change processes or procedures in order to best manage workflows. Right now, I’m currently working on expanding my ISO27001 knowledge as that is next on the horizon for possible GitLab certifications.\n\n**If someone was interested in a role like yours, what’s the most helpful piece of advice you could offer?**\nOpen your mind and put yourself in a mental space of learning and growing from everyone around you. Working in security compliance requires knowledge and awareness about all aspects of an organization. Having that general understanding of which teams do what and why will help develop your comprehension of compliance requirements by function, team, and holistically for your organization.\n\n---\n\n### [Meghan Maneval](/company/team/#mmaneval20) - Manager, [Risk and Field Security](https://handbook.gitlab.com/handbook/security/security-assurance/field-security/)\nJoined GitLab July 2020 / Connect with Meghan on [LinkedIn](https://www.linkedin.com/in/meghanmaneval/)\n\n![Meghan Maneval](https://about.gitlab.com/images/blogimages/working-in-security/mmaneval_blog2.png){: .shadow.small.left.wrap-text}\n\n**What do you do and who do you collaborate with in your role?**\nI am the Manager of Risk and Field Security and work with an amazing team of Risk and Field Security Assurance Engineers here at GitLab. With my position and responsibilities I also work very closely with my fellow Security Managers, members of Sales and [Customer Success](https://handbook.gitlab.com/handbook/customer-success/), and GitLab team members across the organization. My team’s goal is to identify risks that could negatively impact GitLab and our ability to meet our goals.\n\nIf you think of your car, we are your safety features and focus on three main areas of security:\n* [Field Security](https://handbook.gitlab.com/handbook/security/security-assurance/field-security/customer-security-assessment-process.html) is like your car insurance. We assure our customers that we can meet their security needs and thus protect our revenue stream.\n* [Third Party Risk](https://handbook.gitlab.com/handbook/security/security-assurance/security-risk/third-party-risk-management.html) is like your lane assistance. We identify risks from third parties and direct the organization away from danger.\n* [Security Operational Risk](https://handbook.gitlab.com/handbook/security/security-assurance/security-risk/storm-program/index.html) is like your check engine light. We identify risks from within the company and assist in remediating them.\n\nIf you’re interested in learning more you can check out this [video on how the Risk and Field Security team adds value to GitLab]( https://www.youtube.com/watch?v=h95ddzEsTog).\n\n**What are some projects you’re working on?**\nMy team and I recently implemented a SaaS governance, risk, and compliance (GRC) tool to manage our security assurance activities. We are still in the process of fully implementing it, but we have made a lot of progress so far. Within this project we got the opportunity to review all of our processes and really uplevel the maturity of our programs. I recently presented at a user group and discussed the implementation and how [GitLab utilizes the tool for Risk Management activities](https://www.youtube.com/watch?v=ZOiHT-N1tLY).\n\n**What’s something new and/or exciting that you’d like to learn or be involved in?**\nI’m actually really excited about a new program we are building: the Customer Success Partnership Program. This is a multi-functional partnership where each of us will learn from each other about the various ways we can help support our customers. I’m really looking forward to learning more about the sales and support processes in place at GitLab and help iterate on them.\n\n**If someone was interested in a role like yours, what’s the most helpful piece of advice you could offer?**\nAlign yourself with a strong mentor who understands how the organization works. Most security principles are applicable across most industries and organizations. Encryption is encryption, right? But it is critical that you understand how security fits into the organization, how management views security, and how you can integrate security into other processes. Making strong connections throughout the organization is critical to success in risk management. It makes delivering “bad news” easier and allows you to make more educated recommendations to remediate them.\n\n---\n\n### [Mitra Jozenazemian](/company/team/#mjozenazemian) - Senior Security Engineer, [Security Incident Response Team](https://handbook.gitlab.com/job-families/security/security-engineer/#sirt---security-incident-response-team)\nJoined GitLab July 2020 / Connect with Mitra on [LinkedIn](https://www.linkedin.com/in/mitra-jozenazemian-0a05233b)\n\n![Mitra Jozenazemian](https://about.gitlab.com/images/blogimages/working-in-security/mjozenazemian_blog2.png){: .shadow.small.right.wrap-text}\n\n**What do you do and who do you collaborate with in your role?**\nI work on the GitLab [Security Incident and Response (SIRT) team](https://handbook.gitlab.com/handbook/security/#sirt---security-incident-response-team-former-security-operations). For any security incident or event that would happen here at Gitlab, we act like firefighters-- researching and responding to incidents, while working with other teams to mitigate the incident ASAP. The rest of the time, we are implementing and improving tools that can help us to detect and respond to the incidents faster and more effectively.\n\n**What are some projects you’re working on?**\nRecently, we implemented a new [security information and event management (SIEM) solution](/blog/how-we-made-gitlab-more-secure-in-twenty-twenty/) to further improve visibility and detection and response capabilities. This allows my team to send logs from different applications to the new SIEM and then we work to define different scenarios of suspicious activities. From these potential scenarios, we create alerts for detecting them and runbooks to help us respond to those alerts.\n\n**What’s something new and/or exciting that you’d like to learn or be involved in?**\nI would like to be more involved in the red team activities. I’d like to wear their red hat and try to see the organization from an attacker’s eyes and find the gaps and vulnerabilities that might be hidden.\n\n**If someone was interested in a role like yours, what’s the most helpful piece of advice you could offer?**\nTechnology, and therefore security, is a constantly changing area. So, if someone were interested in being a part of SIRT, they’d need to be familiar with several different types of technologies, frameworks and programming languages. They should remain up-to-date and informed on news and research about recent technologies, and new cyber security attacks and vulnerabilities. Being able to develop the ability to think like both an attacker and defender to improve detections and post-incident recovery process is also a very helpful skill in this area.\n\n---\n\n### [Rupal Shah](/company/team/#rcshah) - [Security Compliance Engineer](https://handbook.gitlab.com/handbook/security/#security-compliance)\nJoined GitLab October 2020 / Connect with Rupal on [LinkedIn](https://www.linkedin.com/in/rupal-shah-57a384/)\n\n![Rupal Shah](https://about.gitlab.com/images/blogimages/working-in-security/rshah_blog2.png){: .shadow.small.left.wrap-text}\n\n**What do you do and who do you collaborate with in your role?**\nI’m still pretty new to GitLab, but once I am fully up to speed, I will be the Governance, Risk and Compliance Administrator managing the GRC application, creating training, updating policy documents, evaluating frameworks and assisting with user access reviews, audits, control testing and other ad hoc security compliance related projects that are defined.  I will be working with a variety of teams throughout GitLab as Compliance affects everyone.\n\n**What are some projects you’re working on?**\nWe are onboarding our new GRC tool (ZenGRC) and I am defining a change management runbook for significant/high risks changes.  We are bringing our security training in house, so I am creating a new general security awareness training for new hires and annual review by team members. I am also focusing my time on formalizing our information security policy and standards.\n\n**What’s something new and/or exciting that you’d like to learn or be involved in?**\nI have always wanted to be involved and learn more about [FedRamp](https://www.gsa.gov/technology/government-it-initiatives/fedramp) and the entire process to get certified.  As GitLab is currently in the analysis stages, it is nice to be a part of the process and get a better understanding of the requirements necessary if we decide to get certified.\n\n**If someone was interested in a role like yours, what’s the most helpful piece of advice you could offer?**\nDon’t be scared and don’t feel overwhelmed.  Take a deep breath and dive in!  I come from a non-security/compliance background and all it takes is passion and a good mentor.  Ask lots of questions and don’t be afraid to ask any question you have!  The more you ask, the more you learn!\n\n---\n\n### [Heather Simpson](/company/team/#heather) - Senior External Communications Analyst, [Security Engineering ](https://handbook.gitlab.com/handbook/security/security-engineering/)\nJoined GitLab February 2019 / Connect with Heather on [LinkedIn](https://www.linkedin.com/in/heathersimpson700/) and [Twitter](https://twitter.com/heatherswall)\n\n![Heather Simpson](https://about.gitlab.com/images/blogimages/working-in-security/hsimpson_blog2.png){: .shadow.small.right.wrap-text}\n\n**What do you do and who do you collaborate with in your role?**\nI’ve got a unique job within our security department in that I work in a marketing communications capacity, something I referenced in the [first blog post in this series](/blog/breaking-into-security/).  I focus on increasing awareness and strengthening community engagement and industry recognition of GitLab Security initiatives, programs and team members’ expertise through campaigns and initiatives that include blogs, contributed articles, social media, online events and more. To do this, I collaborate heavily with our security teams and partner with our content, corporate and social marketing teams. I sit within our Security and Engineering Research team and so a large focus area for me is increasing awareness and engagement in our [bug bounty program](https://hackerone.com/gitlab). Part of this includes working with the hackers that contribute to our program and partnering with the HackerOne communications team to recognize the amazing contributions and talents these security researchers bring to making GitLab more secure.\n\n**What are some projects you’re working on?**\nDecember was a busy month, where most of my time went to writing and editing blogs. [“2020 through a bug bounty lens”](/blog/twenty-twenty-through-a-bug-bounty-lens/) takes a look back at the past year in terms of bug bounty metrics (reports received, hackers contributing, etc) and bounties paid out 💰. It also celebrates five winners of a contest we held in the fall, where the prize was a custom GitLab mechanical keyboard 🎉-- organizing [this contest](/blog/top-tips-for-better-bug-bounty-reports-and-a-hacker-contest/#celebrating-great-reports-and-great-reporters) and that piece of custom swag are all projects I lead.  Other new series I’ve developed and am working on are our [“Ask a Hacker” blog series that profiles some of the top hackers contributing to our bug bounty program](/blog/rpadovani-ask-a-hacker/) and our live GitLab Security Ask Me Anything (AMA) series which kicked off with an [AMA with hacker Riccardo Padovani](https://youtu.be/SK_vuZCafZ4) and will follow soon with an [AMA with GitLab’s own Red Team on Jan 26, 2020](https://docs.google.com/forms/d/e/1FAIpQLSekc1LYWYbhORNzZvLza8Btn9V0wY7K9SGVZed5RpJbczqdfw/viewform?usp=sf_link). You can always see what I’m working on through [my GitLab profile](https://gitlab.com/heather) and also by checking out our [Security blogs](/blog/tags/security/). I started our Security blogging program when I joined GitLab in February 2019 and, together with my security team mates, we’ve published 52 blogs to date with more great content in the works!  Speaking of, if there’s something you’d like to read about, whether it’s: what makes our approach to red teaming unique or how do our security researchers decide what, exactly, they are going to research? Message me, I’d love to hear your ideas!\n\n**What’s something new and/or exciting that you’d like to learn or be involved in?**  I think I’d like to more deeply develop my skills in the areas of search engine optimization and marketing data and analytics; this would strengthen efforts in my current role and flesh out my existing digital marketing experience and expertise.\n\n**If someone was interested in a role like yours, what’s the most helpful piece of advice you could offer?**  Be comfortable with being uncomfortable.  Many women in tech are used to being one of few women “in the room”. However, as someone working in a marketing capacity, sitting inside an engineering department, I find I’m usually (also) the only non-engineer on most calls and teams. And that’s just fine! But I’ve had to learn to be comfortable with owning and asserting my area of expertise, with asking questions for clarification when I don't understand something and with throwing first iteration content out there acknowledging that I need an SME’s help to ensure accuracy. And you know what? I’ve learned two things: I understand way more about technical concepts than I give myself credit for most times 💪 and, my asking questions and seeking clarification helps to create better and more readily consumable content for our audiences -- a win for everyone! 🙌\n\n---\n\n## Sound interesting? We're hiring!\n\nCheck out the [career opportunities page](/jobs/). Don't meet 100% of the qualifications for one of these roles? Still share your information with us! We're hiring within our Security department (and beyond) and looking for unique backgrounds and expertise. You can also learn more about GitLab’s [culture](https://handbook.gitlab.com/handbook/company/culture/) and [values](https://handbook.gitlab.com/handbook/values/) in order to get an understanding of what it might be like to work here!\n\nCover image by [#WOCinTech Chat](https://www.wocintechchat.com/).\n\n\n",[23,24],"security","inside GitLab","yml",{},true,"/en-us/blog/whats-it-like-to-work-security-at-gitlab",{"title":15,"description":16,"ogTitle":15,"ogDescription":16,"noIndex":12,"ogImage":19,"ogUrl":30,"ogSiteName":31,"ogType":32,"canonicalUrls":30},"https://about.gitlab.com/blog/whats-it-like-to-work-security-at-gitlab","https://about.gitlab.com","article","en-us/blog/whats-it-like-to-work-security-at-gitlab",[23,35],"inside-gitlab","BOeOxdH85V3fvIoODZfRECnvTMXQyCdmx2QDUDkMzqg",{"data":38},{"logo":39,"freeTrial":44,"sales":49,"login":54,"items":59,"search":367,"minimal":398,"duo":417,"pricingDeployment":427},{"config":40},{"href":41,"dataGaName":42,"dataGaLocation":43},"/","gitlab logo","header",{"text":45,"config":46},"Get free trial",{"href":47,"dataGaName":48,"dataGaLocation":43},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":50,"config":51},"Talk to sales",{"href":52,"dataGaName":53,"dataGaLocation":43},"/sales/","sales",{"text":55,"config":56},"Sign in",{"href":57,"dataGaName":58,"dataGaLocation":43},"https://gitlab.com/users/sign_in/","sign in",[60,87,182,187,288,348],{"text":61,"config":62,"cards":64},"Platform",{"dataNavLevelOne":63},"platform",[65,71,79],{"title":61,"description":66,"link":67},"The intelligent orchestration platform for DevSecOps",{"text":68,"config":69},"Explore our Platform",{"href":70,"dataGaName":63,"dataGaLocation":43},"/platform/",{"title":72,"description":73,"link":74},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":75,"config":76},"Meet GitLab Duo",{"href":77,"dataGaName":78,"dataGaLocation":43},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":80,"description":81,"link":82},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":83,"config":84},"Learn more",{"href":85,"dataGaName":86,"dataGaLocation":43},"/why-gitlab/","why gitlab",{"text":88,"left":27,"config":89,"link":91,"lists":95,"footer":164},"Product",{"dataNavLevelOne":90},"solutions",{"text":92,"config":93},"View all Solutions",{"href":94,"dataGaName":90,"dataGaLocation":43},"/solutions/",[96,120,143],{"title":97,"description":98,"link":99,"items":104},"Automation","CI/CD and automation to accelerate deployment",{"config":100},{"icon":101,"href":102,"dataGaName":103,"dataGaLocation":43},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[105,109,112,116],{"text":106,"config":107},"CI/CD",{"href":108,"dataGaLocation":43,"dataGaName":106},"/solutions/continuous-integration/",{"text":72,"config":110},{"href":77,"dataGaLocation":43,"dataGaName":111},"gitlab duo agent platform - product menu",{"text":113,"config":114},"Source Code Management",{"href":115,"dataGaLocation":43,"dataGaName":113},"/solutions/source-code-management/",{"text":117,"config":118},"Automated Software Delivery",{"href":102,"dataGaLocation":43,"dataGaName":119},"Automated software delivery",{"title":121,"description":122,"link":123,"items":128},"Security","Deliver code faster without compromising security",{"config":124},{"href":125,"dataGaName":126,"dataGaLocation":43,"icon":127},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[129,133,138],{"text":130,"config":131},"Application Security Testing",{"href":125,"dataGaName":132,"dataGaLocation":43},"Application security testing",{"text":134,"config":135},"Software Supply Chain Security",{"href":136,"dataGaLocation":43,"dataGaName":137},"/solutions/supply-chain/","Software supply chain security",{"text":139,"config":140},"Software Compliance",{"href":141,"dataGaName":142,"dataGaLocation":43},"/solutions/software-compliance/","software compliance",{"title":144,"link":145,"items":150},"Measurement",{"config":146},{"icon":147,"href":148,"dataGaName":149,"dataGaLocation":43},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[151,155,159],{"text":152,"config":153},"Visibility & Measurement",{"href":148,"dataGaLocation":43,"dataGaName":154},"Visibility and Measurement",{"text":156,"config":157},"Value Stream Management",{"href":158,"dataGaLocation":43,"dataGaName":156},"/solutions/value-stream-management/",{"text":160,"config":161},"Analytics & Insights",{"href":162,"dataGaLocation":43,"dataGaName":163},"/solutions/analytics-and-insights/","Analytics and insights",{"title":165,"items":166},"GitLab for",[167,172,177],{"text":168,"config":169},"Enterprise",{"href":170,"dataGaLocation":43,"dataGaName":171},"/enterprise/","enterprise",{"text":173,"config":174},"Small Business",{"href":175,"dataGaLocation":43,"dataGaName":176},"/small-business/","small business",{"text":178,"config":179},"Public Sector",{"href":180,"dataGaLocation":43,"dataGaName":181},"/solutions/public-sector/","public sector",{"text":183,"config":184},"Pricing",{"href":185,"dataGaName":186,"dataGaLocation":43,"dataNavLevelOne":186},"/pricing/","pricing",{"text":188,"config":189,"link":191,"lists":195,"feature":275},"Resources",{"dataNavLevelOne":190},"resources",{"text":192,"config":193},"View all resources",{"href":194,"dataGaName":190,"dataGaLocation":43},"/resources/",[196,229,247],{"title":197,"items":198},"Getting started",[199,204,209,214,219,224],{"text":200,"config":201},"Install",{"href":202,"dataGaName":203,"dataGaLocation":43},"/install/","install",{"text":205,"config":206},"Quick start guides",{"href":207,"dataGaName":208,"dataGaLocation":43},"/get-started/","quick setup checklists",{"text":210,"config":211},"Learn",{"href":212,"dataGaLocation":43,"dataGaName":213},"https://university.gitlab.com/","learn",{"text":215,"config":216},"Product documentation",{"href":217,"dataGaName":218,"dataGaLocation":43},"https://docs.gitlab.com/","product documentation",{"text":220,"config":221},"Best practice videos",{"href":222,"dataGaName":223,"dataGaLocation":43},"/getting-started-videos/","best practice videos",{"text":225,"config":226},"Integrations",{"href":227,"dataGaName":228,"dataGaLocation":43},"/integrations/","integrations",{"title":230,"items":231},"Discover",[232,237,242],{"text":233,"config":234},"Customer success stories",{"href":235,"dataGaName":236,"dataGaLocation":43},"/customers/","customer success stories",{"text":238,"config":239},"Blog",{"href":240,"dataGaName":241,"dataGaLocation":43},"/blog/","blog",{"text":243,"config":244},"Remote",{"href":245,"dataGaName":246,"dataGaLocation":43},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":248,"items":249},"Connect",[250,255,260,265,270],{"text":251,"config":252},"GitLab Services",{"href":253,"dataGaName":254,"dataGaLocation":43},"/services/","services",{"text":256,"config":257},"Community",{"href":258,"dataGaName":259,"dataGaLocation":43},"/community/","community",{"text":261,"config":262},"Forum",{"href":263,"dataGaName":264,"dataGaLocation":43},"https://forum.gitlab.com/","forum",{"text":266,"config":267},"Events",{"href":268,"dataGaName":269,"dataGaLocation":43},"/events/","events",{"text":271,"config":272},"Partners",{"href":273,"dataGaName":274,"dataGaLocation":43},"/partners/","partners",{"backgroundColor":276,"textColor":277,"text":278,"image":279,"link":283},"#2f2a6b","#fff","Insights for the future of software development",{"altText":280,"config":281},"the source promo card",{"src":282},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":284,"config":285},"Read the latest",{"href":286,"dataGaName":287,"dataGaLocation":43},"/the-source/","the source",{"text":289,"config":290,"lists":292},"Company",{"dataNavLevelOne":291},"company",[293],{"items":294},[295,300,306,308,313,318,323,328,333,338,343],{"text":296,"config":297},"About",{"href":298,"dataGaName":299,"dataGaLocation":43},"/company/","about",{"text":301,"config":302,"footerGa":305},"Jobs",{"href":303,"dataGaName":304,"dataGaLocation":43},"/jobs/","jobs",{"dataGaName":304},{"text":266,"config":307},{"href":268,"dataGaName":269,"dataGaLocation":43},{"text":309,"config":310},"Leadership",{"href":311,"dataGaName":312,"dataGaLocation":43},"/company/team/e-group/","leadership",{"text":314,"config":315},"Team",{"href":316,"dataGaName":317,"dataGaLocation":43},"/company/team/","team",{"text":319,"config":320},"Handbook",{"href":321,"dataGaName":322,"dataGaLocation":43},"https://handbook.gitlab.com/","handbook",{"text":324,"config":325},"Investor relations",{"href":326,"dataGaName":327,"dataGaLocation":43},"https://ir.gitlab.com/","investor relations",{"text":329,"config":330},"Trust Center",{"href":331,"dataGaName":332,"dataGaLocation":43},"/security/","trust center",{"text":334,"config":335},"AI Transparency Center",{"href":336,"dataGaName":337,"dataGaLocation":43},"/ai-transparency-center/","ai transparency center",{"text":339,"config":340},"Newsletter",{"href":341,"dataGaName":342,"dataGaLocation":43},"/company/contact/#contact-forms","newsletter",{"text":344,"config":345},"Press",{"href":346,"dataGaName":347,"dataGaLocation":43},"/press/","press",{"text":349,"config":350,"lists":351},"Contact us",{"dataNavLevelOne":291},[352],{"items":353},[354,357,362],{"text":50,"config":355},{"href":52,"dataGaName":356,"dataGaLocation":43},"talk to sales",{"text":358,"config":359},"Support portal",{"href":360,"dataGaName":361,"dataGaLocation":43},"https://support.gitlab.com","support portal",{"text":363,"config":364},"Customer portal",{"href":365,"dataGaName":366,"dataGaLocation":43},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":368,"login":369,"suggestions":376},"Close",{"text":370,"link":371},"To search repositories and projects, login to",{"text":372,"config":373},"gitlab.com",{"href":57,"dataGaName":374,"dataGaLocation":375},"search login","search",{"text":377,"default":378},"Suggestions",[379,381,385,387,391,395],{"text":72,"config":380},{"href":77,"dataGaName":72,"dataGaLocation":375},{"text":382,"config":383},"Code Suggestions (AI)",{"href":384,"dataGaName":382,"dataGaLocation":375},"/solutions/code-suggestions/",{"text":106,"config":386},{"href":108,"dataGaName":106,"dataGaLocation":375},{"text":388,"config":389},"GitLab on AWS",{"href":390,"dataGaName":388,"dataGaLocation":375},"/partners/technology-partners/aws/",{"text":392,"config":393},"GitLab on Google Cloud",{"href":394,"dataGaName":392,"dataGaLocation":375},"/partners/technology-partners/google-cloud-platform/",{"text":396,"config":397},"Why GitLab?",{"href":85,"dataGaName":396,"dataGaLocation":375},{"freeTrial":399,"mobileIcon":404,"desktopIcon":409,"secondaryButton":412},{"text":400,"config":401},"Start free trial",{"href":402,"dataGaName":48,"dataGaLocation":403},"https://gitlab.com/-/trials/new/","nav",{"altText":405,"config":406},"Gitlab Icon",{"src":407,"dataGaName":408,"dataGaLocation":403},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":405,"config":410},{"src":411,"dataGaName":408,"dataGaLocation":403},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":413,"config":414},"Get Started",{"href":415,"dataGaName":416,"dataGaLocation":403},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":418,"mobileIcon":423,"desktopIcon":425},{"text":419,"config":420},"Learn more about GitLab Duo",{"href":421,"dataGaName":422,"dataGaLocation":403},"/gitlab-duo/","gitlab duo",{"altText":405,"config":424},{"src":407,"dataGaName":408,"dataGaLocation":403},{"altText":405,"config":426},{"src":411,"dataGaName":408,"dataGaLocation":403},{"freeTrial":428,"mobileIcon":433,"desktopIcon":435},{"text":429,"config":430},"Back to pricing",{"href":185,"dataGaName":431,"dataGaLocation":403,"icon":432},"back to pricing","GoBack",{"altText":405,"config":434},{"src":407,"dataGaName":408,"dataGaLocation":403},{"altText":405,"config":436},{"src":411,"dataGaName":408,"dataGaLocation":403},{"title":438,"button":439,"config":444},"See how agentic AI transforms software delivery",{"text":440,"config":441},"Watch GitLab Transcend now",{"href":442,"dataGaName":443,"dataGaLocation":43},"/events/transcend/virtual/","transcend event",{"layout":445,"icon":446},"release","AiStar",{"data":448},{"text":449,"source":450,"edit":456,"contribute":461,"config":466,"items":471,"minimal":678},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":451,"config":452},"View page source",{"href":453,"dataGaName":454,"dataGaLocation":455},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":457,"config":458},"Edit this page",{"href":459,"dataGaName":460,"dataGaLocation":455},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":462,"config":463},"Please contribute",{"href":464,"dataGaName":465,"dataGaLocation":455},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":467,"facebook":468,"youtube":469,"linkedin":470},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[472,519,573,617,644],{"title":183,"links":473,"subMenu":488},[474,478,483],{"text":475,"config":476},"View plans",{"href":185,"dataGaName":477,"dataGaLocation":455},"view plans",{"text":479,"config":480},"Why Premium?",{"href":481,"dataGaName":482,"dataGaLocation":455},"/pricing/premium/","why premium",{"text":484,"config":485},"Why Ultimate?",{"href":486,"dataGaName":487,"dataGaLocation":455},"/pricing/ultimate/","why ultimate",[489],{"title":490,"links":491},"Contact Us",[492,495,497,499,504,509,514],{"text":493,"config":494},"Contact sales",{"href":52,"dataGaName":53,"dataGaLocation":455},{"text":358,"config":496},{"href":360,"dataGaName":361,"dataGaLocation":455},{"text":363,"config":498},{"href":365,"dataGaName":366,"dataGaLocation":455},{"text":500,"config":501},"Status",{"href":502,"dataGaName":503,"dataGaLocation":455},"https://status.gitlab.com/","status",{"text":505,"config":506},"Terms of use",{"href":507,"dataGaName":508,"dataGaLocation":455},"/terms/","terms of use",{"text":510,"config":511},"Privacy statement",{"href":512,"dataGaName":513,"dataGaLocation":455},"/privacy/","privacy statement",{"text":515,"config":516},"Cookie preferences",{"dataGaName":517,"dataGaLocation":455,"id":518,"isOneTrustButton":27},"cookie preferences","ot-sdk-btn",{"title":88,"links":520,"subMenu":529},[521,525],{"text":522,"config":523},"DevSecOps platform",{"href":70,"dataGaName":524,"dataGaLocation":455},"devsecops platform",{"text":526,"config":527},"AI-Assisted Development",{"href":421,"dataGaName":528,"dataGaLocation":455},"ai-assisted development",[530],{"title":531,"links":532},"Topics",[533,538,543,548,553,558,563,568],{"text":534,"config":535},"CICD",{"href":536,"dataGaName":537,"dataGaLocation":455},"/topics/ci-cd/","cicd",{"text":539,"config":540},"GitOps",{"href":541,"dataGaName":542,"dataGaLocation":455},"/topics/gitops/","gitops",{"text":544,"config":545},"DevOps",{"href":546,"dataGaName":547,"dataGaLocation":455},"/topics/devops/","devops",{"text":549,"config":550},"Version Control",{"href":551,"dataGaName":552,"dataGaLocation":455},"/topics/version-control/","version control",{"text":554,"config":555},"DevSecOps",{"href":556,"dataGaName":557,"dataGaLocation":455},"/topics/devsecops/","devsecops",{"text":559,"config":560},"Cloud Native",{"href":561,"dataGaName":562,"dataGaLocation":455},"/topics/cloud-native/","cloud native",{"text":564,"config":565},"AI for Coding",{"href":566,"dataGaName":567,"dataGaLocation":455},"/topics/devops/ai-for-coding/","ai for coding",{"text":569,"config":570},"Agentic AI",{"href":571,"dataGaName":572,"dataGaLocation":455},"/topics/agentic-ai/","agentic ai",{"title":574,"links":575},"Solutions",[576,578,580,585,589,592,596,599,601,604,607,612],{"text":130,"config":577},{"href":125,"dataGaName":130,"dataGaLocation":455},{"text":119,"config":579},{"href":102,"dataGaName":103,"dataGaLocation":455},{"text":581,"config":582},"Agile development",{"href":583,"dataGaName":584,"dataGaLocation":455},"/solutions/agile-delivery/","agile delivery",{"text":586,"config":587},"SCM",{"href":115,"dataGaName":588,"dataGaLocation":455},"source code management",{"text":534,"config":590},{"href":108,"dataGaName":591,"dataGaLocation":455},"continuous integration & delivery",{"text":593,"config":594},"Value stream management",{"href":158,"dataGaName":595,"dataGaLocation":455},"value stream management",{"text":539,"config":597},{"href":598,"dataGaName":542,"dataGaLocation":455},"/solutions/gitops/",{"text":168,"config":600},{"href":170,"dataGaName":171,"dataGaLocation":455},{"text":602,"config":603},"Small business",{"href":175,"dataGaName":176,"dataGaLocation":455},{"text":605,"config":606},"Public sector",{"href":180,"dataGaName":181,"dataGaLocation":455},{"text":608,"config":609},"Education",{"href":610,"dataGaName":611,"dataGaLocation":455},"/solutions/education/","education",{"text":613,"config":614},"Financial services",{"href":615,"dataGaName":616,"dataGaLocation":455},"/solutions/finance/","financial services",{"title":188,"links":618},[619,621,623,625,628,630,632,634,636,638,640,642],{"text":200,"config":620},{"href":202,"dataGaName":203,"dataGaLocation":455},{"text":205,"config":622},{"href":207,"dataGaName":208,"dataGaLocation":455},{"text":210,"config":624},{"href":212,"dataGaName":213,"dataGaLocation":455},{"text":215,"config":626},{"href":217,"dataGaName":627,"dataGaLocation":455},"docs",{"text":238,"config":629},{"href":240,"dataGaName":241,"dataGaLocation":455},{"text":233,"config":631},{"href":235,"dataGaName":236,"dataGaLocation":455},{"text":243,"config":633},{"href":245,"dataGaName":246,"dataGaLocation":455},{"text":251,"config":635},{"href":253,"dataGaName":254,"dataGaLocation":455},{"text":256,"config":637},{"href":258,"dataGaName":259,"dataGaLocation":455},{"text":261,"config":639},{"href":263,"dataGaName":264,"dataGaLocation":455},{"text":266,"config":641},{"href":268,"dataGaName":269,"dataGaLocation":455},{"text":271,"config":643},{"href":273,"dataGaName":274,"dataGaLocation":455},{"title":289,"links":645},[646,648,650,652,654,656,658,662,667,669,671,673],{"text":296,"config":647},{"href":298,"dataGaName":291,"dataGaLocation":455},{"text":301,"config":649},{"href":303,"dataGaName":304,"dataGaLocation":455},{"text":309,"config":651},{"href":311,"dataGaName":312,"dataGaLocation":455},{"text":314,"config":653},{"href":316,"dataGaName":317,"dataGaLocation":455},{"text":319,"config":655},{"href":321,"dataGaName":322,"dataGaLocation":455},{"text":324,"config":657},{"href":326,"dataGaName":327,"dataGaLocation":455},{"text":659,"config":660},"Sustainability",{"href":661,"dataGaName":659,"dataGaLocation":455},"/sustainability/",{"text":663,"config":664},"Diversity, inclusion and belonging (DIB)",{"href":665,"dataGaName":666,"dataGaLocation":455},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":329,"config":668},{"href":331,"dataGaName":332,"dataGaLocation":455},{"text":339,"config":670},{"href":341,"dataGaName":342,"dataGaLocation":455},{"text":344,"config":672},{"href":346,"dataGaName":347,"dataGaLocation":455},{"text":674,"config":675},"Modern Slavery Transparency Statement",{"href":676,"dataGaName":677,"dataGaLocation":455},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":679},[680,683,686],{"text":681,"config":682},"Terms",{"href":507,"dataGaName":508,"dataGaLocation":455},{"text":684,"config":685},"Cookies",{"dataGaName":517,"dataGaLocation":455,"id":518,"isOneTrustButton":27},{"text":687,"config":688},"Privacy",{"href":512,"dataGaName":513,"dataGaLocation":455},[690],{"id":691,"title":18,"body":8,"config":692,"content":694,"description":8,"extension":25,"meta":698,"navigation":27,"path":699,"seo":700,"stem":701,"__hash__":702},"blogAuthors/en-us/blog/authors/heather-simpson.yml",{"template":693},"BlogAuthor",{"name":18,"config":695},{"headshot":696,"ctfId":697},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659488/Blog/Author%20Headshots/gitlab-logo-extra-whitespace.png","hsimpson",{},"/en-us/blog/authors/heather-simpson",{},"en-us/blog/authors/heather-simpson","4CpsZWXsBE_aB4RLpF20WPoTR1QnmwDhrVLV8WUGGTk",[704,715,730],{"content":705,"config":713},{"title":706,"description":707,"authors":708,"heroImage":710,"date":711,"body":712,"category":9},"CEO Shadow Takeaways from Jacie","Recap of my experience in the CEO Shadow Program.",[709],"Jacie Bandur","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749664102/Blog/Hero%20Images/gitlab-values-cover.png","2021-05-18","\n\n{::options parse_block_html=\"true\" /}\n\n\nHi! I’m Jacie Bandur. I completed GitLab’s CEO Shadow program from 2021-04-26 through 2021-05-07. It was a really enlightening experience. I generally work in Learning and Development and consider myself a lifelong learner. I can’t even explain how much I learned in such a short about of time. I learned a lot about the business. I learned a lot about the product. But learned even more about the importance of iteration in everything we do.\n\n### Qualifications to Participate\n\nI wanted to start this off with touching on qualifications to participate in the program.\n\nI am the type of person that has gone through most of my life thinking I’m not qualified for things. I’m not qualified for that job, that promotion, that program. The list goes on and on.\n\nWhen I saw the [CEO Shadow program](/blog/ceo-shadow-impressions-takeaways/) kick off in 2019, I really wanted to participate. I was a little intimidated. Who wouldn’t be, spending 2 weeks with the CEO of any company? But time passed and all the sudden it was 2021 and I had not taken any steps to participating in the program.\n\nIf you are sitting there waiting for someone to tell you that you are qualified to participate in this program, I’m not big on giving “pep talks,” but here’s me telling you - You are qualified for this program. There’s never going to be a good or perfect time to do it. Tell your manager you want to do the CEO Shadow program. Stop waiting. Sign up today.\n\nNote: Take a look at the [eligibility](https://handbook.gitlab.com/handbook/ceo/shadow/#eligibility) section of the CEO Shadow page for more information on signing up.\n\n### Pre-Program Tips\n\nThere are many things recommended for shadows to do pre-program outlined on the CEO Shadow handbook page. As I was going through the program there were things that I thought helped me (or would have helped me).\n\nHere are my top 6 recommendations:\n\n1. Make sure your team knows you will be unavailable for 2 weeks. This isn’t a program that can or should be done alongside your normal day to day work. I found catching up from the 2 weeks away kind of difficult because I was trying to keep up on what was going on and I had a bunch of half done things.\n1. Talk with people who have done the shadow program - schedule at least 3 coffee chats with CEO Shadow Alumni.\n1. Have food that is easy to eat quickly. Sid’s meetings are back to back most days, so you will have small amounts of time to eat throughout the day. Sid does eat during calls, which you are welcome to do, too, but if you are taking notes, it is difficult to eat. And this will make you realize why speedy meetings are so important!\n1. Listen to the [Executive Leadership LinkedIn Learning course](https://www.linkedin.com/learning/executive-leadership/).\n1. Be prepared to ask questions. When doing the program virtually, there isn’t a ton of time for asking questions, so when one would come up, I would add it to a note on my computer and ask if there was ever time with just the shadows and Sid.\n1. Take at least 1 day off after the program. Take even a couple of days off if you can! This is recommended on the handbook page, but I can’t stress this enough.\n\n\n### Takeaways\n\n**Group Conversations**\n\nI’ve been at GitLab for almost 4 years. When I joined, I made it a point to attend as many GC’s as I could. I had gotten out of the habit of attending Group Conversations. After attending them again for 2 weeks, I realized how important they are to understand better what is going on across the business. Everything in the organization is so intertwined. It’s helpful to understand what other teams are working on and succeeding in.\n\n**Feedback**\n\nWe should all be giving and receiving feedback often. We have a whole [handbook page on giving and receiving feedback](https://handbook.gitlab.com/handbook/people-group/guidance-on-feedback/). Read the handbook page and watch the videos, as well. Practice giving feedback. I recommend using the [1-1 agenda](https://handbook.gitlab.com/handbook/leadership/1-1/suggested-agenda-format/) Sid uses, because Feedback is an essential piece of that agenda, and it makes feedback more of a routine thing.\n\n**Biggest Takeaway**\n\nWe have an incredible team here at GitLab, from Engineering to Product to Sales to People and all the groups in between. There are so many great ideas. I observed the constant reinforcement by Sid to start with something small and build on it. You can ALWAYS make something more complex. It’s hard to go back to something more simple when you start with something complex.\n\nA couple of quotes that I heard from Sid during the program that reinforced this point:\n\n- “Every complex system evolves from a simple system that worked.”\n- “It’s very clear what is the simple solution. We can always make it more complicated as we go on.”\n\nI know they are very similar, but they happened in different meetings on different days, so the point was reinforced repeatedly.\n\nDuring the program, I reflected on the projects that I’am working on. How many of them am I trying to do too much on before releasing. Probably all of them. When I’m working on projects in the future, I will break them down into smaller, more doable chunks. Iteration is hard - it’s a skill to be practicing constantly.\n\n\n### Overall\n\nOverall, the program was really insightful and impactful. If you haven’t participated in it yet, I cannot encourage you enough to do so!\n",{"slug":714,"featured":12,"template":13},"ceo-shadow-recap",{"content":716,"config":728},{"title":717,"description":718,"authors":719,"heroImage":721,"date":722,"body":723,"category":9,"tags":724},"Why I love contributing to GitLab","Making small meaningful changes is what it's all about.",[720],"Austin Regnery","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679501/Blog/Hero%20Images/new-feature.png","2021-05-11","It was mid-morning on a Tuesday in February, and I had 10 minutes in between meetings. So I decided to try and solve a pain point of mine.\nYou see, I had to memorize this HTML snippet to create a collapsible section in GitLab Issue descriptions and comments, but I kept forgetting it. Was it `summary` or `section`? I could never remember.\n```html\n\u003Cdetails>\n\u003Csummary>Insert Title\u003C/summary>\nHidden content\n\u003C/details>\n```\nEven though it is not vanilla Markdown, GitLab knows how to interpret some HTML. I used this formatting trick fairly often since full-page screenshots can occupy a lot of screen space, which leads to excessive scrolling.\nSo I decided to poke around our codebase to see how the other Markdown shortcuts worked. To my surprise, it was pretty straightforward. Each shortcut had a simple text input that mapped to each button. This implementation was simple to replicate since I just needed to copy/paste and replace a few words.\n![Image of Vue and Haml files with editor shortcuts](https://about.gitlab.com/images/blogimages/why-i-love-contributing-to-gitlab/vue-haml.png){: .shadow}\nThe Vue and Haml files with the new shortcut\n\nI started a branch and began hacking away at the code. Now, I would never call myself a Software Engineer, but I like to try and make things from time to time. I was able to add a new shortcut to the toolbar to insert this code snippet for me in less than 10 minutes. No more memorizing! Making contributions like this is what makes working at GitLab so special.\nNow, it wasn't ready for production, but I at least had something that worked. I shared it with my UX colleagues in Slack, and it started to gain traction with several up-votes and few constructive comments on how to make it better.\nWith the functionality flushed out, a few other designers helped me get a better icon added to our SVG library. Using clear iconography is critical for communicating information more clearly.\n| Initial Icon | Final Icon |\n| - | - |\n| ![SVG of chevron right icon](https://about.gitlab.com/images/blogimages/why-i-love-contributing-to-gitlab/chevron-right.svg) | ![SVG of details block icon](https://about.gitlab.com/images/blogimages/why-i-love-contributing-to-gitlab/details-block.svg) |\n\nThe last thing to do was resolve my failing tests, and I had several teammates help me do that.\n![Gif of the shortcut being used](https://about.gitlab.com/images/blogimages/why-i-love-contributing-to-gitlab/demo.gif)\n\nToday [this change](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54938) merged! Now I solved a pain point for me and others. It took a few months to go from idea to production, but the effort was super low. I'd say the return on my initial investment, 10 minutes, is super high.\n> Having a direct impact on a product was never an option for me before joining GitLab.\n\n![Image of participants in the Merge Request](https://about.gitlab.com/images/blogimages/why-i-love-contributing-to-gitlab/participants.png)\n\n\nThank you to everyone that helped me deploy this\n",[725,726,727],"UX","product","AWS",{"slug":729,"featured":12,"template":13},"why-i-love-contributing-to-gitlab",{"content":731,"config":743},{"title":732,"description":733,"authors":734,"heroImage":736,"date":722,"body":737,"category":9,"tags":738},"Placebo Lines on the Pipeline Graph","Have you noticed the connecting lines missing on your pipelines lately? Here's why",[735],"Sam Beckham","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679507/Blog/Hero%20Images/ci-cd.png","\n\n{::options parse_block_html=\"true\" /}\n\n\n\nHave you ever pressed the close door button on the elevator, in the hope that you'll save a few precious seconds?\nOr got frustrated at the person stood next to you at the cross-walk, neglecting to press the button?\nWell, maybe they know something you don't, or perhaps you know this already.\nMany buttons in our society lie to us.\n[David McRaney](https://youarenotsosmart.com/2010/02/10/placebo-buttons/) dubbed these, \"Placebo buttons\" and they're everywhere.\nThose elevator doors won't close any faster and the cross-walk button has no effect on the lights.\nThe only lights they control are the lights on the buttons themselves.\nThey give you the feedback you crave, but that's all they're doing.\n\nThese placebos aren't constrained to the physical world, they're prevalent in [UI design](/blog/the-evolution-of-ux-at-gitlab/) too.\nFrom literal placebo buttons like [YouTube's downvote](https://www.quora.com/Does-downvoting-a-comment-on-YouTube-even-do-anything), to more subtle effects like Instagram always [pretending to work](https://www.fastcompany.com/1669788/the-3-white-lies-behind-instagrams-lightning-speed), or progress bars that have a [fixed animation](https://www.theatlantic.com/technology/archive/2017/02/why-some-apps-use-fake-progress-bars/517233/).\nThey're everywhere if you know where to look.\n\nAt GitLab, we created a placebo of our own in one of our core features; the pipeline graph.\n\nThose of you who have used our pipeline graph, will be familiar with its appearance.\nThere's a series of jobs, grouped by stages, connected by a series of lines depicting the relationships between the jobs.\nBut these lines might be lying to you.\nThese lines are indiscriminately drawn between each job in a stage, regardless of their relationship.\nThese lines are placebos.\n\n![The old pipeline rendering with lines connecting every job in a stage](https://about.gitlab.com/images/blogimages/placebo-lines_old-graph.png)\n\nThis wasn't a problem to begin with.\nA basic pipeline has several jobs across a handful of stages.\nJobs in each stage would run parallel to each other, but each stage would run sequentially.\nIn the image shown above, all the jobs in the test stage would trigger at the same time. Once those jobs had finished, all the jobs in the build stage would trigger.\nWe used rudimentary CSS to draw lines connecting each job in one stage to each job in the next.\nThese lines weren't calculated based on their connections, but still reflected the story they were telling.\n\nSince the introduction of `needs` relationships in [v12.2](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/47063), pipelines got a bit more complicated.\nNow you could configure a job in a later stage to trigger as soon as a job in an earlier stage completed.\nLooking at our old example, we could set the API deployment to run as soon as our spec tests passed.\nThis skips the remaining tests and the entire build stage, turning our lines into pretty little liars.\n\nWe had many internal discussions about these lines, and how to show the relationships between jobs.\nThere's the [`needs` visualization](https://docs.gitlab.com/ee/ci/directed_acyclic_graph/#needs-visualization), which does an excellent job of displaying these relationships, but the main pipeline graph was still inaccurate.\nFor the past few months, we've been [refactoring the pipeline graph](https://gitlab.com/gitlab-org/gitlab/-/issues/276949), giving it a new lease of life and fixing some of its issues along the way.\nOne of those issues were the faked lines.\nIn the new version, we can accurately draw lines between jobs.\nLines that actually depict the relationships jobs have with each other.\nNow the lines no-longer lie!\n\n![The newer pipeline graph showing the correct needs links between jobs](https://about.gitlab.com/images/blogimages/placebo-lines_new-graph.png)\n\nThe above image shows an unreleased version of the pipeline graph.\nYou can see the lines drawn between the jobs to show that the `deploy:API` job can start as soon as the `rspec` job is successful.\nSomething the old lines (shown earlier in this post) would have been unable to depict.\n\nOne unfortunate downside of this is that these lines can be quite expensive to calculate.\nThey're actual DOM nodes, drawn deliberately and placed precisely.\nOn smaller graphs this isn't a problem, but some of our initial tests have found pipelines with a potential 8000+ job connections.\nThat kind of calculation would grind the browser to a halt, and nobody wants that.\n\nAt GitLab, we believe in boring solutions.\nWe make the simple change that sets us on the path towards where we want to be.\nShip it, get feedback, and iterate.\nSo that's what we did.\nIn the first phase of this rollout, we shipped the new pipeline graph with no lines connecting the jobs.\nWe don't have to worry about the expensive calculations, and we still get to roll out the refactored pipeline graph.\n\n![The current (v13.11) pipeline graph showing no links between jobs](https://about.gitlab.com/images/blogimages/placebo-lines_current-graph.png)\n\nWe know some of you will miss them, but fear not.\nBoring solutions are just technical debt if you don't iterate on them.\nSo the [improved lines are coming](https://gitlab.com/groups/gitlab-org/-/epics/4509) in a future release, along with several other improvements to the pipeline graph.\nWe're already starting to roll out the new [Job Dependencies](https://gitlab.com/gitlab-org/gitlab/-/issues/298973) view which shows the jobs in a (much closer to) execution order.\nStay tuned for more updates, and watch [Sarah Groff Hennigh Palermo's talk](https://www.youtube.com/watch?v=R2EKqKjB7OQ) for the technical side of this effort and a deeper dive into some of the decisions we made.\n",[739,740,741,742],"CI","frontend","agile","design",{"slug":744,"featured":12,"template":13},"placebo-lines-on-the-pipeline-graph",{"promotions":746},[747,761,772],{"id":748,"categories":749,"header":751,"text":752,"button":753,"image":758},"ai-modernization",[750],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":754,"config":755},"Get your AI maturity score",{"href":756,"dataGaName":757,"dataGaLocation":241},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":759},{"src":760},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":762,"categories":763,"header":764,"text":752,"button":765,"image":769},"devops-modernization",[726,557],"Are you just managing tools or shipping innovation?",{"text":766,"config":767},"Get your DevOps maturity score",{"href":768,"dataGaName":757,"dataGaLocation":241},"/assessments/devops-modernization-assessment/",{"config":770},{"src":771},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":773,"categories":774,"header":775,"text":752,"button":776,"image":780},"security-modernization",[23],"Are you trading speed for security?",{"text":777,"config":778},"Get your security maturity score",{"href":779,"dataGaName":757,"dataGaLocation":241},"/assessments/security-modernization-assessment/",{"config":781},{"src":782},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"header":784,"blurb":785,"button":786,"secondaryButton":791},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":787,"config":788},"Get your free trial",{"href":789,"dataGaName":48,"dataGaLocation":790},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":493,"config":792},{"href":52,"dataGaName":53,"dataGaLocation":790},1772652106106]