Sec Growth DataScience staff meeting Sep 14 2022

GitLab Unfiltered

29 Sept 202229:10

Summary

TLDRThe meeting transcript revolves around organizational changes, team updates, and operational improvements within a tech company. It covers the renaming of departments, the introduction of new roles, and the migration of product sections. The discussion also touches on enhancing communication efficiency, celebrating team milestones, and evaluating engineering velocity. Additionally, it addresses security concerns, specifically the handling of can't or won't fix issues related to FED ramp and FIPS compliance.

Takeaways

📅 The meeting took place on September 14th or 15th, with a focus on the APAC region, and Alan attended despite it being midnight for him.
📝 The agenda was packed with many items, and the speaker apologized for the length, promising to work on summarizing communications for better clarity.
🔄 Alan is stepping in as acting full stack manager for security policies while a new hire is sought, and Ellen is welcomed to the team.
🔀 Anti-abuse is moving to the newly renamed 'data science' section, which includes model Ops and the anti-abuse group, with potential future splits.
👏 Thomas and Neal are acknowledged for their contributions to compiling and reporting on engineering allocation, error budgets, reliability, and security incidents.
🤖 A bot has been set up for container security that pings the team weekly for volunteer data input, simplifying the process.
🗓️ There's an upcoming challenge assessment with dates yet to be confirmed, moving to Workday, and an optional self-evaluation feature.
📈 A survey was conducted to improve the MR rate for the team, with results and recommendations summarized but met with a lack of immediate feedback.
🛠️ Refinement meetings have been implemented to break down stories into smaller tasks, which seems to have increased the MR rate positively.
🔒 Discussions are ongoing about security issues related to FedRAMP compliance and CVEs, especially concerning Debian-based images with unaddressed vulnerabilities.
🎉 Olivier has announced the arrival of a new family member over the weekend, and the team looks forward to celebrating his return to work.

Q & A

What is the main topic of the meeting discussed in the transcript?
-The main topic of the meeting involves various updates and discussions related to the 'sick meaning secure and, govern growth and data science' team, including organizational changes, team management, and operational procedures.
Why was Alan present at the meeting despite it being midnight for him?
-Alan attended the meeting because it was important, and he was glad to be there despite the late hour, showing his commitment to the team.
What changes are being made to the anti-abuse team in terms of its structure?
-The anti-abuse team is moving product sections from 'sick' to 'data science', which is a renamed version of the 'model Ops' section. There are plans to potentially split the anti-abuse team into two groups in the future.
What is the role of the acting full stack manager for security policies?
-The acting full stack manager for security policies is stepping in to oversee the security policies area while a permanent manager (EM) is being hired.
What is the significance of the 'model Ops' section being renamed to 'data science'?
-The renaming to 'data science' reflects a shift in focus or an expansion of responsibilities, including the existing model Ops and the anti-abuse stage, indicating a broader scope of data-related operations.
How is the team addressing the issue of error budgets and reliability?
-Thomas is compiling and reporting on error budgets and reliability across all teams, and Neal is assisting with these tasks, providing insights into potential issues and areas for improvement.
What is the purpose of the bot set up for container security?
-The bot is designed to streamline the process of gathering data on container security by pinging the team for a volunteer to resource the data, reducing the manual effort required.
What changes are being made to the talent assessment process?
-The talent assessment process is moving to Workday, with an optional self-evaluation feature. The exact implementation details are still being finalized, and the dates for the assessment have not been confirmed yet.
What is the survey mentioned in the transcript about?
-The survey was conducted to gather team feedback on how to improve the MR (Merge Request) rate for the team, with the results and recommendations to be considered by the team members.
What is the significance of the 'can't or won't fix' security issues discussion?
-The discussion revolves around how to handle security issues that are not being addressed by the original vendors, particularly in the context of FED ramp evaluations and CVE-associated issues.
What is the potential new name for the 'SEC growth and data science' team?
-The potential new name being considered is 'enrichment', as it reflects the team's role in enhancing and improving other areas within the company.
What is the reason for considering adding work anniversaries and new hires to the meeting template?
-Adding work anniversaries and new hires to the meeting template is intended to foster team cohesion and celebrate team milestones and achievements.
Why is the team not using 'reviewer roulette'?
-The team is not using 'reviewer roulette' because they have a small number of engineers, making it less necessary, and they believe the engineering projects page should serve as the single source of truth for maintainers.