In an effort to create a repeatable, streamlined process for consumption of security services the Security Team has been working on changes and improvements to our workflows. Much of this effort is an attempt to consolidate work intake for our team in order to more effectively communicate status, priority and scheduling. This is step 1 and we expect future changes as our tooling, capabilities and processes mature.
How to collaborate with the Security Team
The Security Team works in an iterative manner to build new and mature existing security services as we face new threats and identify new risks. For a list of currently deployed services available in this iteration please review our services page.
The initial point of contact for the majority of our services is now a consistent Request For Services  (RFS) form .
The two workflow exceptions to RFS are the Privacy Engineering  service and Security Readiness Review  process which already had established methods that are working well.
If the RFS forms are confusing or don't lead you to answers you need try firstname.lastname@example.org to get assistance with finding the right service, process, or person
email@example.com will continue to be our primarily external reporting channel
Coming changes in Phabricator
We will be disabling the workboard on the Privacy  project. This workboard is not actively or consistently cultivated and often confuses those who interact with it. Privacy is a legitimate tag to be used in many cases, but the resourced privacy contingent within WMF will be using the Privacy engineering  component.
We will be disabling the workboard for the Security  project. Like the Privacy project this workboard is not actively or consistently cultivated and is confusing. Tasks which are actively resourced should have an associated group  tag such as Security Team .
The Security project will be broken up into subprojects with meaningful names that indicate user relation to the Security landscape. This is in service to Security no longer serving double duty as an ACL and a group project. This closes long standing debt and mirrors work done in T90491 for SRE to improve transparency. This means an ACL*Security-Issues project will be created and Security will still be available to link cross cutting issues, but will also allow equal footing for membership for all Phabricator users.
A quick callout to the consistency  and Gerrit sections of our team handbook . As a team we have agreed that all changesets we interact on need a linked task with the Security-Team tag.
security@ will soon be managed as a Google group collaborative inbox  as outlined in T243446, This will allow for an improved workflow and consistency in interactions with inquiries.
 Security Services
 RFS docs
 RFS form
 Privacy Engineering form
 Readiness Review SOP
 Phab Privacy tag
 Privacy Engineering Project
 Security Tag
 Phab Project types
 Security Team tag
 Security Team Handbook
 Secteam handbook-gerrit
 Google collab inbox