One can receive updates to binary packages for the current -stable release from M:Tier[0] . They also host binpatches for security vulnerabilities in base which can either be installed manually via pkg_add or automatically with their openup[1] tool.
Running -stable is fairly simple. If you don't want to rebuild on your DigitalOcean VPS, cut a new release after an update locally, and then apply it on your VPS. See http://www.openbsd.org/faq/faq5.html#Release. This should be fairly simple to automate (and you could even write a script that only packages up changed files if you were so inclined).
If you cannot run stable, then I'm pretty sure you should let others do your system administration for you. Stable is very easy to follow with simple instructions: http://www.openbsd.org/stable.html
Stable will cleanly build though, where running current snapshots you could come across something temporarily broken or have to debug a tough build if doing it from source. FWIW I just built 5.7 stable and the whole process took an hour and a half for kernel + userland + xenocara with no build issues. Often for stable security patches you just have to rebuild the kernel which is 15 mins work on my older AMD server.
And using -stable (release + patches) is a hassle of manually applying patches and re-compiling - no binary updates are available.
If running snapshots is not for amateurs, neither is running stable.