Josh Kimmell

Design Principal | Designer | Experience Fanatic

Envisioning the future

View all
Case study

Envisioning the future

QRadar SIEM

While working on Unified Analyst Experience (UAX), I was approached to take on yet another project, a priority for the business in 2023, and I emphatically agreed. The challenge: to identify the right problems, users, and use cases needed to envision the next generation of SIEM (Security Information and Event Management). This opportunity was too juicy to pass up.

My strategy was to take a step back from the SIEM I knew, QRadar, and focus the experience around the jobs-to-be-done of SOC analysts, which include ingesting logs and alerts, detecting alarming events, investigating malicious activity and anomalous behavior in record speed, and visualizing their security posture.

Skills used

Leadership, facilitation, UX design, UX research

Background

QRadar had led the market in Security Incident and Event Management (SIEM) for more than a decade, but hadn’t been successful at delivering a user experience that kept up with competitors. IBM needed a strategy to not only match competitive trends, but to leapfrog through better UX and innovation.

Understanding SIEM

My new design team quickly dove into learning about SIEM. We gathered, categorized, and summarized primary and secondary research to understand SIEM outside of IBM. We conducted numerous interviews with IBM SMEs to learn the ins and outs of QRadar, consulted books and articles on SIEM, and audited competitor SIEM experiences.

After a month of this deep dive into the domain, we were ready to collaborate.

Strategy work sessions

Having gained a solid understanding of the domain, I hosted a series of working sessions with all of the contributing stakeholders from across Security, including product managers, development leads, architects, and design leads.

Each work session had a desired outcome. The first few were to define the jobs-to-be-done, identify the target personas responsible for doing them, and the use cases we would design for.

We ended up identifying six personas, including Mei and Bernardo, who are responsible for security operations, and who are the personas at the center of this DP role.

Journey maps

Once the personas and use cases were defined, I guided the team to map out the steps taken and identify unmet user needs in each use case. We then created journey maps for each need that presented an opportunity for innovation.

Once the stakeholders were aligned on the target opportunities, we created journey maps detailing the user’s experience completing the job and benefitting from the innovative solutions.

Journey blueprints

After aligning on the target experiences and exploring some innovative ideas to meet users’ needs, I worked with product teams to write epics and plan their delivery of these experiences.

In addition, I created a Figma template for all product teams that would allow them to document their latest experiences under the jobs-to-be-done framework and share those artifacts with leadership.

Impact

11

Product teams included in the future vision of SIEM

30+

Stakeholders either contributed or aligned with the vision

3+

Innovative concepts currently being implemented in product

It’s been great working with you more closely on DRC and again with the concept car pitch deck. Your superpower is your ability to run the Design Thinking workshops that align stakeholders. Beyond that, and more valuable IMO, is your ability to see the long-term vision.

– Joe Raffone, Design Lead, Security


You’re a super knowledgeable teammate, always there with great input and always pushing new design ideas. We need you, sir. NG-SIEM needs you! You’ve got a great attitude and a “let’s get this done” drive that I can always look to when working with you. You’re always available for chats about any domain questions I have when needed. You speak clearly and present well in exits. Glad to have you as a leader in Security.

– Jamie Godin, Design Lead, Security


When leading our working sessions, your domain knowledge is crucial for NGSIEM. You do a fantastic job at listening and asking the right questions in the moment. Knowing the right questions to ask helps drive the direction of what we need to do and the steps we should be thinking about going forward.

– JT Smith, UX Designer, Security

Hide