In the fast-paced world of software development, the emergence of DevSecOps has revolutionised the way organisations approach security in the software development lifecycle (SDLC).
Where in the past security would have been an add-on at the end of a project, DevSecOps has now meant that it’s integrated into every phase of the development process, from design and coding to testing and deployment. As we know, this modern approach helps mitigate security risks and vulnerabilities early in the process - but it’s not without its pitfalls. As the demand for secure and efficient software delivery escalates, DevSecOps professionals find themselves at the crossroads of innovation and pressure - inevitably leading to burnout.
1. The Skills Gap
The complexity of modern software and the continually evolving threat landscape demand a diverse skill set. DevSecOps professionals are under constant pressure to stay ahead of the curve with the latest security trends, tools, and best practices, often wearing multiple hats at once.
"Cybersecurity staff spend a disproportionate amount of time on incident response—resulting in burnout and human error. In fact, approximately 70% of cybersecurity workers feel their organisation doesn’t have enough cybersecurity staff.” (Forbes: The Rising Demand for DevSecOps Talent)
2. Constant Pressure and High Stakes
DevSecOps professionals are at the forefront of ensuring that security is integrated seamlessly into every phase of development from start to finish. There is constant pressure to identify vulnerabilities, assess risks, and develop secure code - which can all lead to a high stakes/high stress environment. Not to mention that the consequences of a security breach can be catastrophic, including data breaches, financial losses, and reputational damage.
“A survey by VMware shows that 47% of cyber employees have experienced stress and burnout.
The survey further shows that 69% of these employees have thought of leaving their jobs due to burnout and stress.” (Guardrails: Stress and Burnout in AppSec Teams)
3. Manual Processes
Manual processes in DevSecOps can be labour intensive, repetitive, time-consuming, and error-prone in nature. For staff, having to conduct security assessments, vulnerability scanning, code review, reporting, detecting, and continued monitoring when automation could be employed, can build resentment and burnout.
“4+ hours each day are lost to DevSecOps issues that could have otherwise been prevented with best practices and modern tools. In fact, 41% of cybersecurity professionals spend 5+ hours addressing security issues compared to 32% of developers.” (Invicti: State of the DevSecOps Professional Survey)
4. No Work/Life Balance
It’s no surprise that the nature of cybersecurity work leads to an imbalance between home and work life. The dynamic and critical nature of security tasks often requires immediate attention, irrespective of standard working hours. This, combined with the pressure to maintain security standards can result in high workloads and high stress resulting in burnout.
“1 in 3 leaders in security and development have managed cybersecurity issues amidst a holiday meal with family or during downtime at home” (Invicti)
1. Prioritise Wellbeing
Organisations should encourage open dialogue about stress, workload, and mental health with their employees and have plans and resources available to help. It’s important that DevSecOps employees are in an environment where they feel cared for and comfortable discussing their challenges and seeking support when needed.
2. Upskilling and Growth Opportunities
Employers can look to provide opportunities for upskilling, cross-skilling and mentoring. By keeping DevSecOps professionals up-to-date with the latest tools and practices, organisations can foster a culture of growth and reduce the stress associated with skill gaps.
3. Automate where possible
Embrace automation to reduce the burden of routine and repetitive tasks. Automated security checks and testing can free up DevSecOps professionals to focus on higher-level strategic tasks that make them feel more inspired and excited to work.
The advent of DevSecOps has brought immense potential for secure and efficient software development. However, it's crucial to acknowledge and address the burnout experienced by the professionals working in the industry - largely due to the high demands and responsibilities they shoulder.
By offering a supportive work environment, providing training, and transitioning to automation, organisations can help alleviate burnout and create space for DevSecOps professionals to thrive while navigating the challenges of today's cybersecurity landscape.
Our 2023 Annual Salary Guide will be released soon with the most up to date employment and hiring trends and salaries for your role in the cyber security industry! Check out last year’s for an idea and sign up to be in the know!