Supporting customers with the right data during major security events
Balancing customer needs in high-stakes moments: designing a solution to provide as much data, as accurate, as fast as possible.
Supporting customers with the right data during major security events
Balancing customer needs in high-stakes moments: designing a solution to provide as much data, as accurate, as fast as possible.
Role
Lead Product Designer
Project Collaborators
1 Product Manager 4 Developers Data Science Team
Timeline
Oct 2021 to Feb 2024 4 major milestone releases
Role
Lead Product Designer
Project Collaborators
1 Product Manager 4 Developers Data Science Team
Timeline
Oct 2021 to Feb 2024 4 major milestone releases
Role
Lead Product Designer
Project Collaborators
1 Product Manager 4 Developers Data Science Team
Timeline
Oct 2021 to Feb 2024 4 major milestone releases
Role
Lead Product Designer
Project Collaborators
1 Product Manager 4 Developers Data Science Team
Timeline
Oct 2021 to Feb 2024 4 major milestone releases
Overview
It’s the 2020s- cyber attack surfaces are vast and vulnerable, and every time a zero-day vulnerability emerges, it sends people into a frenzy. Our users turned to Bitsight for help, but couldn’t easily find answers.
Overview
It’s the 2020s- cyber attack surfaces are vast and vulnerable, and every time a zero-day vulnerability emerges, it sends people into a frenzy. Our users turned to Bitsight for help, but couldn’t easily find answers.
Overview
It’s the 2020s- cyber attack surfaces are vast and vulnerable, and every time a zero-day vulnerability emerges, it sends people into a frenzy. Our users turned to Bitsight for help, but couldn’t easily find answers.
Problem
Bightsight lacked an experience assisting users in resolving zero-day critical vulnerabilities. Without this, our customers suffered during the most high stakes moments in cyber risk.
Problem
Bightsight lacked an experience assisting users in resolving zero-day critical vulnerabilities. Without this, our customers suffered during the most high stakes moments in cyber risk.
Problem
Bightsight lacked an experience assisting users in resolving zero-day critical vulnerabilities. Without this, our customers suffered during the most high stakes moments in cyber risk.
Solution
Over four years, we created a complete end-to-end workflow to support zero-day events quickly and accurately, enabling our largest customers to have a fast and accurate security response process.
Solution
Over four years, we created a complete end-to-end workflow to support zero-day events quickly and accurately, enabling our largest customers to have a fast and accurate security response process.
Solution
Over four years, we created a complete end-to-end workflow to support zero-day events quickly and accurately, enabling our largest customers to have a fast and accurate security response process.
Outcomes
Overall
Launched Bitsight into threat detection/EASM space
Started Bitsight’s transition from its foundational value in defining the security ratings industry into a faster expanding market space.
Launched Bitsight into threat detection/EASM space
Started Bitsight’s transition from its foundational value in defining the security ratings industry into a faster expanding market space.
Launched Bitsight into threat detection/EASM space
Started Bitsight’s transition from its foundational value in defining the security ratings industry into a faster expanding market space.
Unique competitive differentiation
Differentiated Bitsight’s offerings in the market by pairing vendor management capaibilities like questionnaires with Bitsight’s cyber security monitoring data.
Unique competitive differentiation
Differentiated Bitsight’s offerings in the market by pairing vendor management capaibilities like questionnaires with Bitsight’s cyber security monitoring data.
Unique competitive differentiation
Differentiated Bitsight’s offerings in the market by pairing vendor management capaibilities like questionnaires with Bitsight’s cyber security monitoring data.
Milestone 1
Consistently used by 40% of users
Received high satisfaction from users during zero-day events and has been consistently used for 3 years.
Consistently used by 40% of users
Received high satisfaction from users during zero-day events and has been consistently used for 3 years.
Consistently used by 40% of users
Received high satisfaction from users during zero-day events and has been consistently used for 3 years.
Increased win rates
Customer win rates increased in tandem with Bitsight’s new ability to help customers during increasingly common vulnerability fire-drills.
Increased win rates
Customer win rates increased in tandem with Bitsight’s new ability to help customers during increasingly common vulnerability fire-drills.
Increased win rates
Customer win rates increased in tandem with Bitsight’s new ability to help customers during increasingly common vulnerability fire-drills.
Milestone 2
$200k direct revenue increase
The add-on brought in 200k in revenue with additional revenue increases from contract wins influenced by functionality available in Vulnerability Response
$200k direct revenue increase
The add-on brought in 200k in revenue with additional revenue increases from contract wins influenced by functionality available in Vulnerability Response
$200k direct revenue increase
The add-on brought in 200k in revenue with additional revenue increases from contract wins influenced by functionality available in Vulnerability Response
Eliminated largest time-intensive task
The largest time consumer in the exposure journey was sending and tracking vendor inquiry emails one by one in spreadsheets, a process completely eliminated by Vulnerability Responses bulk questionnaire tracker.
Eliminated largest time-intensive task
The largest time consumer in the exposure journey was sending and tracking vendor inquiry emails one by one in spreadsheets, a process completely eliminated by Vulnerability Responses bulk questionnaire tracker.
Eliminated largest time-intensive task
The largest time consumer in the exposure journey was sending and tracking vendor inquiry emails one by one in spreadsheets, a process completely eliminated by Vulnerability Responses bulk questionnaire tracker.
Milestone 3
97% Reduction in support cost
In 2021 major security events like Log4j brought support a whopping 152 tickets. In 2025, that number is now reduced to a total of 3-5 per security event.
97% Reduction in support cost
In 2021 major security events like Log4j brought support a whopping 152 tickets. In 2025, that number is now reduced to a total of 3-5 per security event.
97% Reduction in support cost
In 2021 major security events like Log4j brought support a whopping 152 tickets. In 2025, that number is now reduced to a total of 3-5 per security event.
Decreased wait time from weeks to hours
In 2021 it took Bitsight weeks to get data for MSEs in the app, and even then the data was unreliable. In 2025 it takes less than 6 hours to populate helpful data in app.
Decreased wait time from weeks to hours
In 2021 it took Bitsight weeks to get data for MSEs in the app, and even then the data was unreliable. In 2025 it takes less than 6 hours to populate helpful data in app.
Decreased wait time from weeks to hours
In 2021 it took Bitsight weeks to get data for MSEs in the app, and even then the data was unreliable. In 2025 it takes less than 6 hours to populate helpful data in app.
Milestone 1: Initial new feature development
We researched the user journey and delivered on the highest friction part: “Who in my ecosystem is impacted?”
Milestone 1: Initial new feature development
We researched the user journey and delivered on the highest friction part: “Who in my ecosystem is impacted?”
Milestone 1: Initial new feature development
We researched the user journey and delivered on the highest friction part: “Who in my ecosystem is impacted?”
Milestone 1: Initial new feature development
We researched the user journey and delivered on the highest friction part: “Who in my ecosystem is impacted?”
'"Here we go again. What software is it this time?"
-Former CISO
'"Here we go again. What software is it this time?"
-Former CISO
'"Here we go again. What software is it this time?"
-Former CISO
'"Here we go again. What software is it this time?"
-Former CISO
Triage
Definitive view of impact to my company
Finding the highest friction part of the user journey
I ran interviews with several risk managers that had recently tried to use Bitsight in times of major security events.
From these interviews, I determined the general user workflow, and what the highest friction part was: The triage stage where users are trying to determine the impact to their company.
Finding the highest friction part of the user journey
I ran interviews with several risk managers that had recently tried to use Bitsight in times of major security events.
From these interviews, I determined the general user workflow, and what the highest friction part was: The triage stage where users are trying to determine the impact to their company.
Finding the highest friction part of the user journey
I ran interviews with several risk managers that had recently tried to use Bitsight in times of major security events.
From these interviews, I determined the general user workflow, and what the highest friction part was: The triage stage where users are trying to determine the impact to their company.
The overall user workflow that came out of interviews.
Results of asking users to vote on the highest friction part of the journey highlighted the Assess/Triage stage for our first release.
Collaborating with engineering and data science on how to communicate exposure evidence to users
The main part of supporting users in determining who in their portfolio is exposed to major security events was providing understandable evidence of exposure to the user. In order to do this, we needed to envision a data design strategy.
I facilitated discussion with members of different R&D disciplines to determine:
Data types and terminology
Data presentation over time
Data rules and presentation to users
Collaborating with engineering and data science on how to communicate exposure evidence to users
The main part of supporting users in determining who in their portfolio is exposed to major security events was providing understandable evidence of exposure to the user. In order to do this, we needed to envision a data design strategy.
I facilitated discussion with members of different R&D disciplines to determine:
Data types and terminology
Data presentation over time
Data rules and presentation to users
Collaborating with engineering and data science on how to communicate exposure evidence to users
The main part of supporting users in determining who in their portfolio is exposed to major security events was providing understandable evidence of exposure to the user. In order to do this, we needed to envision a data design strategy.
I facilitated discussion with members of different R&D disciplines to determine:
Data types and terminology
Data presentation over time
Data rules and presentation to users
This data flow chart communicated my proposal for how the data would power the evidence cards in the UI and helped me collaborate with engineering.
Brainstorming and resulting terminology glossary from sessions I facilitated with Product Management, Design Strategy and Data Science.
Charts I created to aid discussions with development on how data would flow into and fall off charts and tables in the UI.
Charts I created to aid discussions with development on how data would flow into and fall off charts and tables in the UI..
Finding the highest friction part of the user journey
I ran interviews with several risk managers that had recently tried to use Bitsight in times of major security events. From these interviews, I determined the general user workflow, and what the highest friction part was: The triage stage where users are trying to determine the impact to their company.
Finding the highest friction part of the user journey
I ran interviews with several risk managers that had recently tried to use Bitsight in times of major security events. From these interviews, I determined the general user workflow, and what the highest friction part was: The triage stage where users are trying to determine the impact to their company.
The user workflow that came out of interviews. 'Understand impact to portfolio' was the highest impact step to focus on for the first release.
Prototype testing to find highest value features
I prototyped and tested a large vision for supporting the user needs in the Triage stage, and had users go through a prioritization exercise to help me understand feature value.
Top takeaways:
In addition to seeing point-in-time exposure, users also needed to understand who had ever been exposed at some point in the past.
The very technologically expensive Threat Event Timeline concept ranked as medium importance in the prioritization exercise- not high enough warrant investment.
Determining what companies are exposed to what threats is the most important part of the journey, but having some kind of download is also crucial.
Prototype testing to find highest value features
I prototyped and tested a large vision for supporting the user needs in the Triage stage, and had users go through a prioritization exercise to help me understand feature value.
Top takeaways:
In addition to seeing point-in-time exposure, users also needed to understand who had ever been exposed at some point in the past.
The very technologically expensive Threat Event Timeline concept ranked as medium importance in the prioritization exercise- not high enough warrant investment.
Determining what companies are exposed to what threats is the most important part of the journey, but having some kind of download is also crucial.
Prototype testing to find highest value features
I prototyped and tested a large vision for supporting the user needs in the Triage stage, and had users go through a prioritization exercise to help me understand feature value.
Top takeaways:
In addition to seeing point-in-time exposure, users also needed to understand who had ever been exposed at some point in the past.
The very technologically expensive Threat Event Timeline concept ranked as medium importance in the prioritization exercise- not high enough warrant investment.
Determining what companies are exposed to what threats is the most important part of the journey, but having some kind of download is also crucial.
Prototype testing to find highest value features
I prototyped and tested a large vision for supporting the user needs in the Triage stage, and had users go through a prioritization exercise to help me understand feature value.
Top takeaways:
In addition to seeing point-in-time exposure, users also needed to understand who had ever been exposed at some point in the past.
The very technologically expensive Threat Event Timeline concept ranked as medium importance in the prioritization exercise- not high enough warrant investment.
Determining what companies are exposed to what threats is the most important part of the journey, but having some kind of download is also crucial.
Collaborating with engineering and data science on how to communicate exposure evidence to users
A large part of supporting the vulnerability exposure workflow was determining the rules for how and what evidence is shown to users. This data flow chart communicated my proposal for how the data would power the evidence cards in the UI and helped me collaborate with engineering.
Collaborating with engineering and data science on how to communicate exposure evidence to users
A large part of supporting the vulnerability exposure workflow was determining the rules for how and what evidence is shown to users. This data flow chart communicated my proposal for how the data would power the evidence cards in the UI and helped me collaborate with engineering.
The experience of Risk Managers that came out of interviews.
The user scenario and prototype used for testing.
One page summary of the usability testing outcomes.
Results from the prioritization exercise.
Scoping with engineering and product to agree on MVP release
I introduced our engineering team and product manager to story mapping exercises. It allowed us to have a great group conversation evaluating user desirability with engineering feasibility to deprioritize features that were too expensive for their level of user desirability.
Scoping with engineering and product to agree on MVP release
I introduced our engineering team and product manager to story mapping exercises. It allowed us to have a great group conversation evaluating user desirability with engineering feasibility to deprioritize features that were too expensive for their level of user desirability.
Scoping with engineering and product to agree on MVP release
I introduced our engineering team and product manager to story mapping exercises. It allowed us to have a great group conversation evaluating user desirability with engineering feasibility to deprioritize features that were too expensive for their level of user desirability.
The story map that came out of our work session. Items are ordered in terms of low investment to high investment with greyed items being cut from scope.
Release experience transformation
Clear understanding of impact to my vendor portfolio
From three inconsistent and painfully manual ways to determine who in your portfolio is exposed to a vulnerability to a one-click, single source of truth.
Lists of vendors who are currently and previously exposed
Users struggling to understand the whole picture of when vendors became exposed and mitigated to specific dates of exposure and mitigation.
Evidence to support vendor outreach
No way to 'prove' exposure in communication to vendors to easily downloadable and sharable evidence sheets to speed up vendor engagement.
Release experience transformation
Clear understanding of impact to my vendor portfolio
From three inconsistent and painfully manual ways to determine who in your portfolio is exposed to a vulnerability to a one-click, single source of truth.
Lists of vendors who are currently and previously exposed
Users struggling to understand the whole picture of when vendors became exposed and mitigated to specific dates of exposure and mitigation.
Evidence to support vendor outreach
No way to 'prove' exposure in communication to vendors to easily downloadable and sharable evidence sheets to speed up vendor engagement.
Release experience transformation
Clear understanding of impact to my vendor portfolio
From three inconsistent and painfully manual ways to determine who in your portfolio is exposed to a vulnerability to a one-click, single source of truth.
Lists of vendors who are currently and previously exposed
Users struggling to understand the whole picture of when vendors became exposed and mitigated to specific dates of exposure and mitigation.
Evidence to support vendor outreach
No way to 'prove' exposure in communication to vendors to easily downloadable and sharable evidence sheets to speed up vendor engagement.
Release experience transformation
Clear understanding of impact to my vendor portfolio
From three inconsistent and painfully manual ways to determine who in your portfolio is exposed to a vulnerability to a one-click, single source of truth.
Lists of vendors who are currently and previously exposed
Users struggling to understand the whole picture of when vendors became exposed and mitigated to specific dates of exposure and mitigation.
Evidence to support vendor outreach
No way to 'prove' exposure in communication to vendors to easily downloadable and sharable evidence sheets to speed up vendor engagement.
The closest thing Bitsight had to a way to determine impact of a major security event to a customer was the Vulnerability Catalog.
Vulnerability Detection gave users a single workflow to determine impact to their portfolios and begin their vendor outreach process.
Milestone 2: New add-on module for sending exposure questionnaires
We solved the most labor intensive part of the journey: sending evidence-backed bulk inquiries to impacted vendors.
Milestone 2: New add-on module for sending exposure questionnaires
We solved the most labor intensive part of the journey: sending evidence-backed bulk inquiries to impacted vendors.
Milestone 2: New add-on module for sending exposure questionnaires
We solved the most labor intensive part of the journey: sending evidence-backed bulk inquiries to impacted vendors.
Milestone 2: New add-on module for sending exposure questionnaires
We solved the most labor intensive part of the journey: sending evidence-backed bulk inquiries to impacted vendors.
"This is huge"
- Information Security Analyst
"This is huge"
- Information Security Analyst
"This is huge"
- Information Security Analyst
"This is huge"
- Information Security Analyst
"A nice touch to share wth the questionnaire."
- CISO
"A nice touch to share wth the questionnaire."
- CISO
"A nice touch to share wth the questionnaire."
- CISO
"Rock solid."
-VP of Infosec
"Rock solid."
-VP of Infosec
"I feel comfortable sharing that."
- Cyber Risk Analyst
"I feel comfortable sharing that."
- Cyber Risk Analyst
"I feel comfortable sharing that."
- Cyber Risk Analyst
Take Action
Effective communication channels with supportive data
Enabling users to integrate exposure evidence into the incident response process
We knew from foundational research that the sending of questionnaires to exposed vendors was the most cumbersome and time intensive task of the workflow. Connecting evidence of exposure to the standard security incident response process was a competitive differentiator for Bitsight, and a big win for users.
Enabling users to integrate exposure evidence into the incident response process
We knew from foundational research that the sending of questionnaires to exposed vendors was the most cumbersome and time intensive task of the workflow. Connecting evidence of exposure to the standard security incident response process was a competitive differentiator for Bitsight, and a big win for users.
Enabling users to integrate exposure evidence into the incident response process
We knew from foundational research that the sending of questionnaires to exposed vendors was the most cumbersome and time intensive task of the workflow. Connecting evidence of exposure to the standard security incident response process was a competitive differentiator for Bitsight, and a big win for users.
Enabling users to integrate exposure evidence into the incident response process
We knew from foundational research that the sending of questionnaires to exposed vendors was the most cumbersome and time intensive task of the workflow. Connecting evidence of exposure to the standard security incident response process was a competitive differentiator for Bitsight, and a big win for users.
The second most important part of the journey- Take Action.
Diagramed workflow of features supporting the Take Action phase.
Collaborating on data structure and flow over time
Data scenario sketches The process of sending potentially hundreds of emails and questionnaires in one click required a lot of early discussion with the development team about data object structure. These sketches helped us have those discussions.
Collaborating on data structure and flow over time
Data scenario sketches The process of sending potentially hundreds of emails and questionnaires in one click required a lot of early discussion with the development team about data object structure. These sketches helped us have those discussions.
Collaborating on data structure and flow over time
Data scenario sketches The process of sending potentially hundreds of emails and questionnaires in one click required a lot of early discussion with the development team about data object structure. These sketches helped us have those discussions.
Collaborating on data structure and flow over time
Data scenario sketches The process of sending potentially hundreds of emails and questionnaires in one click required a lot of early discussion with the development team about data object structure. These sketches helped us have those discussions.
Sketches showing how I expected the data to populate across a suite of pages over time.
Usability Testing
I prototyped the experience of sending multiple questionnaires to a portfolio of exposed vendors and tracking the responses over time.
We testing the prototype with users to uncover usability issues, and gauge user interest in feature enhancements through a 100 dollar test.
Top takeaways:
In the 100 dollar test, users gave the most 'money' to connecting the Bitsight data to the questionnaires.
Our users lived at different levels of maturity regarding storage and access to vendor contacts and our solution needed to work at those different levels.
To justify integration into customers workflows and additional payment to BitSight, the offering must optimize the manual burdens of the workflow
Usability Testing
I prototyped the experience of sending multiple questionnaires to a portfolio of exposed vendors and tracking the responses over time.
We testing the prototype with users to uncover usability issues, and gauge user interest in feature enhancements through a 100 dollar test.
Top takeaways:
In the 100 dollar test, users gave the most 'money' to connecting the Bitsight data to the questionnaires.
Our users lived at different levels of maturity regarding storage and access to vendor contacts and our solution needed to work at those different levels.
To justify integration into customers workflows and additional payment to BitSight, the offering must optimize the manual burdens of the workflow
Usability Testing
I prototyped the experience of sending multiple questionnaires to a portfolio of exposed vendors and tracking the responses over time.
We testing the prototype with users to uncover usability issues, and gauge user interest in feature enhancements through a 100 dollar test.
Top takeaways:
In the 100 dollar test, users gave the most 'money' to connecting the Bitsight data to the questionnaires.
Our users lived at different levels of maturity regarding storage and access to vendor contacts and our solution needed to work at those different levels.
To justify integration into customers workflows and additional payment to BitSight, the offering must optimize the manual burdens of the workflow
Usability Testing
I prototyped the experience of sending multiple questionnaires to a portfolio of exposed vendors and tracking the responses over time.
We testing the prototype with users to uncover usability issues, and gauge user interest in feature enhancements through a 100 dollar test.
Top takeaways:
In the 100 dollar test, users gave the most 'money' to connecting the Bitsight data to the questionnaires.
Our users lived at different levels of maturity regarding storage and access to vendor contacts and our solution needed to work at those different levels.
To justify integration into customers workflows and additional payment to BitSight, the offering must optimize the manual burdens of the workflow
An image of the prototyped experience in Figma.
Outcomes from the 100 dollar test.
Usability test findings on the bulk questionnaire send UI.
Scoping for release functionality
After the success of our first story mapping exercise, I led our team went through another to scope the release functionality for the second milestone. We scoped our release functionality and took notes on outstanding questions.
Scoping for release functionality
After the success of our first story mapping exercise, I led our team went through another to scope the release functionality for the second milestone. We scoped our release functionality and took notes on outstanding questions.
Scoping for release functionality
After the success of our first story mapping exercise, I led our team went through another to scope the release functionality for the second milestone. We scoped our release functionality and took notes on outstanding questions.
Scoping for release functionality
After the success of our first story mapping exercise, I led our team went through another to scope the release functionality for the second milestone. We scoped our release functionality and took notes on outstanding questions.
The output of our story mapping workshop.
Vulnerability Response release
Vulnerability Response was rleased to users and brought in over $200k in direct revenue in the first 6 months.
Vulnerability Response release
Vulnerability Response was released to users and brought in over $200k in direct revenue in the first 6 months.
Vulnerability Response release
Vulnerability Response was rleased to users and brought in over $200k in direct revenue in the first 6 months.
Vulnerability Response release
Vulnerability Response was rleased to users and brought in over $200k in direct revenue in the first 6 months.
Final implementation for creating and sending bulk exposure questionnaires.
User interface for tracking responses to bulk exposure questionnaires.
Password: delightful-pixels
Internal video socializing the new Vulnerability Detection & Response experience.
Milestone 3: Expanding our data set and improving data presentation
We enhanced our exposure data set and the way we presented it to emphasize clarity and actionability for non-technical users.
Milestone 3: Expanding our data set and improving data presentation
We enhanced our exposure data set and the way we presented it to emphasize clarity and actionability for non-technical users.
Milestone 3: Expanding our data set and improving data presentation
We enhanced our exposure data set and the way we presented it to emphasize clarity and actionability for non-technical users.
Milestone 3: Expanding our data set and improving data presentation
We enhanced our exposure data set and the way we presented it to emphasize clarity and actionability for non-technical users.
Report
Clear & simple communication to non-technical stakeholders
Discover
Timely understanding of necessary action
Issues with the first exposure evidence framework
After a year of Vulnerability Detection & Response living in the wild, we collected data from users and CSMs that users had frustrations with the exposure evidence.
Users expressed discontent with:
The speed of data
Users were frustrated with the amount of time it took exposure data to populate in the app when a major security event happened.
Clarity of data meaning
Users were confused by what caused a company to fall into 'Suspected exposure' vs 'Confirmed exposure' and had a false belief that 'Suspected' data wasn't credible.
Issues with the first exposure evidence framework
After a year of Vulnerability Detection & Response living in the wild, we collected data from users and CSMs that users had frustrations with the exposure evidence.
Users expressed discontent with:
The speed of data
Users were frustrated with the amount of time it took exposure data to populate in the app when a major security event happened.
Clarity of data meaning
Users were confused by what caused a company to fall into 'Suspected exposure' vs 'Confirmed exposure' and had a false belief that 'Suspected' data wasn't credible.
Issues with the first exposure evidence framework
After a year of Vulnerability Detection & Response living in the wild, we collected data from users and CSMs that users had frustrations with the exposure evidence.
Users expressed discontent with:
The speed of data
Users were frustrated with the amount of time it took exposure data to populate in the app when a major security event happened.
Clarity of data meaning
Users were confused by what caused a company to fall into 'Suspected exposure' vs 'Confirmed exposure' and had a false belief that 'Suspected' data wasn't credible.
Issues with the first exposure evidence framework
After a year of Vulnerability Detection & Response living in the wild, we collected data from users and CSMs that users had frustrations with the exposure evidence.
Users expressed discontent with:
The speed of data
Users were frustrated with the amount of time it took exposure data to populate in the app when a major security event happened.
Clarity of data meaning
Users were confused by what caused a company to fall into 'Suspected exposure' vs 'Confirmed exposure' and had a false belief that 'Suspected' data wasn't credible.
The speed of data delayed the Discover phase while the confusion in data meaning made it difficult for users to report to stakeholders.
The original evidence framework had two categories detection 'suspected' and 'confirmed' and two types of exposure 'currently' and 'previously'.
Improving on the exposure evidence framework
Our goals for improving the evidence framework:
Add a new type of evidence that could populate very fast.
Improve existing framework to improve understanding among customers (Terminology, Visual distinction, Evidence categorization)
Improving on the exposure evidence framework
Our goals for improving the evidence framework:
Add a new type of evidence that could populate very fast.
Improve existing framework to improve understanding among customers (Terminology, Visual distinction, Evidence categorization)
Improving on the exposure evidence framework
Our goals for improving the evidence framework:
Add a new type of evidence that could populate very fast.
Improve existing framework to improve understanding among customers (Terminology, Visual distinction, Evidence categorization)
Improving on the exposure evidence framework
Our goals for improving the evidence framework:
Add a new type of evidence that could populate very fast.
Improve existing framework to improve understanding among customers (Terminology, Visual distinction, Evidence categorization)
An illustrative graphic showing confusion about evidence types and new 'early detection' data.
Collaboration with data science to define new data types and category correlation
I held multiple collaboration sessions and ran a card sort study with the data science team to determine the balance between user friendliness and data ‘correctness’ of the evidence categories.
Collaboration with data science to define new data types and category correlation
I held multiple collaboration sessions and ran a card sort study with the data science team to determine the balance between user friendliness and data ‘correctness’ of the evidence categories.
Collaboration with data science to define new data types and category correlation
I held multiple collaboration sessions and ran a card sort study with the data science team to determine the balance between user friendliness and data ‘correctness’ of the evidence categories.
Collaboration with data science to define new data types and category correlation
I held multiple collaboration sessions and ran a card sort study with the data science team to determine the balance between user friendliness and data ‘correctness’ of the evidence categories.
The evolution of the data framework based on the card sort study and collaboration sessions with data science.
User testing to find the right presentation and language for exposure evidence
I tested 3 options of redesigned evidence cards and filter sets with 74 participants.
Takeaways:
Participants preferred the ability to filter by types of evidence available.
Participants preferred evidence cards with an expanded ‘Exposure Certainty’ scale and a visual indicator.
We saw a large need to have easily accessible and understandable supportive documentation about the evidence framework.
User testing to find the right presentation and language for exposure evidence
I tested 3 options of redesigned evidence cards and filter sets with 74 participants.
Takeaways:
Participants preferred the ability to filter by types of evidence available.
Participants preferred evidence cards with an expanded ‘Exposure Certainty’ scale and a visual indicator.
We saw a large need to have easily accessible and understandable supportive documentation about the evidence framework.
User testing to find the right presentation and language for exposure evidence
I tested 3 options of redesigned evidence cards and filter sets with 74 participants.
Takeaways:
Participants preferred the ability to filter by types of evidence available.
Participants preferred evidence cards with an expanded ‘Exposure Certainty’ scale and a visual indicator.
We saw a large need to have easily accessible and understandable supportive documentation about the evidence framework.
User testing to find the right presentation and language for exposure evidence
I tested 3 options of redesigned evidence cards and filter sets with 74 participants.
Takeaways:
Participants preferred the ability to filter by types of evidence available.
Participants preferred evidence cards with an expanded ‘Exposure Certainty’ scale and a visual indicator.
We saw a large need to have easily accessible and understandable supportive documentation about the evidence framework.
Results of the product reaction card exercise showing a user preference for an expanded scale and visual indicator.
The results of the card sort exercise showing alignment in the lowest and highest certainty evidence with a variance in the middle.
Users preferred to filter by individual evidence types.
Leadership approval and implementation
After evaluating the framework designed with data science with users and understanding desired filtering and documentation I refined the designs and led the final push forward to get to implementation.
I presented the new evidence framework to Product and Engineering leadership and got their approval to move forward with implementation.
Implementation outcomes:
User clarity
The changes in terminology and presentation directly resulted in a decrease in support cost.Data speed
The speed of the new data type included in the framework update decreased the wait time for customer from weeks to hours.
Stakeholder approval and implementation
After evaluating the framework designed with data science with users and understanding desired filtering and documentation I refined the designs and led the final push forward to get to implementation.
Leadership approval
I presented the new evidence framework to Product and Engineering leadership and got their approval to move forward with implementation.
I reached out to the customer enablement team to collaborate on an educational article in the Bitsight knowledge base.
Implementation
User clarity
The changes in terminology and presentation directly resulted in a decrease in support cost.
Data speedThe speed of the new data type included in the framework update decreased the wait time for customer from weeks to hours.
Leadership approval and implementation
After evaluating the framework designed with data science with users and understanding desired filtering and documentation I led the final push forward to get to implementation.
Refinement and socialization:
- I presented the new evidence framework to Product and Engineering leadership and got their approval to move forward with implementation.
- I worked with the customer enablement team to create an educational article in the Bitsight knowledge base.
Implementation
User clarity
The changes in terminology and presentation directly resulted in a decrease in support cost.
Data speed
The speed of the new data type included in the framework update decreased the wait time for customer from weeks to hours.
Leadership approval and implementation
After evaluating the framework designed with data science with users and understanding desired filtering and documentation I refined the designs and led the final push forward to get to implementation.
I presented the new evidence framework to Product and Engineering leadership and got their approval to move forward with implementation.
Implementation outcomes:
User clarity
The changes in terminology and presentation directly resulted in a decrease in support cost.Data speed
The speed of the new data type included in the framework update decreased the wait time for customer from weeks to hours.
The final V2 for the evidence framework.
Before and after of evidence descriptions and evidence filters.
Educational article on Bitsight's knowledge base explaining the framework in simple and detailed terms for users of all technical expertise levels.
Reflections
Collaborating with data science strengthens your ability to design.
Pairing knowledge about underlying data structures and user needs can enable some of the most creative product and design decisions. I now seek to understand whats going on ‘under the hood’ earlier on in the process.
Wield the scythe to kill your own darlings, and give others a turn, too!
We had a lot of green field to work in, but we still had to make some really cutthroat decisions about scoping to prioritize the potential scale of data and performance. I found that collaborating with a ‘non-precious’ attitude about the designs fostered trust with the development team to be clear about what we should scope out.
Consider the downstream effects of functionality you’re implementing.
We were very close to launch of milestone 1 when I spotted an issue that would arise for the users in Bitsight’s other application on the receiving end of a vulnerability outreach. We scrambled to collaborate across product teams and prioritize functionality for users in the other application, but it did delay our release a bit. Looking back, I wish I had been in more communication with the other application product team earlier to avoid the scramble.
Fostering psychological trust on your product team.
Operating in good faith between product, engineering and design can clear so many roadblocks in the product process. The trust we built on this team over many releases, conversations and group decisions made this project a joy to work on. I try to bring trust and good faith interactions to all team discussions.
Reflections
Collaborating with data science strengthens your ability to design.
Pairing knowledge about underlying data structures and user needs can enable some of the most creative product and design decisions. I now seek to understand whats going on ‘under the hood’ earlier on in the process.
Wield the scythe to kill your own darlings, and give others a turn, too!
We had a lot of green field to work in, but we still had to make some really cutthroat decisions about scoping to prioritize the potential scale of data and performance. I found that collaborating with a ‘non-precious’ attitude about the designs fostered trust with the development team to be clear about what we should scope out.
Consider the downstream effects of functionality you’re implementing.
We were very close to launch of milestone 1 when I spotted an issue that would arise for the users in Bitsight’s other application on the receiving end of a vulnerability outreach. We scrambled to collaborate across product teams and prioritize functionality for users in the other application, but it did delay our release a bit. Looking back, I wish I had been in more communication with the other application product team earlier to avoid the scramble.
Fostering psychological trust on your product team.
Operating in good faith between product, engineering and design can clear so many roadblocks in the product process. The trust we built on this team over many releases, conversations and group decisions made this project a joy to work on. I try to bring trust and good faith interactions to all team discussions.
Reflections
Collaborating with data science strengthens your ability to design.
Pairing knowledge about underlying data structures and user needs can enable some of the most creative product and design decisions. I now seek to understand whats going on ‘under the hood’ earlier on in the process.
Wield the scythe to kill your own darlings, and give others a turn, too!
We had a lot of green field to work in, but we still had to make some really cutthroat decisions about scoping to prioritize the potential scale of data and performance. I found that collaborating with a ‘non-precious’ attitude about the designs fostered trust with the development team to be clear about what we should scope out.
Consider the downstream effects of functionality you’re implementing.
We were very close to launch of milestone 1 when I spotted an issue that would arise for the users in Bitsight’s other application on the receiving end of a vulnerability outreach. We scrambled to collaborate across product teams and prioritize functionality for users in the other application, but it did delay our release a bit. Looking back, I wish I had been in more communication with the other application product team earlier to avoid the scramble.
Reflections
Collaborating with data science strengthens your ability to design.
Pairing knowledge about underlying data structures and user needs can enable some of the most creative product and design decisions. I now seek to understand whats going on ‘under the hood’ earlier on in the process.
Wield the scythe to kill your own darlings, and give others a turn, too!
We had a lot of green field to work in, but we still had to make some really cutthroat decisions about scoping to prioritize the potential scale of data and performance. I found that collaborating with a ‘non-precious’ attitude about the designs fostered trust with the development team to be clear about what we should scope out.
Consider the downstream effects of functionality you’re implementing.
We were very close to launch of milestone 1 when I spotted an issue that would arise for the users in Bitsight’s other application on the receiving end of a vulnerability outreach. We scrambled to collaborate across product teams and prioritize functionality for users in the other application, but it did delay our release a bit. Looking back, I wish I had been in more communication with the other application product team earlier to avoid the scramble.
Fostering psychological trust on your product team.
Operating in good faith between product, engineering and design can clear so many roadblocks in the product process. The trust we built on this team over many releases, conversations and group decisions made this project a joy to work on. I try to bring trust and good faith interactions to all team discussions.
From collaborators on this project
Jacob Mulberry
Product Manager
“Blythe was the cornerstone for getting the Exposure team up and running. She facilitated the user interviews and problem space at the very beginning making sure we were solving the customer jobs that our users needed solving.
Her ability to help engineering and product make key decisions while being able to iterate quickly on the changing requirements and dependencies was crucial to the success of Vulnerability Detection & Response.
She was a super hero working both with our team and the Insurance team making sure we delivered a polished product.”
Luis Grangeia
Principal Research Scientist
“Blythe and I worked together during researching and prototyping a major new product feature — Blythe is extremely good at taking complex concepts and data and understanding how they can fit together and be presented in a simple yet powerful way. This, for me, is the definition of great product design. She is also a pleasure to work with.”
Evan Fiddler
Engineering Director
“Blythe makes the work fun while also keeping my team sharp and on our toes.
Throughout the course of the exposure project she's had to battle my team a few times on different parts of the system and she does this with a lot of humility and grace.”
From collaborators on this project
Jacob Mulberry
Product Manager
“Blythe was the cornerstone for getting the Exposure team up and running. She facilitated the user interviews and problem space at the very beginning making sure we were solving the customer jobs that our users needed solving.
Her ability to help engineering and product make key decisions while being able to iterate quickly on the changing requirements and dependencies was crucial to the success of Vulnerability Detection & Response.
She was a super hero working both with our team and the Insurance team making sure we delivered a polished product.”
Luis Grangeia
Principal Research Scientist
“Blythe and I worked together during researching and prototyping a major new product feature — Blythe is extremely good at taking complex concepts and data and understanding how they can fit together and be presented in a simple yet powerful way. This, for me, is the definition of great product design. She is also a pleasure to work with.”
Evan Fiddler
Engineering Director
“Blythe makes the work fun while also keeping my team sharp and on our toes.
Throughout the course of the exposure project she's had to battle my team a few times on different parts of the system and she does this with a lot of humility and grace.”
From collaborators on this project
Jacob Mulberry
Product Manager
“Blythe was the cornerstone for getting the Exposure team up and running. She facilitated the user interviews and problem space at the very beginning making sure we were solving the customer jobs that our users needed solving.
Her ability to help engineering and product make key decisions while being able to iterate quickly on the changing requirements and dependencies was crucial to the success of Vulnerability Detection & Response.
She was a super hero working both with our team and the Insurance team making sure we delivered a polished product.”
Luis Grangeia
Principal Research Scientist
“Blythe and I worked together during researching and prototyping a major new product feature — Blythe is extremely good at taking complex concepts and data and understanding how they can fit together and be presented in a simple yet powerful way. This, for me, is the definition of great product design. She is also a pleasure to work with.”
Evan Fiddler
Engineering Director
“Blythe makes the work fun while also keeping my team sharp and on our toes.
Throughout the course of the exposure project she's had to battle my team a few times on different parts of the system and she does this with a lot of humility and grace.”
From collaborators on this project
Jacob Mulberry
Product Manager
“Blythe was the cornerstone for getting the Exposure team up and running. She facilitated the user interviews and problem space at the very beginning making sure we were solving the customer jobs that our users needed solving.
Her ability to help engineering and product make key decisions while being able to iterate quickly on the changing requirements and dependencies was crucial to the success of Vulnerability Detection & Response.
She was a super hero working both with our team and the Insurance team making sure we delivered a polished product.”
Luis Grangeia
Principal Research Scientist
“Blythe and I worked together during researching and prototyping a major new product feature — Blythe is extremely good at taking complex concepts and data and understanding how they can fit together and be presented in a simple yet powerful way. This, for me, is the definition of great product design. She is also a pleasure to work with.”
Evan Fiddler
Engineering Director
“Blythe makes the work fun while also keeping my team sharp and on our toes.
Throughout the course of the exposure project she's had to battle my team a few times on different parts of the system and she does this with a lot of humility and grace.”
