Chaim Mazal - CISO - README

README for Chaim Mazal, GitLab’s Chief Information Security Officer

Why I’m at GitLab

I got my first computer when I was 8, growing up in Florida in the early ’90s. A couple of years later, I found my way into hacker chat rooms on IRC, and that community basically raised me as an engineer. We shared tools, wrote programs, broke things, and learned by doing. Some of my friends ended up getting in trouble, which turned out to be a pretty effective wake-up call. It redirected my curiosity toward the defensive side, and I have never looked back.

I have been a GitLab customer for over eight years. I came to the platform when I was in the middle of a DevOps transformation, obsessed with building a best-in-breed, innovative secure software development lifecycle. GitLab had a disruptive energy and a pace of innovation that helped me and my teams succeed. I wanted to influence where the product was going, so I joined the advisory board. Becoming GitLab’s CISO felt like the natural next step of that journey. It is a dream role, and I am genuinely all in.

About Me

Security is my craft, and I came up in it the way I believe it should be done: with people taking a chance on me and sharing what they knew. That experience shaped how I lead. The best security leaders are not the ones hoarding knowledge or opportunities. They are the ones making everyone around them better.

I build teams where learning is built into how we work, not something bolted on after the fact. Give people real problems, remove the obstacles in their way, give them room to figure it out, and be there when they need a nudge in the right direction. That is how you build a team of leaders who go on to do incredible things in their careers.

Right now, my biggest focus is on what is possible at the intersection of AI and security. The pace of change is exponential. It is the Wild West all over again, and that kind of moment genuinely energizes me. I want GitLab to be at the forefront of rethinking what a cutting-edge security program can look like when you embrace AI fully.

My Values

Learning The way I entered this field was through people who invested in me and shared what they knew. I take that seriously and try to pay it forward in how I develop the people around me.

Curiosity It started in IRC chat rooms and has never left. I am always drawn to how things work, how they break, and how to make them better. I expect the same from the people I work with.

Craft Security is a discipline. Doing it well requires rigor, depth, and continuous learning. I care about doing the work with excellence, not just checking boxes.

Partnership Security succeeds when it is deeply embedded in the business. I believe in building bridges, not barriers, and in working alongside engineering, product, and the broader organization.

My Superpowers

Developing Leaders I have spent my career building teams that produce leaders. I invest in people’s growth as a core part of how I operate, not a side project.

Adversarial Thinking My background gives me a genuine, practitioner-level understanding of how attackers think. That perspective shapes how I build, where I focus, and what I prioritize.

Vision for AI-Driven Security I am deeply focused on what is possible at the intersection of AI and security programs. Not theoretically. I am actively working to push the boundaries of how security can operate at the speed and sophistication that the current threat landscape demands.

Platform Perspective As a long-tenured GitLab customer and advisory board member, I bring a practitioner’s view of the platform that is unusual in a CISO seat. I know what it feels like to rely on GitLab to get security right, and that context matters.

Where I’m Still Growing

Patience with Scale I move fast and like to move fast. At GitLab’s scale, I am focused on pairing that bias for speed with the collaboration and process that a global organization requires.

Delegating Earlier I care deeply about outcomes and can sometimes stay too close to the work. I am intentional about empowering people and trusting teams to own their domains.

Communication Style

Direct and substantive I value clear, substantive communication. Say what you mean, lead with the point, and follow with the context. I am not interested in positioning. I am interested in solving problems.

Written async preferred, with room for live conversation For most topics, Slack or email works well. When something is complex, nuanced, or time-sensitive, let’s get on a call. Please include context, what is happening and why it matters, and a clear ask when you reach out.

Challenge welcomed I expect people to push back when they disagree. That is how good ideas get stronger. I will tell you when I have made up my mind, and I welcome debate before that point.

Bias toward action I would rather move, learn, and adjust than wait for perfect information. I expect the same orientation from my team.

My Expectations of the Team

Ownership Own your outcomes, not just your tasks. Follow through on commitments, close loops, and surface risks early. When priorities change, communicate proactively and come with solutions.

Learning as a practice Stay curious. Ask questions, challenge assumptions, and be open to being wrong. The security landscape moves fast enough that learning has to be a continuous practice, not an occasional event.

Partnership Security wins when it is trusted and integrated across the business. Show up as a collaborator, not a gatekeeper. Build relationships, share context, and work toward shared goals.

Develop each other The way I learned this craft was through people investing in me. I want this team to carry that forward. Share what you know. Lift others up. Build the kind of team that people are proud to have come from.

My Role

I serve as GitLab’s Chief Information Security Officer.

I am responsible for the security of GitLab as a company and as a platform, leading the global security organization, and ensuring our security program operates with the rigor, innovation, and speed that a leading DevSecOps platform demands.

Final Note

The way I think about security has always been shaped by people who bet on me before I had anything to show for it. I am here to build a team that does the same: takes chances on people, invests in their growth, and leaves this field better than we found it. Let’s get to work.

Last modified May 4, 2026: Add Chaim Mazal — README (f3586e96)
View page source - Edit this page - please contribute. Creative Commons License