Skip to content

Update Security and Compliance Personas

Michael Oliver requested to merge master-patch-4294 into master

Why is this change being made?

The current list of user personas does not align with the roles, teams, and personas that typically use GitLab. Currently the Security Analyst personas is too vague to use effectively. Also, the list of personas is missing the AppSec and InfraSec roles, both of which use GitLab today.

What is being changed?

We are adding the following personas:

  1. Amy, Application Security Engineer
  2. Isaac, Infrastructure Security Engineer

We are removing the following persona:

  1. Sam, Security Analyst as this persona is redundant and not mutually exclusive of the other personas. AppSec, InfraSec, and SecOps teams all have security analysts. The security analyst persona is not specific enough as to the nature of what type of security data is being analyzed. Companies generally do not have a standalone security analyst position, so it is better to refer more specifically to either AppSec, InfraSec, or SecOps.

We are keeping the following personas:

  1. Alex, Security Operations Engineer
  2. Cameron, Compliance Manager

Author Checklist

  • Provided a concise title for this Merge Request (MR)
  • Added a description to this MR explaining the reasons for the proposed change, per say why, not just what
    • Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
  • Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI)
    • If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the Maintained by section on the page being edited
    • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
    • The when to get approval handbook section explains the workflow in more detail
  • If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR
    • If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.
Edited by Sam White

Merge request reports