3 ways to reduce stress on the DevSecOps team

I recently moderated a session for the CSO Cybersecurity Summit on building resilience and addressing employee anxiety amid organizational transformation. My session focused on the stresses and burnout experienced by security teams, including recent data showing that 94% of chief information security officers (CISOs) suffer from work-related stress, and 65% admit their stress levels compromise their ability to do their job.

Work-related stress is on the rise, and in 2022, 81% of workers reported that workplace stress affected their mental health, compared to 78% of respondents in 2021. Forbes Advisor recently reported that 36% of workers surveyed experienced stress, 26% grappled with anxiety, and 20% reported burnout.

How stress impacts DevSecOps teams

As technology stacks increase in complexity, DevSecOps teams are required to rapidly learn new skills, increase automation, and take steps to improve the developer experience. The resulting stress and pressure on team members can lead to burnout, which affects the entire team and the end product.

“As software becomes more decentralized and complex with the move to the cloud, developers are working across a lot more pieces—services, libraries, AI models, and other software components,” says Taylor Pechacek, head of product for Compass at Atlassian. “Investing in developer experience helps make sense of the noise and reduces a massive amount of toil so developers can focus on what they enjoy most—building things.”

The mounting pressure on DevSecOps also stems from the business pressures to increase deployment frequency, reduce cycle times, and improve application performance.

Ashish Kakran, Principal at Thomvest Ventures, says, “On one hand, teams are under pressure to ship new features faster, and on the other, there is the need to ensure that new application software and core infrastructure is secure and compliant. The constant tradeoff between speed and security can cause stress.”

Supporting new technologies and capabilities such as generative AI can be both a stress reliever and a source of stress for DevSecOps teams. “Generative AI reduces stress with new tools for code generation, information retrieval, and summarization that dramatically improve devops productivity,” says Kjell Carlsson, head of data science strategy and evangelism at Domino. ”However, it is creating stress because of the increased demand on devops teams to support developing and operationalizing new genAI applications across the business.”

Last year, I invited readers to consider 5 ways to disconnect and relieve stress to improve work-life balance and seek a life of purpose and health. Here are three more ways DevSecOps teams can meet their core development, security, and operations needs and fulfill their mission while reducing stress.

3 ways DevSecOps teams can reduce stress

1. Foster a generative organizational culture
2. Root out micromanagement and unrealistic expectations
3. Make stress reduction a team priority

Foster a generative organizational culture

Before considering DevSecOps practices and tools, the most direct way teams can reduce stress and alleviate the risk of burnout is by addressing the organization and team culture. The Accelerate State of DevOps Report 2023 notes that organizations that focus on creating a generative culture have 30% higher performance than others. Generative organizational cultures are performance-oriented and highly cooperative, and risks are shared across teams.

David Brooks, SVP and lead evangelist at Copado shared three recommendations for how devops teams can reduce stress and improve their internal culture:

1. Focus on continuous education and make it okay for people to admit they don’t know how to do something.
2. Create a safe environment of trust and mutual respect where the team’s goals are more important than individual goals.
3. Help the team realize that devops is never done and requires a continuous improvement cycle where teams are willing to try new ideas.

Brooks also recommends “Accept that some ideas may not work and move on” as a best practice for teams looking to learn, quickly experiment, review results, and collegially debate the next steps. 

Changing culture is often the sum of individual behaviors and how leaders set cultural norms. One of the 50 lessons I shared in my book for technology and business professionals leading digital transformation is, “Promote team culture by listening, reserving judgment, asking questions, managing conflict, and just being nice.” 

Other activities to improve the agile development team and devops culture include learning customer needs, focusing on fewer but meaningful KPIs, and brainstorming innovative solutions. Darko Fabijan, co-founder of Semaphore CI/CD, adds, “The fast pace of software engineering can be stressful, so take breaks, walk outside, and create social events to help avoid burnout.”

DevSecOps teams can create learning activities beyond skills development and prioritize events that serve more than a social purpose. Omer Cohen, CISO at Descope, suggests the benefits of collaborative team learning. “Most people have some interesting projects they don’t have time to talk about during the stressful days.” He offered three recommendations:

• Introduce a designated break to share tech-related anecdotes or explore quirky coding challenges.
• Institute a weekly problem-solving session where team members bring solutions, not just problems, and address challenges collectively.
• Start a “Tech Talk Tuesday” type of meetup where team members can share insights from their personal projects during a short, informal session.

The key to creating generative cultures is recognizing that they must be ongoing, recurring, and continuously improving—not just one-and-done events scheduled when morale is low.

Root out micromanagement and unrealistic expectations

Cultural practices must align with how digital trailblazers lead transformation initiatives and how team leaders collaborate with their teammates. While organizations should embrace agile self-organization principles, creating standards and ensuring consistent management practices helps reduce stress by setting clear expectations. 

There aren’t one-size-fits-all organizational models and management principles for DevSecOps and agile development, but a few anti-patterns contribute to stress and burnout.

Micromanagement is one of them. Instead of micromanaging, software development managers, product owners, and scrum masters can empower agile teams by communicating the product vision, avoiding rigid roadmaps, and following through on retrospectives. Leaders can measure software development performance by measuring how well teams release reliably, improve customer satisfaction, and improve devops KPIs.

“Devops leaders can alleviate stress and encourage creativity by giving their teams autonomy and avoiding micromanagement,” says Swaminathan K, senior director of devops at Kissflow. “Leaders should also seek to eliminate knowledge silos by encouraging open communication, including regular check-ins and open forums for sharing ideas and concerns.”

A second anti-pattern occurs when leaders regress to command-and-control management tactics by declaring fixed-scope objectives and demanding their delivery timelines.

“Developers are often stressed out due to time constraints, deadlines, and juggling multiple tasks at once,” says Rohit Choudhary, co-founder and CEO of Acceldata. “Set clear objectives, provide adequate resources, and foster open communication to ensure team members feel supported and empowered to deliver results without feeling overwhelmed.”

Both leaders stress the importance of communication, which is a key management practice regardless of how teams are organized or which management frameworks are utilized.

Make stress reduction a team priority

Should a team prioritize work on CI/CD, IaC, AIOps, or another DevSecOps best practice? Teams will consider business impact, operational KPIs, security risk remediation, and toil reduction to help prioritize. Why not prioritize stress reduction?

Leaders should ask DevSecOps teammates what’s causing stress and anxiety in their work. While people, culture, and process issues will come up, leaders will also discover critical areas where implementing a devops practice or technology could help reduce stress.

For example, automation, machine learning, and generative AI are possible solutions if the team feels overwhelmed with too much manual work. “Looking for ways to reduce complexity and toil is the strongest path to reducing stress,” says Cody De Arkland, director of developer relations at LaunchDarkly. “This can come by streamlining change-control processes, implementing tooling that allows for greater collaboration, or reducing unnecessary bottlenecks across teams.”

Regarding reducing manual work, Ed Lopez, senior strategic and solution architect at Terazo, says, “Generative AI has the potential to reduce stress on devops teams significantly by automating tasks, such as testing automation and writing Infrastructure-as-code scripts.”

Another source of anxiety stems from the fear of the unknown, especially related to complexities and security concerns. Stephen Magill, VP of product innovation at Sonatype, recommends prioritizing automation and efficient dependency management for organizations leveraging open source technologies. Data from Sonatype’s State of the Software Supply Chain report, reveals that optimal dependency upgrade decisions can result in a “two-times efficiency boost—saving 1.5 months per application team per year,” said Magill.

Conclusion

Reducing stress can immediately impact DevSecOps teams and organizations by increasing employee happiness and improving productivity. The longer-term benefits of improving well-being, increasing retention, and fostering a collaborative culture should be key motivators for organizations that require innovative technologists to deliver competitive advantages and continuously improve operations.