We sat down with GitLab sr. security researcher Mark Loveless to talk about his role, how he sees the tech industry changing and the freeing feeling that working public by default (even in Security) brings and the trust that it builds.
I perform research on security-related issues to help protect GitLab team members as well as GitLab customers. This can involve researching a new product feature, evaluating a SaaS product that GitLab is using or considering using, or educating others via presentations and blog posts.
Security should be painless and just a natural part of someone going about their day. If a process is implemented that makes things more secure and it causes no friction to the point that most people do not even notice it, then I’ve done a good job.
In my role, I’m focused on:
Outreach via blogs and security conferences. Here’s a sample blog that has links to several other posts I wrote about GitLab’s Zero Trust journey, “We answer your most popular questions about our Zero Trust journey“
Securing the product. This blog post, “GitLab instance: security best practices“ was one that many in the security department helped me with and was written to help our customers harden their instances.
Occasional mouthpiece to the press on GitLab and industry security practices; again part of that outreach effort. An example: “Remote Work Has a Hidden Challenge: Data Security”.
#security