Jump to content

Wikimedia Security Team

From mediawiki.org

Motto: We seek to secure access to and the integrity of free knowledge.


The security organization exists to serve and guide the community and Foundation by providing security services to inform risk and to cultivate a culture of security.

Team Ideals

These are the expected behaviors for anyone on the WMF Security team:


For us to be successful folks have to trust us and we need to trust each other.

  • We are all in this together and “ teamwork” extends beyond the security team.
  • We each have a job to do, and while you may feel your approach is the best, we need to respect each other. Allow others to do their job.


We value self-starters, collaboration, and initiative.

  • Solving problems is tricky - don’t be afraid to take a 1st step.
  • Perfect is the enemy of good.

Constructive discourse

Is based on active listening, clear documentation, and doesn’t shy away from conflict when appropriate. We aim to be compassionate.

  • Behaviors such as being combative, strawdogging, bikeshedding, and fixed thinking do not help forward the solution.

Move on

Strive for improvement, forgive, forget and start new. A single interaction with someone does not define who they are.

Culture of Learning

  • Don’t be afraid to push yourself, take on stretch goals.
  • Share the knowledge you have, share your successes and your failures.
  • Be receptive to learning from others. Nobody knows everything.
  • What went well, what didn’t, what should I do next time? Everyday is an opportunity and you will both fail and succeed on a regular basis, adversity is your friend, failures are expected!
    • Tell someone! You’re not alone with your failure as soon as you share it
    • Don’t let your manager be surprised - let them be your advocate.

Healthy body, mind and team

If you are stressed out, sick or just need a break, feel free to get away from all of this! That doesn’t mean you can ignore your work forever but get out of here for a while and go for a walk, read a book, take a nap, stare at the clouds. We need you but we need you healthy, none of this work is going anywhere and we will survive while you are gone. Part of building trust is being able to be vulnerable so it’s ok to talk about it and from time to time to step away from all this.

  • Be sure to follow guidelines and procedures where applicable

Practice gratitude

Be thankful. We have a great team filled with super awesome folks. Don't let negativity chart your or our path forward.

  • Make the effort to thank people. Do this publicly when that would be appreciated.
  • Speak with your manager if you feel as though additional recognition is warranted.

Please remember you represent the entire team. Patience and civility are requirements for all communications.


Our team handbook outlines our commitment to the Foundation and each other, as well as the expectations we have around team processes and norms.

Contacting Us

  • Our Request for Service SOP explains in detail how to request work from the Security Team: Security/SOP/Requests For Service
  • For all other questions or if you require assistance in determining your Security needs, email security-help@wikimedia.org
  • We are also happy to field general questions in #talk-to-security within the WMF's Slack instance and within #wikimedia-security on IRC.

Work Intake Commitment

Tasks that follow a recognized Flow will be at a minimum discussed by the Security Team during our weekly clinic meeting. The Security Team is a limited component within Wikimedia Foundation, and tasks that cannot be resourced or are not part of the team charter will be left with the general #security project attached.