Stackrox: keeping open source open in lockdown

This is a guest post for Computer Weekly Open Source Insider written by Vibhav Sreekanti, VP Engineering at Stackrox — a company known for its Kubernetes-native security capabilities, which it now brings to Red Hat OpenShift since the company became part of the Red Hat family in Jan 2021.

Setting the scenes, Sreekanti reminds us that 2020 was a year of disruption, growth, execution and transformation for the StackRox engineering team. 

The company added a dozen engineers in the U.S. and Europe, released seventeen major versions of its product, launched KubeLinter, its first open source project, plus of course finally, the company acquired by Red Hat in early 2021. 

So how did Sreekanti and team do this? He writes as follows to explain…

With COVID-19, there were new challenges to face and moving to a fully-distributed workplace required a significant team effort. To do this well, we needed excellent collaboration tools to improve some of our work processes and we needed to adapt our interactions to maintain team cohesion.

Like many other teams, StackRox has relied heavily on the “usual suspects” to collaborate: applications like Slack, Zoom, GitHub, Confluence and Jira are widely used across the engineering team and the broader company. We have continued recruiting and building our engineering team throughout 2020, expanding by over 60%. And our virtual interview process is now conducted over Zoom and CoderPad for programming interviews and AWW App for system design interviews.

How we work

Our team is scattered around the World. While StackRox is headquartered in Mountain View, California, we are recruiting and building teams in Charlotte, North Carolina and Bochum, Germany. The pandemic has forced us to “step up our game” and improve our distributed engineering team processes. We can no longer assume our teammates are in the same office or even the same time zone. As a result, we have made a conscious effort to schedule fewer meetings and instead encourage more written material such as design documents, meeting notes, or root cause analyses.

Sreekanti: Operational efficiency isn’t the only metric.

We moved from short-lived sprint squads to long-running agile teams. Each team has a well-defined responsibility and product ownership area and is led by a tech lead manager. We separated the UI, automation, collection and data shepherding functionality into separate teams and adapted quickly as a result. Each team’s specificity enabled a decentralized and asynchronous decision-making approach, one where the input was trusted and valued.

How we build

Operational efficiency isn’t the only metric we had to monitor. We wanted to address the challenges that came along with a stressful year. We’ve found it helpful to bring the team together for extra occasions like monthly engineering-wide town halls and bi-weekly ‘brown bag’ talks for knowledge transfers. The knowledge transfer sessions were considered so beneficial that we organized our first-ever internal hackathon in early February. 

The hackathon was intended to give the team a few days away from all the external  emails and slack pings and shift the focus to enhancing existing KubeLinter capabilities. We addressed some of the community’s most critical requests and gave our engineers the freedom to engage with projects they found useful. We took a multi-day approach to the hackathon with a brainstorming session, followed by the execution (with teammates) and then presented the final product to their peers.

Hackathons come with good, bad and sometimes comical results. We focused on communicating learned lessons and creating discussions about future problems to be solved. Our successes were celebrated, captured and expanded upon, possibly turning into the next widely used open-source tool. One of the exciting subprojects of the hackathon was a fork of the CanIUse project but for Kubernetes objects.

How we interact outside of work

Replacing the in-person, often serendipitous, interaction between team members has been the most challenging part of the pandemic. We’ve tried to recreate that with creative excuses to bring people together, often over Zoom. 

We explicitly schedule welcome lunches for new employees with five or six other teammates, hoping to mimic the engaging lunch table discussions we usually have in our office. Donut meetings allow us to bring people together from different parts of the company who may not interact otherwise and we’ve made time to have fun with our co-workers by scheduling game hours. We’ve played countless hours of Codenames and we’ve quickly figured out who are the best Spymasters on the team!

While these changes in how we work were a response to the pandemic, we’ve found that many of them are genuine improvements that we expect to continue indefinitely. We know how to work as a distributed, remote team and expand our amazing talent pool by bringing in team members from other regions. We are more accommodating with flexible schedules that help juggle life and family commitments. We expect these commitments will help us continue to grow and scale our engineering team for the foreseeable future.


Data Center
Data Management