Security Incident Management

Track, report, communicate, and resolve security incidents

project cover image
Role
research, strategy, UX, UI
Team
product manager, engineers, technical writer, QA, product marketing, human resources, legal, security analysts
Tools
Figma, Figjam, Aha!, Jira

Problem

Security analysts were not able to track and report on investigations. This resulted in them using other tools resulting in workflow inefficiencies and slow remediation times. Time is 💰💰 when data is stolen.

A diagram showing communicating the problem statement

Solution

The team developed a solution to track investigations with the ability to share their investigation findings and recommendations to human resources and legal.

Outcomes

  • Reduce time to incident resolution, saving the company money
  • Minimize or eliminate the reliance on other applications, making the product more valuable to security analysts
  • Import evidence from external tools for a wholistic view of an incident

Persona - Security Analyst

security analyst sitting at computer

Goals

  • Respond promptly to insider incidents
  • Resolve insider investigations quickly
  • Ensure that findings are accurate and well documented

Challenges

  • Too much information to sift through to find theimportant things
  • Breadth and complexity of security tools is hard to master
  • Limited resources — time, tools, staff
  • Communicating with multiple stakeholders efficiently

Research and customer conversations

The product manager and I had conversations with security analysts at various companies to improve our understanding of the problem. The research revealed a major gap in the workflow of the analyst and how our product wasn’t meeting their needs when performing investigations.

research output

When an analyst receives an alert, their journey looks like this.

Diagram of investigation stages

Research outcomes

Dive deeper and view some questions from my research plan
  • An in-depth understanding of how our customers work through security incidents
  • A research report that was shared with the CEO and other leaders which resulted in project funding
  • Stages of an investigation diagram to explain the user’s journey
  • Ideas for features which helped develop a user story map
  • Loose requirements that were used to design some initial concepts that we tested with customers

Team brainstorm, let's sketch!

Pulling the team together, I facilitated thoughtful discussions around the problem and shared the research that outlined key moment in the analysts workflow that our product was not fulfilling. The team was excited to sketch out ideas!

A photo of team sketches

User story mapping our way to clarity

Taking it a step further, the team mapped out an experience using user story mapping.

user story map

A small portion of the user story map

I led the team in multiple user story mapping sessions and love this activity because:

  1. It gets team members involved in the process
  2. It can be reviewed with customers and improved upon
  3. It can be used to drive the release plan and product roadmap

I reviewed and revised the story map with users and internal subject matter experts. Their feedback during this process was invaluable and helped evolve the vision and solution.

Early concpets and testing

I put together some designs and prototypes in Figma in order to collect feedback from the analysts. These concepts were informed by our research and used ideas from the team brainstorm and user story map.

Figma concept prototypes used to gather feedback from customers. These concepts used our legacy design system.

Outcomes

I tested a couple of different ideas. The one that resonated most with users and their mental model was an approach similar to help desk ticketing software and other security tools with incident reporting capabilities.

Refining scope

The user story map drove our requirements and backlog with a focus on delivering value to our customers as quickly as possible. These decisions were driven in part by the user story map and what was learned from concept testing.

project scope

Post release feedback

While in early access, the product manager and I met twice a month with customers to gather feedback. I organized the feedback into themes and we used this information to populate our product backlog.

user feedback

Designs

Here are some of the final designs which used our new design system.

final UI design
final UI design
final UI design
final UI design
final UI design
final UI design
final UI design

If you enjoyed this project, why not check out another!

Sales Team Field App

On-site digital selling experience for sales reps