Improving the Threat Monitoring Dashboard for IBM Security
Overview
As a UX Designer and User Researcher, I improved IBM Security's resolution times by 20% and enhanced Service Level Agreements (SLA) performance by 12% by leveraging primary user research to design an intuitive, action-rich dashboard for security analysts. I worked along with a UX lead and collaborated with developers, product owners, and executive-level stakeholders to design a user-centered experience that followed IBM's Enterprise Design Thinking principles.
Please note that the showcased design and research are in compliance with the confidentiality requirements of the project.
User Research | Observe
As part of the Observe process of EDT, I immersed myself in the world of the TM users, accounting for a variety of relevant personas. I interviewed six members from the TM team — two from India, two from Poland, and one each from the US and Costa Rica — and shadowed their day-to-day journey and followed their specific task workflows. All this was captured in a Mural.
Some of my key findings and pain points for the Manager on Duty persona include:
Shuffles between 9 applications to complete daily tasks
Changeover of shifts across geographies is manual and dependent on 1-on-1 calls
Multiple points of communication between local and global teams. Eyes on too many places.
Unable to efficiently filter relevant threats and manage analyst workloads
Forced to utilize a static non-actionable dashboard
Analysts always keeping tabs on various timezones. Repeated point of confusion.
The below images are confidentiality-compliant versions of the primary user research.
Hi-fi Dashboard Designs & Prototypes | Make
For the Make step of EDT, I crafted design solutions in line with the requirements and insights we'd uncovered during the Observe and Reflect processes. The designs were created with Sketch and InVision, all in sync with user validation and UX feedback sessions.
Some key highlights of the designs:
Intuitive, visually-pleasing UI for all relevant communication and threat management needs
Carbon Design System-compliant dashboard
Scalable, efficient use of color, space, and information-density
Immediately glanceable and actionable
Quality of Life features: Shortcuts to required tools, in-section filters, on-hover tooltip info, GMT and local time indicators
Please note that the below designs are confidentiality-compliant draft iterations of the dashboard designs.
Role
UX Designer • User Researcher
Deliverables
Personas • User Journeys • Insight mapping
• Wireframes • Hi-fi Prototype
Design Process | Observe, Reflect, Make
In order to ensure user-focused outcomes for this project, I closely adhered to IBM's Enterprise Design Thinking (EDT) principles. A key element of EDT is The Loop — a design thinking paradigm that focuses on user-centered outcomes through an iterative approach of Observing, Reflecting, and Making.
The Observe, Reflect, Make paradigm was followed at every step of research, design, and delivery. Furthermore, this design thinking paradigm forms the foundation of my personal philosophy of delivering robust, user-centered design and business solutions.
Requirements | Reflect
As part of the Reflect process of EDT, I worked with researchers, project managers, and technical architects to reflect on our findings, build a nuanced understanding of our user's experience, and develop a set of requirements to accomplish our user-centered business objectives. I was able to validate that a dynamic dashboard would be the ideal solution to the needs of our Threat Monitoring team. Requirements planning sessions were held to determine the specific requirements for both the MVP and future releases.
Some of our key requirements for the MVP dashboard included:
First-party single-pane-of-glass UI with real-time data and actionable tasks
Automated changeover for global shifts to minimize redundant and missed communication
Automated, unified threat prioritization
Investigation tools to enable analysts to drill down on threats
Customizable threat and analyst groups to enable efficient threat workload management
Project Brief
IBM Security provides world-class 24x7x365 threat monitoring (TM) services for their enterprise customers' cloud environments. In order to modernize our industry-leading cloud cybersecurity offerings, I was briefed to discover the current needs and end-to-end journey of our Threat Monitoring team and deliver an optimized user experience for the TM team in alignment with their user needs and to enable greater business outcomes for customers.
The TM team involved over a hundred security experts across the globe and their processes depended on third-party tools and a mostly ad-hoc set of decision trees. As such, some of the key questions I needed to have answered included:
What is their day-to-day journey? The most rewarding, redundant, and frustrating parts of it?
What tools do they use? Which do they enjoy, which do they dislike? Why?
What are the action and decision flows when analyzing security alerts?
What information do they need to make efficient security investigations?
What are their most severe issues? How is it dealt with and mitigated?
What, if any, smaller 'tricks' do individual contributors use to improve their own workflow?