Wikimedia Security Team

From mediawiki.org
Jump to navigation Jump to search

Motto: We seek to secure access to and the integrity of free knowledge.

Mission[edit]

The security organization exists to serve and guide the community and Foundation by providing security services to inform risk and to cultivate a culture of security.

Team Ideals[edit]

As a team, we strive to hold ourselves and each other accountable for the following types of behavior:

  • Integrity: For us to be successful folks have to trust us and we need to trust each other.  
  • Efficacy: in service and in self
  • Constructive conflict: is healthy and promotes a growth mindset. Challenging each other is a good thing and makes us all better.
  • Move on: Let go of the past, forgive, forget and start new.
  • Sharing: Share the knowledge you have, share your successes and your failures
  • Learning: be receptive to learning from others. Nobody knows everything
  • Healthy body, mind and team: If you are stressed out, sick or just need a break, feel free to get away from all of this! That doesn’t mean you can ignore your work forever but get out of here for a while and go for a walk, read a book, take a nap, stare at the clouds.  We need you but we need you healthy, none of this work is going anywhere and we will survive while you are gone. Part of building trust is being able to be vulnerable so it’s ok to talk about it and from time to time to step away from all this.
  • Reflection: What went well, what didn’t, what should I do next time? Everyday is an opportunity and you will both fail and succeed on a regular basis, adversity is your friend, failures are expected, cherished, a blessing and an opportunity. Now get out there and mess some stuff up!
  • Teamwork: We are all in this together and the concept of teamwork extends beyond the security team. We each have a job to do here and while you may feel your approach is the best we need to respect each other and allow everyone to do their job.
  • Problem Solving: Solving problems can be tricky and is usually iterative so don’t be afraid to take a 1st step. Behaviors such as being combative, strawdogging, bikeshedding, and fixed thinking do not help forward the solution. Perfect is the enemy of good.
  • Practice gratitude: Be thankful. We have a great team filled with super awesome folks. Don't let negativity chart your or our path forward.

Goals[edit]

The team will be working towards the following goals this quarter (Q2);

  • Create and document a process and procedure for engaging with Fusion Center for consumption of services
  • Define and document how would someone from outside of Security come sit in the Fusion Center
  • Develop and document comprehensive privacy review documentation and status mechanism to increase organization awareness and utilization.
  • Simple first version of new Security website is published and public
  • Expand delivery of application security training across the foundation and community
  • Improve Wikimedia Anti-Automation Tools

Handbook[edit]

Our team handbook outlines our commitment to the Foundation and each other, as well as the expectations we have around team processes and norms.

Contacting Us[edit]

  • For all other questions or if you require assistance in determining your Security needs, send an email to security-help[@]wikimedia.org
  • Consider attending our monthly Office Hours to discuss your questions, concerns, and ideas.

Work Intake Commitment[edit]

Tasks that follow a recognized Flow will be at a minimum discussed by the Security Team during our weekly clinic meeting. The Security Team is a limited component within Wikimedia Foundation and tasks that cannot be resourced or are not part of the team charter will be left with the general #security project attached.

Team[edit]