Supporting customers with a workflow to act quickly during major security events

Provide fast and reliable answers about exposure during increasingly common and critical security event fire-drills

Role

Lead Product Designer

Industry

I collaborated with a 4 person development team, 2 product managers, and members of the data science team

Duration

Oct 2021 to Feb 2024

a cell phone on a bench
a cell phone on a bench
a cell phone on a bench

Log4j. Kasaya. Solarwinds.

If you’re familiar with cyber security or were affected by any of these major security events, these names likely ruined your work week. 

In 2021, our users were eager to get answers about their exposure to major security events like these from our Third Party Risk Management application.

The problem was, we didn’t have a dedicated workflow for navigating security events and instead only had a few really cumbersome, manual ways to try to determine who in their portfolio they needed to reach out to which all yielded different answers.

Goal

Formulated a redesign strategy that prioritizes a simplified user flow, enhanced data visualization for goal tracking, and new features to foster community engagement among users. Developed a detailed design roadmap, categorizing changes into short-term fixes and long-term enhancements, to guide the redesign efforts effectively.

Context

It’s the 2020s. Supply chains and vendor portfolios are long and wide, creating an extended attack surface that’s easier for bad actors to take advantage of. 

When major security events (incidents where a vulnerability in one or more systems is taken advantage of by a group of bad actors) happen, it sets off a chain reaction of PANIC as they try to determine: 

  • ‘What technology is related to the vulnerabilitity?’ 

  • ‘Who in my extended cyber ecosystem is using that technology?’

  • ‘Who do I reach out to?’

Outcomes

With the Vulnerability Detection feature set, Bitsight now enables customers to get the answers they need to complete their major security event processes.

  • Adoption and usage
    Used monthly by 40% of Bitsight's TPRM customers in 2025. 

  • Increased Revenue by 200k
    The second release, Vulnerability Response brought in 200k in 2023 when sold as a separate module. 

  • Reduction in support costs 

    In 2021 major security events like Log4j brought support a whopping 152 tickets. In 2025, that number is now reduced to a total of 3-5 per security event. 

  • Decreased time to support users by 1194 hours
    In 2021 it took Bitsight weeks to get data for Solarwinds in the app, and even then the data was unreliable, in 2025 it takes less than 6 hours to populate helpful data in the Vulnerability Detection workflow. This data is called ‘early detection’ data and helps users act quickly. 

  • Business positioning
    Vulnerability Detection helped reposition Bitsight from its foundational value in defining the security ratings industry to ‘More than a Rating’ as its first foray into the world of exposure and vulnerability management. 

Log4j. Kasaya. Solarwinds.

If you’re familiar with cyber security or were affected by any of these major security events, these names likely ruined your work week. 

In 2021, our users were eager to get answers about their exposure to major security events like these from our Third Party Risk Management application.

The problem was, we didn’t have a dedicated workflow for navigating security events and instead only had a few really cumbersome, manual ways to try to determine who in their portfolio they needed to reach out to which all yielded different answers.

Goal

Formulated a redesign strategy that prioritizes a simplified user flow, enhanced data visualization for goal tracking, and new features to foster community engagement among users. Developed a detailed design roadmap, categorizing changes into short-term fixes and long-term enhancements, to guide the redesign efforts effectively.

Context

It’s the 2020s. Supply chains and vendor portfolios are long and wide, creating an extended attack surface that’s easier for bad actors to take advantage of. 

When major security events (incidents where a vulnerability in one or more systems is taken advantage of by a group of bad actors) happen, it sets off a chain reaction of PANIC as they try to determine: 

  • ‘What technology is related to the vulnerabilitity?’ 

  • ‘Who in my extended cyber ecosystem is using that technology?’

  • ‘Who do I reach out to?’

Outcomes

With the Vulnerability Detection feature set, Bitsight now enables customers to get the answers they need to complete their major security event processes.

  • Adoption and usage
    Used monthly by 40% of Bitsight's TPRM customers in 2025. 

  • Increased Revenue by 200k
    The second release, Vulnerability Response brought in 200k in 2023 when sold as a separate module. 

  • Reduction in support costs 

    In 2021 major security events like Log4j brought support a whopping 152 tickets. In 2025, that number is now reduced to a total of 3-5 per security event. 

  • Decreased time to support users by 1194 hours
    In 2021 it took Bitsight weeks to get data for Solarwinds in the app, and even then the data was unreliable, in 2025 it takes less than 6 hours to populate helpful data in the Vulnerability Detection workflow. This data is called ‘early detection’ data and helps users act quickly. 

  • Business positioning
    Vulnerability Detection helped reposition Bitsight from its foundational value in defining the security ratings industry to ‘More than a Rating’ as its first foray into the world of exposure and vulnerability management. 

a cell phone on a bench
a cell phone on a bench
a cell phone on a bench
a cell phone on a ledge
a cell phone on a ledge
a cell phone on a ledge

Milestone 1: Vulnerability Detection

Initial Research

I interviewed several users that had just gone through the Solarwinds security event to understand their experience and where the highest points of friction were. 

I distilled our findings into a Security Event Journey map and prioritized our first release around the second step where users noted the most acute pain: Assess and Triage

Top findings: 

  • A confusing and limited vulnerability catalog,

  • Three different ways to get a list of vendors impacted that gave 3 different lists, 

  • clunky and custom filter sets having to be created for every vulnerability took us a long time to get the data in a scenario where time was of the essence. 

View the full report here 

We tested and refined a prototype of a future workflow with users.
Top findings:

Concept Testing

Scoping Sessions


Delivery



Milestone 2: Vulnerability Response

After the first milestone, we moved forward to deliver the second most important part of the workflow, the ability to send inquiries to companies that might be affected.
Usability Testing
New Component Creation with Development
Cross Business Unit Collaboration
Launch


Milestone 3: Vulnerability Groups

Customers are getting more proactive about their vulnerabiltiy management, often using groups like the CISA known vulnerability catalog

Milestone 4: Early Detection Data + Data Improvements

Collaborated closely with the development team to ensure a smooth transition from design to implementation. Provided ongoing support and guidance during the development phase, addressing any design-related challenges that arose. Played a key role in the app's successful relaunch, monitoring user feedback and engagement post-launch to inform future updates.


a cell phone leaning on a ledge
a cell phone leaning on a ledge
a cell phone leaning on a ledge
a black cellphone with a white letter on it
a black cellphone with a white letter on it
a black cellphone with a white letter on it
a cell phone on a table
a cell phone on a table
a cell phone on a table

Outcomes

The redesigned fitness tracker app received overwhelmingly positive feedback from users, who praised its improved usability, engaging design, and motivational features. The project was a significant learning opportunity, enhancing my understanding of user-centric design principles and the impact of design on user behavior and app retention.

Outcomes

The redesigned fitness tracker app received overwhelmingly positive feedback from users, who praised its improved usability, engaging design, and motivational features. The project was a significant learning opportunity, enhancing my understanding of user-centric design principles and the impact of design on user behavior and app retention.

Other projects

a cellphone leaning against a wall
a cellphone leaning against a wall
a cellphone leaning against a wall

Redesigning an insurance platform for specific cyber risk jobs

Taking Bitsight's Cyber Insurance offering from a reskinned third party risk management app to a platform designed for specific cyber insurance jobs.

Blythe Meyer

Work

Resume

About

Blythe Meyer

Work

Resume

About

Blythe Meyer

Work

Resume

About