Wikimedia Security Team/WIP/Security Team Draft

Motto: We seek to secure access to and the integrity of free knowledge.

The security organization exists to serve and guide the community and foundation by providing security services to inform risk and to cultivate a culture of security.

As a team, we strive to hold ourselves and each other accountable for the following types of behavior:

• Integrity: For us to be successful folks have to trust us and we need to trust each other.  
• Efficacy: in service and in self
• Constructive conflict: is healthy and promotes a growth mindset. Challenging each other is a good thing and makes us all better.
• Move on: Let go of the past, forgive, forget and start new.
• Sharing: Share the knowledge you have, share your successes and your failures
• Learning: be receptive to learning from others. Nobody knows everything
• Healthy body, mind and team:  If you are stressed out, sick or just need a break, feel free to get away from all of this!  That doesn’t mean you can ignore your work forever but get out of here for a while and go for a walk, read a book, take a nap, stare at the clouds.  None of this is going anywhere and we will survive while you are gone. Part of building trust is being able to be vulnerable so it’s ok to talk about it and from time to time to step away from all this.
• Reflection:  What went well, what didn’t, what should I do next time?  Every day is an opportunity and you will both fail and succeed on a regular basis, adversity is your friend, failures are expected, cherished, a blessing and an opportunity.  Now get out there and mess some stuff up!
• Teamwork: We are all in this together and the concept of teamwork extends beyond the security team
• Problem Solving: Solving problems can be tricky and is usually iterative so don’t be afraid to take a 1st step. Behaviors such as being combative, strawmanning, bikeshedding, and fixed thinking do not help forward the solution. Perfect is the enemy of good.
• Practice gratitude: Be thankful. We have a great team filled with super awesome folks. Don't let negativity chart your or our path forward.

The team will be working towards the following goals this quarter (Q3);

• Getting started with, planning, and operationalizing ERM product
• Work/Team Flow Alignment Program
• Evaluate providing a Tier 1 (Clinic-like) function and create initial documentation
• Develop organization-wide privacy training
• Develop process for systematic privacy risk review of public data releases
• Understand and evaluate threats to the WMF
• Enhance and Deploy (to beta) StopForumSpam
• Evaluate and clean up wikimedia/security git repos
• Security Release for Q3 2019/2020

Our team handbook outlines our commitment to the Foundation and each other, as well as the expectations we have around team processes and norms.

• Our Request for Service SOP explains in detail how to request work from the Security Team: Security/SOP/Requests For Service

• For all other questions or if you require assistance in determining your Security needs, send an email to security-help[@]wikimedia.org

Tasks that follow a recognized Flow will be at a minimum discussed by the Security Team during our weekly clinic meeting. The Security Team is a limited component within Wikimedia Foundation and tasks that cannot be resourced or are not part of the team charter will be left with the general #security project attached.

• 
  John Bennett
• 
  Scott Bassett
• 
  Jennifer Cross
• 
  James Fishback
• 
  Chase Pettet
• 
  Sam Reed
• 
  David Sharpe