Is Now the Time for Resilience Operations (ResOps) Teams?

 

In the ever-accelerating world of technology and business, new "Ops" cultures seem to emerge with increasing regularity. From the foundational shift of DevOps to the specialized focus of MLOps and FinOps, these movements aim to bring efficiency, collaboration, and specific expertise to complex operational challenges.

But there's a growing whisper, turning into a roar, about the need for something more fundamental: Resilience Operations (ResOps). Is it just another buzzword, or is it the critical next step in ensuring our organizations can truly withstand the shocks of a turbulent world? I'd argue it's not only time but long overdue.

A Brief History of "Ops" Evolution

To understand why ResOps is emerging now, it's helpful to look back at its predecessors and peers:

1. DevOps: Breaking Down Walls (circa 2007-2009) DevOps was a revolutionary movement born from the friction between Development (Dev) and Operations (Ops) teams. Developers wanted to push features fast; Operations wanted stability. DevOps advocated for collaboration, automation, continuous integration, and continuous delivery (CI/CD) to bridge this gap. It transformed how we build and deploy software, making us faster and more agile.

2. SRE (Site Reliability Engineering): Engineering for Reliability Google's SRE model, while pre-dating the formal "DevOps" term, provides a disciplined, engineering-centric approach to operations. SRE applies software engineering principles to operations tasks, focusing on reliability, scalability, and efficiency often through automation, error budgets, and sophisticated monitoring. It’s "how Google does DevOps."

3. IT Operations (ITOps): Managing the Infrastructure ITOps is the traditional, fundamental practice of managing the underlying technology infrastructure and services that run the business. Its focus is on day-to-day excellence: system uptime, patch management, infrastructure provisioning, and service desk support. While crucial for daily stability, its core focus is internal management, not strategic survival against systemic risk.

4. Security Operations (SecOps): The Defensive Line SecOps, or Security Operations, is the practice of integrating security throughout the entire IT lifecycle, often in alignment with DevOps principles (DevSecOps). Its primary mission is defense, threat detection, and incident response (e.g., investigating alerts, managing firewalls, and patching vulnerabilities). SecOps focuses on keeping the bad actors out and mitigating intentional harm, but its scope is often limited to security incidents, not holistic business failure.

5. The Proliferation of X-Ops (2010s-Present) As technology stacks grew more complex and specialized domains emerged, so did new "Ops" cultures like DataOps (data management), MLOps (machine learning lifecycle), and FinOps (cloud financial management).

Each of these "Ops" cultures carved out a niche, optimizing specific workflows and fostering cross-functional collaboration within their respective domains. They helped us run faster, smarter, and more cost-effectively.

The Missing Piece: Why We Need Operational Resilience NOW

Despite all this operational sophistication, a critical vulnerability persists. DevOps helped us deploy faster; SRE helped us run reliably; ITOps manages the day-to-day; and SecOps fights the digital wars. But what happens when the unthinkable occurs—a crisis that is not just an IT outage, but a systemic disruption to the business’s ability to function?

When an entire cloud region goes down, a critical third-party vendor experiences a catastrophic failure, or a natural disaster cripples multiple physical sites, these specialized Ops teams often lack the mandate or framework to coordinate a full enterprise-wide response that maintains critical service delivery.

This is where Operational Resilience steps in, and why dedicated Resilience Operations (ResOps) teams are becoming essential.

Historically, our approach to disruptions has been largely reactive, relying on Business Continuity Planning (BCP) and Disaster Recovery (DR). These are crucial, but they often focus on restoring specific systems based on pre-defined, known risks.

Operational Resilience, and by extension ResOps, shifts the paradigm:

  1. Focus on Critical Services, Not Just Systems: Instead of just thinking about individual servers (ITOps) or fixing code fast (DevOps), ResOps focuses on the end-to-end delivery of critical business services to customers. What absolutely must stay up, and for how long?

  2. Impact Tolerance: It introduces the concept of "impact tolerance" – the maximum acceptable level of disruption for a critical service before severe harm occurs. This isn't about 99.999% uptime for every system, but ensuring critical functions continue within defined boundaries.

  3. "Severe but Plausible" Scenarios: ResOps doesn't just plan for likely outages; it actively tests against extreme, multi-faceted "severe but plausible" scenarios. What if you lose your primary data center and your key payment provider and 50% of your critical staff?

  4. Holistic View: ResOps considers people, processes, technology, and third parties as interconnected components of service delivery. A resilient organization isn't just about robust tech; it's about adaptable people, flexible processes, and diversified suppliers.

  5. Regulatory Push: Regulators across various industries (especially financial services) are increasingly demanding robust operational resilience frameworks, recognizing its systemic importance.

  6. Increased Volatility: The world is simply more unpredictable. Geopolitical instability, climate change impacts, increasingly sophisticated cyber threats, and complex global supply chains mean disruptions are not a matter of if, but when, and often how severe.

The Role of a ResOps Team

A dedicated ResOps team would operate as a strategic orchestrator above the individual Ops functions, with the specific mandate to protect the end-to-end delivery of the organization's most important services.

  • Identify and Map: Work with business and technology leaders to identify critical services and map all their underlying dependencies (leveraging data from ITOps and SecOps).

  • Define Tolerances: Establish and monitor the business's maximum acceptable impact tolerance for these services.

  • Scenario Design & Testing: Design and execute "severe but plausible" stress tests that go beyond traditional DR drills and span technology, people, and vendors.

  • Remediation & Improvement: Identify holistic vulnerabilities uncovered during testing and drive strategic remediation efforts across all operational silos.

  • Cross-Functional Orchestration: Act as the central command during an actual crisis, unifying the response efforts of ITOps (infrastructure recovery), SecOps (threat containment), and BCM (business continuity).

The time for reactive measures and siloed planning is over. We've optimized for speed, reliability, cost, and security. Now, we must optimize for uninterrupted service delivery in the face of chaos.

Operational Resilience is not just a regulatory checkbox; it's a strategic imperative for survival and sustained success in the 21st century. And with this imperative comes the undeniable need for specialized expertise, clear ownership, and dedicated focus—all the hallmarks of an emerging Resilience Operations (ResOps) team.

Comments

Post a Comment

Popular posts from this blog

I Took My Own Advice in an Interview. Pure Storage Didn't Flinch.

Image
I'm joining Pure Storage on March 2nd to be part of the technical marketing team, and I'm genuinely excited about it. During the interview process, I took my own advice from a blog post I wrote a few weeks ago and asked them the question that makes most candidates nervous: "What concerns do you have about me for this role?" They didn't flinch. They gave me real feedback. We had an actual conversation about fit, not just a polished interview performance. That's when I knew this was the right place. What Got Me Excited The conversations with Pure focused on enablement. Not campaigns. Not metrics. Enablement. How do we help the people in front of customers have better conversations? How do we give them what they actually need to succeed? Those questions resonated with me because I've done that work before. I know what it's like when you have the right materials at the right time. When customer stories are authentic and metrics are real. When enablem...
Read more

If I do the homework, you owe me a phone call. The death of decency in hiring.

Image
Honestly, I almost didn't post this. You know how it is. You don't want to look salty. You don't want to look difficult. It’s easier to just roll your eyes and move on to the next application. But I can’t be the only one dealing with this nonsense, so I’m saying it. Here’s the situation: I’m interviewing for a senior role. Things are going great. The hiring manager is cool, we’re clicking, the vision matches. Then comes the homework. And not a 30-minute writing sample. They asked for the full package: A 12-month strategic plan for Analyst Relations. How to position them for MQs, Waves, the works. I sat down and did the work. I audited their competitors. I built the roadmap. I gave them a strategy I would usually charge a consulting fee for. I sent it off, ready to talk shop. The result? Ghosted by the human, rejected by the robot. No feedback. No "hey, thanks for the effort." Just a generic, no-reply template email: “We have decided not to move forward.” Since w...
Read more

The One Question That Terrifies Candidates But Wins Offers - It's not "How's the Culture?"

Image
If I’ve been a little quiet on here lately, it’s not because I’m sipping coconuts on a beach. It’s because I’ve been in the trenches. I’ve been doing the rounds—interviewing with a bunch of different companies, shaking hands (or bumping elbows), and sitting in a lot of hot seats. And when you do that many interviews back-to-back, you start to see patterns. You see the same generic questions, the same awkward pauses, and the same moment where the power dynamic shifts. It happens when the interviewer closes their laptop, leans back, and asks: "So, do you have any questions for me?" Most people play it safe here. They ask about work-life balance or what a typical Tuesday looks like. Those are fine, but let’s be real: polite questions don't get you the job. If you really want to stand out—and more importantly, if you want to know if you actually got the gig, you need to stop being a passenger. You need to be bold. You need to ask the questions that make your palms sweat. Her...
Read more