 for, we all should, but as we all know here at GitLab, this does happen. Sometimes people will run behind, but it is what it is. So I guess I'll go ahead and fill in for Barby and say, welcome to GitLab everybody. I don't know how long you all have been here, but I've been here since January, and it's definitely a learning curve coming from a traditional environment onto 100% remote. I've even been in the partial remote kind of side of things, so I'm sure you all bring a diverse background of experience, but I think Abby could share a bit more information on that, right? Yes, hello everyone and welcome to GitLab, first of all. This is, I have to say, this is the first time we've done one of these calls. So this is a bit of an experiment. Same time, but I've been at GitLab for almost two years, so I guess I'm kind of one of the old timers, and during the two years I've seen so much growth, and we have, I think last time I looked, we have 315 GitLabbers worldwide, and welcome again to you, because you're now part of this illustrious group. So what we thought would be helpful is if we went through, based on our own experiences of when we were new, some hints and tips and some things to show you to help you get started with your onboarding. So I will, I guess I'll ask the question, how many people have used Slack before? Okay, this will be really easy then. So I will go ahead and share my screen. So welcome to the world of GitLab, brought to you by Slack. This is where you can find everybody in the company, and as all of you know, Slack is great for instant messaging, for sharing documents, for creating channels, and I think some of you have probably got some channels already showing up over here, but I just wanted to point out a few that were really useful to me when I started. I think everybody automatically gets included to the general channel, and by definition it is pretty general. There's a lot of things that get posted in there, and another channel that I think is quite important is the PeopleOps channel, which I am also an member of, and you'll find me in there responding to all sorts of questions that people ask. Obviously this is a public channel, so anything that is confidential, it's best to use a direct message to me or another member of the team, and you can also search here. I don't know how many channels we have, but I think we've probably got hundreds and hundreds and hundreds, and some of you have probably already been invited. I think every team has got a channel that they've created, but if you want to find out who in the company has got an interest in food or pets or anything like that, and you want to kind of reach out to them, you can sort of type something in here and see if we've got a channel, and if we don't have a channel, then by all means create one and invite people to it. That's absolutely encouraged here, so that's that. One cool feature that I really like is the fact that you can message yourself, so if I want to kind of test out some formatting and see what it looks like, I can do that here, or just if I'm really annoyed at somebody, I can type it out to myself first, and then kind of take a step back, reread it, and then post it. As GitLab is a very transparent company, we do encourage people to ask questions in the open, and we have a questions channel here, and again you can post pretty much anything, and please don't be shy about posting something, chances are you're not the only one who might not be aware of something or might need some help with something. In addition, another useful channel is Git Help. I myself, being very new to Git, I was in this channel a lot when I first started just asking questions about this command or that command, so that's really useful. So I just wanted to give you a quick, very, very quick introduction to Slack, but by the looks of it, I think all of you are pretty much aware of where it works. We also have some training on Slack as well, which you could find in your onboarding issue or in the handbook, but there we go. So I will stop sharing now, and I will pass over to Jim, who will talk about some security things. All right, great. Thanks for all of that, Abby. So I guess by a show of hands, how many people have enabled 2FA already? Okay, seems like everybody's already familiar with it here, but just in case we have some folks that are not on call that would like a recap on how to enable 2FA, or maybe you can learn a little thing or two about how to use one password to set up a one-time password. I'll just go through this really quick. I won't take too much of your time. Real quick, I'll go ahead and share my screen, and all of this information has already been jotted down in a Google Doc. If you go into the calendar, you'll be able to find that doc under the third bullet, and it has all that information that you need. But real quick, here's the doc. I've already opened it here, and a few things I wanted to mention. I guess first thing first, I'll introduce myself again. My name is Jim Tavisup. I'm the Senior Security Automation Engineer here, and what we try to do is get together with everybody and let everybody know that here at GitLab, security is everybody's responsibility. So it's not just security trying to enforce it throughout the whole company, but everybody trying to maintain a better posture here at GitLab. And by any means, it's not punitive if I ever or anybody at security reaches out to you. We just want to try to reconcile any issues or make sure any known compromise is or is not. And then follow up with it. But top two things is, one, we'd like to have MFA enabled across all applications and platform. This includes Gmail as well as our GitLab application, but anything and everything that you use as well, it's good to practice it outside of your outside of just general work as well. Anything you use like Facebook and Scram Twitter, you name it, be really good. But taking a step back to the enabling 2FA at Gmail, if you haven't already, there's really good quick link here. Just simply click it. It'll bring you here, tells you all about it. You could read it at your own leisure. But if you scroll all the way down, there's a get started. If you click that, it'll take you to the next screen. Now, the next screen talks about the two-step verification. You click get started. And then it'll ask you to log in once again, since it's a security setting that you're going to update. But I went ahead already logged in, so I don't have to take care of that portion. Here I am. And this is where you set up your two-factor authentication. Now, with this account, I've already set up my phone number, which that's configured as two-factor as well. But for some folks who are traveling very often and don't have access to their phone, what I would suggest is to set up an authenticator app. This could also be done through your phone. But if you're always carrying a laptop, it's a lot more easy to access. So if you click set up, you could go ahead and click Android, click next. And this QR code will pop up. Well, I guess they want me to log in. It's been past five minutes. So I'll go ahead and fill that in. Click next. Go back to the authenticator setup. Click next. This QR code pops up. And finally, on one pass, I'd want to find what I already preconfigured. In this case, this is the Google account. And don't mind this, I set it up earlier to test, but you click edit. Go back to the OTP section, but let's just pretend that we don't have it. Now, this section says new label, new field. You click that and look for one-time password there. Click that. It'll auto populate, but then it hasn't set up your QR code just yet. So you click this QR code in one password, and this will pop up. Now, you just hover over where you think the QR code is. Click back to the original page. It'll turn green, and it's already set up. Now, with that, you go ahead and click save on one password. Click next. Now, on one password, if you copy there, paste it in, and it should be done, verified. And that's all it is. Now, moving forward to, you got anybody have any questions with that one? I felt like it's pretty straightforward. All right, real good. So, moving on, that was real straightforward and simple. We have that easy link. You follow that, and then everybody here has already set it up, so that's how easy it is. Now, going back to setting it up on GitLab, another quick link, assuming that you're already signed in, you click onto that. Here, I've already set up an orientation user, and it brings me to a page that says enable two-factor authentication. And you follow the same steps. There's a QR code. Go here to the orientation piece on one pass. Again, I'm going to go ahead and blow that out. Click one-time password, bring this spot up, and hover where I think the QR code is. And there you go. It turns green. You're good to go. Click save, and let's test that out. Go to the PIN code, register your two-factor app, and there you go. So, any of you hackers out there don't mind all of this information. I'm going to blow it out. If you want to hack this account, good luck. I already gave you all the keys. But moving on past that, if you guys ever have any questions on setting up two-factor on anything else, I just run a simple Google search, how to enable 2FA on the app. Don't click any sites that you think are bad. Hopefully the company that's set up the two-factor authentication app is the company that you could enable. So, that's all I got. I think the next person to share some more details is Ashton. Yeah, absolutely. And it looks like there's a question from Pete already. Yeah, Jim, you might be better suited for it. Sure. Question says, if we already use one password, do we still need to add the GitLab one-pass vault? I think that question is more so, I'd say yes. If you're going to use it in one shape or form or need to share private notes, I say it's definitely a good practice. I think Ashton, we do have a section where in the handbook where we could refer to about pretty much setting up your private account and using it alongside the corporate account, right? Yeah, yeah. Actually, I'm going to hit that up in just a minute. But I know we also, we share, like you may have access to other accounts through the team vault and so it still makes sense to add the GitLab vault. Yeah, I like myself. We have the security team and we share things through there and the same goes for the production and whatnot. So, I imagine it's same across the board. So, absolutely recommend it. Yeah, awesome. Thanks for the question, Pete. Okay, welcome again, everybody. I'm Ashton Herman. I am a content manager on the PeopleOps team with Abby, actually. I work in the same department. I managed specifically the company handbook and I'm also just sort of, I was very excited about trying to improve onboarding. So, I wanted to be a part of this orientation. Thanks everybody for sort of helping us to test drive this. I'm going to share my screen now and take you through setting up one password. It sounds like everybody has some experience. Well, we asked about two-factor authentication. Has everybody used one pass or set it up already in the channel or in this chat? Not a problem if you haven't. And we're recording also because of course there are people who we want to be able to see this orientation that aren't here right now. So, I'm just going to cover a few of the big points as far as using one password and getting it all set up. I want to do that here. All right. Move that away. Perfect. So, just a few things. If you haven't already, you need to install the one password app on your Mac and once it's done, you'll find it up here just in the top right in your little toolbar. But the other thing you can do is also install it on your browser. You can also or Canon should install it on your mobile device because you're going to be storing all of your passwords for work and potentially outside of work in that same one password account in order to access them. You have to have the app installed wherever you might be accessing those pages, those accounts, whatever it might be. If you need to find the extension or any of the apps, you can actually just go to one password's website. That's probably the fastest way. And then the bottom left of their page, there's a link to the downloads as well as their browser extensions and it'll auto detect whatever browser you're using and go from there. But once you've got it installed, you're going to have to set up a master password. This is the only password for one pass that you have to have memorized and because it will unlock all of the passwords in your account, you want to make sure that it's also very complex, very tough to crack, very strong password, but also one that you can remember. So in that document, the orientation day one agenda that Jim linked to, I actually have a link to a guide that one pass wrote, it's from 2011, but it looks like it still holds up as far as creating strong passwords for your master password. Mine, for example, is 40 characters long and I recommend, I mean it's long but it's also easy to remember. I recommend that you find something that works for you that's similarly complex. Anyway, once you've had that and the extension is installed in your browser, it actually makes it really easy to use one password. And so one of the one of the to-dos on everybody's onboarding issue is to then update your own password for your GitLab account using one password. So I'm just going to walk you through doing that really quickly. So I'm logged into my account. I'm going to head over to my profile settings, just like Jim was doing before with setting up two-factor authentication. Go down to passwords. And I just want to demonstrate how one password works here. First of all, if you click on the current password, you're going to see that the little one pass logo pops up on the right. But if I click on it, I'm not currently logged in. So I have to hit the hotkey combination that it's saying there to unlock. I'm going to go ahead and do that. And then once you're logged in, it's going to show a whole bunch of different accounts that you have access to. This is my personal one. So I'm going to go ahead and click on that. And you can see that it auto-populated the field with my existing password. This is really the entire idea behind one pass. You may never know what your passwords are for each account. And that's kind of, I mean, that's the whole point. If you don't know the password, it's that much better because you're like the missing link in that security vulnerability. So if you are editing your password for the first time and making sure that you're using password generator from one password, you type in your current one and then you go to the new password field and one pass, once you're logged in on the extension will actually suggest something. I'm not going to use these in this case. But I wanted to show you that there are a few other things you could do. You can actually go to the password generator. If you pull it up, you can actually click on password generator and you can randomize. You can actually change the length of these passwords. You can add in symbols assuming that whatever app or site you're using supports them. And so there's a whole lot you can do. Once you've done that, you just copy the password and paste it in and it will actually ask you if you want to save it at that point and you just add it to your one pass and that's it. You never really have to know that password again. Let's see. So the other thing on top of that, I just wanted to go over a few policies as far as one password is concerned and you can actually get to it these on our handbook. I'll copy the link and just head over there now. Under the security page in the handbook, there's a whole bunch of guidelines as far as using one password. I just wanted to highlight a couple of them. One of them is that you are encouraged to use one password for personal passwords. So just like Peter was asking before, it sounds like you may already have an account set up and if you do, that's great. You can keep using that. If you don't and you want to use one pass to store your personal login, that's fine. You could do that and we actually encourage it because it improves our overall security as an organization because there are fewer weak links. There are fewer ways that your personal accounts could potentially be compromised and leveraged to gain access to your GitLab accounts or what have you. The one caveat with that is if you do use it for personal accounts, make sure that you are either setting up a locally stored vault or that you sign up for a individual account through one password so that if ever you're off-boarded from GitLab, you can take that information with you. We're not going to allow you to take your GitLab account of course because you may have access to stuff that as a non-employee you wouldn't need anymore. Let's see. I think that pretty much does it. Any questions about one password and also if you have any personal trouble getting it all set up or you want some help walking through how to use it, please feel free to reach out to me directly. I'm happy to do that also. All right. Any other questions just about the onboarding process? Keep in mind we are going to meet again tomorrow at the same time and go through adding yourselves to the team page as well as using G Suite if that's something you're familiar with. But oh and it looks like Barbie you're on the channel. Would you like to chime in now? I just want to say welcome to everybody. This is something new that we're trying by having an onboarding meeting and we decided to break them up a little bit. So you're a little bit our guinea pigs in this experiment. So I love as we go through it to get feedback as may have already been said by Ashton and Ravi. But as you go through it get a little feedback and then we'll keep track of people who didn't have this experience versus those who did and continue to iterate and make it better and true GitLab value fashion. So your feedback will be important to that. We've heard a lot that it's a little overwhelming sometimes to onboard at GitLab when you see all those items to do. So we're trying to make that a little better for everybody and we are thrilled that you have joined the company and really look forward to working with you. You're going to go through the handbook tomorrow. So Abby will probably say this but keep in mind that the handbook is a little bit more of a guidebook. It's not your traditional handbook in a company sense where everything in there is a written in stone rule that can't be changed. We every single person at GitLab and if you're not at GitLab or authors of that handbook and we'll continue to be so. So when you see something in there that you think is a better way to do it or that way doesn't make sense to you seek to understand why we recommend it to be done that way and then provide your input and submit a merge request if you think there's a better way and think about that the code of conduct is a little different but for the rest of it we're trying to just continue to grow and the company is growing fast as you are all a testament to and so some of the things that we do have to scale with that and change with that as well. Awesome so yeah at this point it's just if anybody has any leftover questions we'd be happy to answer them otherwise we can close up shop. Wonderful did we do intros before the call started? No not beyond introducing ourselves we should probably do that shouldn't we? I don't know I think it's a fun way there everyone's being new together you have something in common you all started at GitLab in July so maybe since we have a little bit of time left everyone can just kind of go through and introduce yourselves. Let me try to bring some chaos to the order because sometimes it's all of our screens are at different places so I'm just going to go with the participants and I'm going to say I didn't actually formally introduce myself I'm Barbie Brewer and I have been at GitLab for nine months it doesn't matter we don't care about tenure here but just for context of how much I might know or still not know and and and I am technically called the chief call chief culture officer but that just means that all the wonderful people in and recruiting and people office report to me and I work a lot with the executive team as well I'm trying to make sure we're great leaders for all of you and so now I see Abby already introduced herself up I'm not incorrect so Tristan that's me what's up everybody yeah I'm Tristan I'm starting today as a services support agent and I live in Los Angeles California currently extremely hot hopefully that calms down probably one thank you and John good morning I'm John I'm starting today as a site reliability engineer I'm at outside of the east coast I'm in Raleigh North Carolina really stoked to start with you guys excellent and Craig Craig you're muted okay when Craig is ready we'll go to Jason for now hey I'm Jason I was at ZB Lab before I was the head of product here I'm joining as the senior product manager for integration today's delivery I'm American but I live in the Netherlands I've been here for a couple years and Jim so I'm the senior security automation engineer over here I've been here since January I'm based out of Oklahoma yeah it's pretty much it I have a wife we're planning to get a dog and on our free time we just like to travel fun I just spent my whole weekend dock diving with my German shepherd and Nikolai hi I'm Nikolai I'm originally from Russia but I live in the Silicon Valley right now next to San Jose and I'm joined to it's my Thursday and I joined joined to help with scaling and performance optimization of posgos so databases actually that's it okay to work with you later okay and Pete hey y'all I'm Pete roundman I'm a right coaster excuse me and Tristan I'm gonna battle you on the temperature we're close to 100 degrees right now and very high humidity so it's pretty gross out here but uh I come here from VMware um virtualization engineer over there and um I've uh I'm happy to say that I've been a big component or a big competitor of Microsoft throughout my life and noting that um one of our competitors was recently purchased by Microsoft I'm I'm even more thrilled to be here to help fight the battle okay did Jason go already good okay yeah back to Craig yeah okay sorry about that um so yeah uh today's my first day starting as a site reliability engineer uh my team is John so we've got uh kind of bracketing the U.S. Sunflake Houston Raleigh I'm in Seattle um yeah and pretty pretty stoked really excited to join the team can't wait to get started wonderful did I skip anyone all right well thank you all for joining GitLab and I look forward to seeing those of you who will be in Cape Town and those who won't and FGU is team calls and hopefully in issues and slack as well thank you and please come tomorrow for the uh round two of this yeah round two is important thanks everybody thanks everybody thanks