Wikimedia Security Team
Motto: We seek to secure access to and the integrity of free knowledge.
The security organization exists to serve and guide the community and foundation by providing security services to inform risk and to cultivate a culture of security.
As a team, we strive to hold ourselves and each other accountable for the following types of behavior:
- Integrity: For us to be successful folks have to trust us and we need to trust each other.
- Efficacy: in service and in self
- Constructive conflict: is healthy and promotes a growth mindset. Challenging each other is a good thing and makes us all better.
- Move on: Let go of the past, forgive, forget and start new.
- Sharing: Share the knowledge you have, share your successes and your failures
- Learning: be receptive to learning from others. Nobody knows everything
- Healthy body, mind and team: If you are stressed out, sick or just need a break, feel free to get away from all of this! That doesn’t mean you can ignore your work forever but get out of here for a while and go for a walk, read a book, take a nap, stare at the clouds. We need you but we need you healthy, none of this work is going anywhere and we will survive while you are gone. Part of building trust is being able to be vulnerable so it’s ok to talk about it and from time to time to step away from all this.
- Reflection: What went well, what didn’t, what should I do next time? Everyday is an opportunity and you will both fail and succeed on a regular basis, adversity is your friend, failures are expected, cherished, a blessing and an opportunity. Now get out there and mess some stuff up!
- Teamwork: We are all in this together and the concept of teamwork extends beyond the security team. We each have a job to do here and while you may feel your approach is the best we need to respect each other and allow everyone to do their job.
- Problem Solving: Solving problems can be tricky and is usually iterative so don’t be afraid to take a 1st step. Behaviors such as being combative, strawdogging, bikeshedding, and fixed thinking do not help forward the solution. Perfect is the enemy of good.
- Practice gratitude: Be thankful. We have a great team filled with super awesome folks. Don't let negativity chart your or our path forward.
The team will be working towards the following goals this quarter (Q1);
- Security Awareness for staff and community
- Security 'Hall of Fame'
- Introduction of GRC platform
- Vulnerability scanning
- Develop data review pipeline
- Planning for a team-wide move towards iterative workflows.
- Application Security training for staff and community
Our team handbook outlines our commitment to the Foundation and each other, as well as the expectations we have around team processes and norms.
- Our Request for Service SOP explains in detail how to request work from the Security Team: Security/SOP/Requests For Service
- For all other questions or if you require assistance in determining your Security needs, send an email to security-help[@]wikimedia.org
- Consider attending our monthly Office Hours to discuss your questions, concerns, and ideas.
Work Intake Commitment
Tasks that follow a recognized Flow will be at a minimum discussed by the Security Team during our weekly clinic meeting. The Security Team is a limited component within Wikimedia Foundation and tasks that cannot be resourced or are not part of the team charter will be left with the general #security project attached.