Overview

Security Advisor

Turning fragmented cybersecurity management into a cohesive, guided experience

Case Study Security Advisor Hero Image

Role

Lead Product Designer

Team

  • 1 PX Researcher
  • 2 PX Designers
  • 1 Product Manager
  • 6 Developers (FE + BE)

Timeline

  • 4 months
  • Agile development & release plan

PROBLEM

With signals scattered across the product, admins missed critical risks and spent time on less impactful actions.

Mapping of dashboard disconnected data

Business

Disconnected capabilities weakened product clarity, slowed customer value, and directly threatened adoption, retention, and upsell.

Lack of understanding security state

Users had no simple way to understand their overall security state, leaving them unsure of their true risk or where to focus their attention.

Inefficient workflows

Admins spend more time navigating the product than resolving threats.

Ineffective decision making

Without context or visibility to what makes more impact, customers struggled to make decisions that returned the most effect.

SOLUTION to first user problem

Giving the full picture and confident awareness

I, along with my team, solved the user’s lack of understanding of their security state by transforming a CEO’s score concept request into a comprehensive posture and guidance system that makes security simple, visible, and actionable.

SOLUTION to second user problem

Less navigation and more action

I solved for inefficient workflows by categorizing the dispersed workflows of each primary functionality in the product into factors that surface in the scoring model being shown directly on the dashboard.

Research showed that in order for users to trust the score, every issue and recommendation needed to be clearly mapped to it. Without that connection, the score would appear ambiguous and lack credibility.

SOLUTION to third user problem

Designing for effectiveness by prioritizing severity and impact

I solved for ineffective decision-making by giving customers the context and visibility of severity and impact which was needed to understand which actions returned the most security score improvement.

Research validated that severity of the issue and impact to the score were priority for customers to trust and adopt the Security Advisor.

Because of this, I advocated severity as a variable to be factored into the scoring model and led with it as the default grouping of issues and recommendations.

OUTCOME

A centralized, easy-to-understand security dashboard that makes security posture obvious and action straightforward with guidance.

Biggest impacts

12%

Increase in Security Score within 6 months of launching

7%

Increase in deployment rates within 6 months of launching

Additional impact

Financial

  • Revenue expansion (Upsell + Cros-ssell)
    • Converted abstract risk into monetizable gaps
  • Retention & churn reduction
    • Shifted the perception of value from reactive protection to continuous protection.
  • Reduced Support costs
    • Providing guided recommendations resulted in fewer support tickets

Operational

  • Sales ops
    • Renewal risks become visible earlier and more reliably with objective posture drift, not subjective opinion.
    • Problem framing with prospects becomes consistent

Opportunity

  • Foundation for AI-driven security guidance
    • Advisor logic created the framework for AI explainability, potential forecasting, automated remediation and predictive risk monitoring.
  • Data & insights
    • Normalized posture data across environments enabling future benchmarking for internal use and customer recommendation use.

PROCESS DEPTH → Research

Research contribution

Competitor Analysis

Low Fidelity Flows

Higher Fidelity Flows

Stakeholder interviews

I met with executive and IT stakeholders to review the problem and gather their perspective.

Competitor analysis + Concept exploration flows

I explored competitors and other products with a similar scoring concept and ideated primary use cases for user and business.

Cybersecurity industry

  • Microsoft Defender (In production risk score)
  • Security Scorecard (One-time assessment score)

Related scoring concepts

  • FICO (Credit score)
  • Academics (Grade score)

PROCESS DEPTH → Research

Research contribution

User interview session image

User interviews + Concept validation

I built a low-fidelity prototype of the core flow and partnered with our researcher to run seven usability sessions, where I observed and captured key insights.

Result

The results of the concept testing confirmed that a Security Score paired with actionable recommendations was the right direction.

The challenge then became designing a scoring model robust enough to represent an IT admin’s entire environment, yet simple and intuitive enough to match their mental model, build trust, and drive action.

PROCESS DEPTH → Design

Scalable + intuitive designs for a complex algorithm

With concepts validated and stakeholders aligned we had now reached a level of clarity to begin designing each of the security advisor recommendation flows.

1 Environment score

Alongside our Product Manager and Engineering partners, I took an active role in defining the scoring framework itself not only the UI. I led workshops with internal stakeholders and IT SMEs to uncover expectations around what makes the scoring model effective.

8 Scoring factors

At-a-glance understanding of the security environment with more detail that connected the overall score to the individual issues and recommendations.

30+ Guided action flows

User flows that strengthened security posture.

PROCESS DEPTH → Scoping

Necessary compromises to achieve speed to market and MVP

I negotiated with PM, Dev and CEO to align on the acceptable timelines for GA.

With broad product impact and competing priorities, I partnered with the Product Manager to define a focused MVP by aligning scope with user value, business impact, and technical feasibility.

PROCESS DEPTH → Post Release

Track and Iterate

As our platform evolved, the test of my design framework’s scalability had passed as at least 3 new factors have been added to the experience since it’s release.

I continued to monitor metrics including overall average scoring, individual factor usage and adoption, task flow success and more.

I took an active role in collaborating with the Product team to continue scoping previously deferred experience into our roadmap so that we could deliver the full vision of the Security Advisor experience.

RECAP

Project impact

Biggest impacts

12%

Increase in Security Score within 6 months of launching

7%

Increase in deployment rates within 6 months of launching

Additional impact

Financial

  • Revenue expansion (Upsell + Cros-ssell)
    • Converted abstract risk into monetizable gaps
  • Retention & churn reduction
    • Shifted the perception of value from reactive protection to continuous protection.
  • Reduced Support costs
    • Providing guided recommendations resulted in fewer support tickets

Operational

  • Sales ops
    • Renewal risks become visible earlier and more reliably with objective posture drift, not subjective opinion.
    • Problem framing with prospects becomes consistent

Opportunity

  • Foundation for AI-driven security guidance
    • Advisor logic created the framework for AI explainability, potential forecasting, automated remediation and predictive risk monitoring.
  • Data & insights
    • Normalized posture data across environments enabling future benchmarking for internal use and customer recommendation use.

Overview

Security Advisor

Turning fragmented cybersecurity management into a cohesive, guided experience

Case Study Security Advisor Hero Image

Role

Lead Product Designer

Team

  • 1 PX Researcher
  • 2 PX Designers
  • 1 Product Manager
  • 6 Developers (FE + BE)

Timeline

  • 4 months
  • Agile development & release plan

PROBLEM

With signals scattered across the product, admins missed critical risks and spent time on less impactful actions.

Mapping of dashboard disconnected data

Business

Disconnected capabilities weakened product clarity, slowed customer value, and directly threatened adoption, retention, and upsell.

Lack of understanding security state

Users had no simple way to understand their overall security state, leaving them unsure of their true risk or where to focus their attention.

Inefficient workflows

Admins spend more time navigating the product than resolving threats.

Ineffective decision making

Without context or visibility to what makes more impact, customers struggled to make decisions that returned the most effect.

SOLUTION to first user problem

Giving the full picture and confident awareness

I, along with my team, solved the user’s lack of understanding of their security state by transforming a CEO’s score concept request into a comprehensive posture and guidance system that makes security simple, visible, and actionable.

SOLUTION to second user problem

Less navigation and more action

I solved for inefficient workflows by categorizing the dispersed workflows of each primary functionality in the product into factors that surface in the scoring model being shown directly on the dashboard.

Research showed that in order for users to trust the score, every issue and recommendation needed to be clearly mapped to it. Without that connection, the score would appear ambiguous and lack credibility.

Security Advisor Case Study Optimize Policy Image

SOLUTION to third user problem

Designing for effectiveness by prioritizing severity and impact

I solved for ineffective decision-making by giving customers the context and visibility of severity and impact which was needed to understand which actions returned the most security score improvement.

Research validated that severity of the issue and impact to the score were priority for customers to trust and adopt the Security Advisor.

Because of this, I advocated severity as a variable to be factored into the scoring model and led with it as the default grouping of issues and recommendations.

Issues and Recommendations by severity
Impacted security posture dialog confirmation image

OUTCOME

A centralized, easy-to-understand security dashboard that makes security posture obvious and action straightforward with guidance.

Biggest impacts

12%

Increase in Security Score within 6 months of launching

7%

Increase in deployment rates within 6 months of launching

Additional impact

Financial

  • Revenue expansion (Upsell + Cros-ssell)
    • Converted abstract risk into monetizable gaps
  • Retention & churn reduction
    • Shifted the perception of value from reactive protection to continuous protection.
  • Reduced Support costs
    • Providing guided recommendations resulted in fewer support tickets

Operational

  • Sales ops
    • Renewal risks become visible earlier and more reliably with objective posture drift, not subjective opinion.
    • Problem framing with prospects becomes consistent

Opportunity

  • Foundation for AI-driven security guidance
    • Advisor logic created the framework for AI explainability, potential forecasting, automated remediation and predictive risk monitoring.
  • Data & insights
    • Normalized posture data across environments enabling future benchmarking for internal use and customer recommendation use.

PROCESS DEPTH → Research

Research contribution

Stakeholder interviews

I met with executive and IT stakeholders to review the problem and gather their perspective.

Competitor analysis + Concept exploration flows

I explored competitors and other products with a similar scoring concept and ideated primary use cases for user and business.

Cybersecurity industry

  • Microsoft Defender (In production risk score)
  • Security Scorecard (One-time assessment score)

Related scoring concepts

  • FICO (Credit score)
  • Academics (Grade score)

Competitor Analysis

Competitor analysis whiteboard mapping

Low Fidelity Flows

Higher Fidelity Flows

PROCESS DEPTH → Research

Research contribution

User interviews + Concept validation

I built a low-fidelity prototype of the core flow and partnered with our researcher to run seven usability sessions, where I observed and captured key insights.

Result

The results of the concept testing confirmed that a Security Score paired with actionable recommendations was the right direction.

The challenge then became designing a scoring model robust enough to represent an IT admin’s entire environment, yet simple and intuitive enough to match their mental model, build trust, and drive action.

User interview session image

PROCESS DEPTH → Design

Scalable + intuitive designs for a complex algorithm

With concepts validated and stakeholders aligned we had now reached a level of clarity to begin designing each of the security advisor recommendation flows.

1 Environment score

Alongside our Product Manager and Engineering partners, I took an active role in defining the scoring framework itself not only the UI. I led workshops with internal stakeholders and IT SMEs to uncover expectations around what makes the scoring model effective.

8 Scoring factors

At-a-glance understanding of the security environment with more detail that connected the overall score to the individual issues and recommendations.

30+ Guided action flows

User flows that strengthened security posture.

PROCESS DEPTH → Scoping

Necessary compromises to achieve speed to market and MVP

With broad product impact and competing priorities, I partnered with the Product Manager to define a focused MVP by aligning scope with user value, business impact, and technical feasibility.

I negotiated with PM, Dev and CEO to align on the acceptable timelines for GA.

PROCESS DEPTH → Post Release

Track and Iterate

As our platform evolved, the test of my design framework’s scalability had passed as at least 3 new factors have been added to the experience since it’s release.

I continued to monitor metrics including overall average scoring, individual factor usage and adoption, task flow success and more.

I took an active role in collaborating with the Product team to continue scoping previously deferred experience into our roadmap so that we could deliver the full vision of the Security Advisor experience.

Metrics dashboard image 2

RECAP

Project impact

Biggest impacts

12%

Increase in Security Score within 6 months of launching

7%

Increase in deployment rates within 6 months of launching

Additional impact

Financial

  • Revenue expansion (Upsell + Cros-ssell)
    • Converted abstract risk into monetizable gaps
  • Retention & churn reduction
    • Shifted the perception of value from reactive protection to continuous protection.
  • Reduced Support costs
    • Providing guided recommendations resulted in fewer support tickets

Operational

  • Sales ops
    • Renewal risks become visible earlier and more reliably with objective posture drift, not subjective opinion.
    • Problem framing with prospects becomes consistent

Opportunity

  • Foundation for AI-driven security guidance
    • Advisor logic created the framework for AI explainability, potential forecasting, automated remediation and predictive risk monitoring.
  • Data & insights
    • Normalized posture data across environments enabling future benchmarking for internal use and customer recommendation use.

Overview

Security Advisor

Turning fragmented cybersecurity management into a cohesive, guided experience

Case Study Security Advisor Hero Image

Role

Lead Product Designer

Team

  • 1 PX Researcher
  • 2 PX Designers
  • 1 Product Manager
  • 6 Developers (FE + BE)

Timeline

  • 4 months
  • Agile development & release plan

PROBLEM

With signals scattered across the product, admins missed critical risks and spent time on less impactful actions.

Mapping of dashboard disconnected data

Business

Disconnected capabilities weakened product clarity, slowed customer value, and directly threatened adoption, retention, and upsell.

Lack of understanding security state

Users had no simple way to understand their overall security state, leaving them unsure of their true risk or where to focus their attention.

Inefficient workflows

Admins spend more time navigating the product than resolving threats.

Ineffective decision making

Without context or visibility to what makes more impact, customers struggled to make decisions that returned the most effect.

SOLUTION to first user problem

Giving the full picture and confident awareness

I, along with my team, solved the user’s lack of understanding of their security state by transforming a CEO’s score concept request into a comprehensive posture and guidance system that makes security simple, visible, and actionable.

SOLUTION to second user problem

Less navigation and more action

I solved for inefficient workflows by categorizing the dispersed workflows of each primary functionality in the product into factors that surface in the scoring model being shown directly on the dashboard.

Research showed that in order for users to trust the score, every issue and recommendation needed to be clearly mapped to it. Without that connection, the score would appear ambiguous and lack credibility.

Security Advisor Case Study Optimize Policy Image

SOLUTION to third user problem

Designing for effectiveness by prioritizing severity and impact

I solved for ineffective decision-making by giving customers the context and visibility of severity and impact which was needed to understand which actions returned the most security score improvement.

Research validated that severity of the issue and impact to the score were priority for customers to trust and adopt the Security Advisor.

Because of this, I advocated severity as a variable to be factored into the scoring model and led with it as the default grouping of issues and recommendations.

Issues and Recommendations by severity
Impacted security poster confirmation dialog image

OUTCOME

A centralized, easy-to-understand security dashboard that makes security posture obvious and action straightforward with guidance.

Biggest impacts

12%

Increase in Security Score within 6 months of launching

7%

Increase in deployment rates within 6 months of launching

Additional impact

Financial

  • Revenue expansion (Upsell + Cros-ssell)
    • Converted abstract risk into monetizable gaps
  • Retention & churn reduction
    • Shifted the perception of value from reactive protection to continuous protection.
  • Reduced Support costs
    • Providing guided recommendations resulted in fewer support tickets

Operational

  • Sales ops
    • Renewal risks become visible earlier and more reliably with objective posture drift, not subjective opinion.
    • Problem framing with prospects becomes consistent

Opportunity

  • Foundation for AI-driven security guidance
    • Advisor logic created the framework for AI explainability, potential forecasting, automated remediation and predictive risk monitoring.
  • Data & insights
    • Normalized posture data across environments enabling future benchmarking for internal use and customer recommendation use.

PROCESS DEPTH → Research

Research contribution

Stakeholder interviews

I met with executive and IT stakeholders to review the problem and gather their perspective.

Competitor analysis + Concept exploration flows

I explored competitors and other products with a similar scoring concept and ideated primary use cases for user and business.

Cybersecurity industry

  • Microsoft Defender (In production risk score)
  • Security Scorecard (One-time assessment score)

Related scoring concepts

  • FICO (Credit score)
  • Academics (Grade score)

Competitor Analysis

Competitor analysis whiteboard mapping

Low Fidelity Flows

Higher Fidelity Flows

PROCESS DEPTH → Research

Research contribution

User interviews + Concept validation

I built a low-fidelity prototype of the core flow and partnered with our researcher to run seven usability sessions, where I observed and captured key insights.

Result

The results of the concept testing confirmed that a Security Score paired with actionable recommendations was the right direction.

The challenge then became designing a scoring model robust enough to represent an IT admin’s entire environment, yet simple and intuitive enough to match their mental model, build trust, and drive action.

User Interview session image

PROCESS DEPTH → Design

Scalable + intuitive designs for a complex algorithm

With concepts validated and stakeholders aligned we had now reached a level of clarity to begin designing each of the security advisor recommendation flows.

1 Environment score

Alongside our Product Manager and Engineering partners, I took an active role in defining the scoring framework itself not only the UI. I led workshops with internal stakeholders and IT SMEs to uncover expectations around what makes the scoring model effective.

8 Scoring factors

At-a-glance understanding of the security environment with more detail that connected the overall score to the individual issues and recommendations.

30+ Guided action flows

User flows that strengthened security posture.

PROCESS DEPTH → Scoping

Necessary compromises to achieve speed to market and MVP

With broad product impact and competing priorities, I partnered with the Product Manager to define a focused MVP by aligning scope with user value, business impact, and technical feasibility.

I negotiated with PM, Dev and CEO to align on the acceptable timelines for GA.

Scope timeline image

PROCESS DEPTH → Post Release

Track and Iterate

As our platform evolved, the test of my design framework’s scalability had passed as at least 3 new factors have been added to the experience since it’s release.

I continued to monitor metrics including overall average scoring, individual factor usage and adoption, task flow success and more.

I took an active role in collaborating with the Product team to continue scoping previously deferred experience into our roadmap so that we could deliver the full vision of the Security Advisor experience.

Metrics dashboard image
Metrics dashboard image 2

RECAP

Project impact

Biggest impacts

12%

Increase in Security Score within 6 months of launching

7%

Increase in deployment rates within 6 months of launching

Additional impact

Financial

  • Revenue expansion (Upsell + Cros-ssell)
    • Converted abstract risk into monetizable gaps
  • Retention & churn reduction
    • Shifted the perception of value from reactive protection to continuous protection.
  • Reduced Support costs
    • Providing guided recommendations resulted in fewer support tickets

Operational

  • Sales ops
    • Renewal risks become visible earlier and more reliably with objective posture drift, not subjective opinion.
    • Problem framing with prospects becomes consistent

Opportunity

  • Foundation for AI-driven security guidance
    • Advisor logic created the framework for AI explainability, potential forecasting, automated remediation and predictive risk monitoring.
  • Data & insights
    • Normalized posture data across environments enabling future benchmarking for internal use and customer recommendation use.