logo

Team Handbook


Communications

Slack

#security-team is our team channel. It is expected that team members will be logged in and responding to Slack conversation during their personal work hours. Additional team channels include #privacy-engineering and #app-sec.

There are many WMF channels geared towards both work and personal interests which you are welcome to join.

Asana

Asana is used to create an agenda for the weekly Team Meeting, and to track any ongoing tasks that are created as a result of that call. Asynchronous communication via Asana tickets is highly encouraged. Assigned tickets are to be kept current with regards to status.

Asana is widely used both by the team and across the Foundation. Please feel free to track ideas, tasks, and self-defined projects in Asana. If you would like assistance in setting up a system that works for you, please talk to your Project Manager.

Meetings

Meeting Protocol

  • Meetings are an important part of our team dynamic and should be accepted or declined asap, and at least 24 hours prior to meeting time.
  • Meetings are not optional unless you are specifically invited as an optional attendee.
  • Being late is sometimes unavoidable but do your best to be on time as a sign of respect to others.
  • We generally try to live by the 5 minute rule. If someone is 5 minutes late for a meeting we start without them.

Standing Meetings

1:1
  • Who: Individual team member and Director
  • What: Come with your own agenda and if you don't have one the Director will provide one
  • When / Where: Cadence TBD by team member but not to exceed 1 month w/out meeting
Team Meeting
  • Who: Security Team members and Director
  • What: This weekly meeting is intended to serve as an all-team touchpoint where news, shoutouts, and guest speakers provide relevant and timely information and general questions can be addressed.
  • Note: Asynchronous agenda building and communication via the Team Meeting Asana board is highly encouraged
  • When / Where: Tuesdays at 9:05am PT via Google Hangout (invite only)
Security Clinic
  • Who: Security Team members
  • What: The Security team’s Clinic serves as the intake point for work from all sources
  • When / Where: Usually on Mondays at 8:00am PT via Google Hangout (invite only)
Quarterly Retro
  • Who: Security Team members
  • What: A quarterly opportunity for the team to reflect on and discuss what does and does not work well. Action items are created to facilitate improvement
  • When / Where: This meeting is held once per quarter in Retrium (invite only)
AppSec Stand-Up
  • Who: Application Security engineers and PM
  • What: Review of ticket status, clearing of blockers, and triage if needed
  • When / Where: Tuesdays at 8:45am PT via Google Hangout (invite only)

Work Hours

  • If you are going on vacation or will be out for half a day or longer, update the team calendar to reflect that you are out of office. Create an event in the team calendar and then invite yourself to the event to have an easily updated entry on both calendars. Please do not provide additional details.
  • If you are sick drop a note to our team mailing list or Slack channel so folks are not trying to track you down.
  • If you take vacation time then you need to really take vacation time. This means disconnecting and spending your time away from work. If something bad happens we’ll figure it out. Enjoy your time off, you earned it!
  • As a corollary to the previous statement, if you feel like you cannot take off we need to discuss this as a team and make sure everyone has a backup. If you don’t have a backup now, let’s get that fixed ASAP.
  • If you are taking a remote training course, or working on remote continuing education this is is work time. Count it as work time. If you are in a week long remote SANS course, for example, you are not available for regular work and should concentrate on the material at hand. A rising tide lifts all boats! :)