Josh Kimmell

Design Principal | Designer | Experience Fanatic

Making security accessible

View all
Case study

Making security accessible

Unified Analyst Experience

When I signed on to lead Unified Analyst Experience (UAX), the project had already been active for a year and the beta release date was swiftly closing in. UAX was broken into three work streams: setup, content, and SOC, each in varying stages of completion. Each work stream consisted of a Product Manager, a design team, and one or more development teams.

My job was to partner with the team leads and strategize how to align all the teams on the work remaining for the GA release. And more importantly, I had to ensure we delivered a seamless experience in which our user, a junior security analyst, can perform the basic jobs of a full security team with a simple data source connection experience and then benefit from automated detection, correlation, and response.

Skills used

Leadership, project management, UX design, collaboration, prototyping

Background

Detecting, investigating, and responding to security incidents requires an analyst to toggle between multiple disconnected security tools, and stitch results together manually. When that work results in false positives, the experience can be frustrating.

If you build it, they will come

I am a proponent of the Agile framework. I devote much of my time to making design thinking a part of Agile and proselytizing the benefits to others. That said, it was clear that Agile wasn’t the way to get all of these disparate product teams to plan and scope an entire GA experience.

So, I shifted gears and devised a way to get all the stakeholders to view the amount of work it would take to deliver the proposed experience, and then scope it together in the same space. We need a gantt chart, stat! I discovered that Jira, which the business chose as its tracking tool, had a roadmapping feature, which I promptly used to pull in all issues from every work stream and organize them into teams. I then hosted prioritization meetings with each work stream until the entire project was scoped down to the epics. This strategy not only prioritized the work that each team would do, it unveiled gaps in the experience that needed to be addressed.

A better data connection experience

After getting cross-team alignment on the scope of the project, I quickly began reviewing the work that was already in progress in order to prepare for the work ahead.

Starting with the “Setup” work stream, I noticed a lot of inconsistencies in the data connection experience. Due only to the fact that there were two development teams working in siloes, the user was forced to connect data sources in two different places depending on the type of connection. Each flow had different steps to take, used confusing terminology, and made incorrect use of established design patterns.

Something had to change. Working with Brady Starr, I halted production on the current implementation and recommended ways to improve the experience while still hitting the beta release date.

I then created a concept of what the connection experience should be and presented that to the work stream teams and business leadership.

Breaking the rules

One of my responsibilities as the UAX design lead was to quickly onboard a new design team to a new product and get them to produce quality work in record time. The product, called Detection and Response Center (DRC), is a rule management experience that allows analysts to enable or disable rules that will automatically trigger alerts if the criteria is met.

While reviewing the existing experience, I identified multiple high-severity issues and highlighting incorrect use of Carbon components and design patterns. I then worked with DRC leadership to ensure these issues were on the roadmap to be addressed before the beta launch.

From there, I guided the new design team to re-assess the planned experience by documenting the jobs-to-be-done and exploring alternative solutions.

Rules are… what now?

One question I kept getting from the new DRC design team was, “What constitutes a rule?”

In order to answer this question, I conducted an exercise with the designers and the development team to define the attributes of a rule using a content model template I created in Figma for all designers in Security.

This activity not only educated the team about different types of rules, their properties, and related objects, it also served as an artifact that could be referenced in the future.

Now that the team understood rules and the jobs surrounding them, they were able to create a much more intuitive, Carbon compliant rule management experience that will exceed the user’s expectations.

Prototype everything! (Remember?)

After getting the new design team up and running and the connection experience moving in the right direction, I focused my attention on the UAX project holistically. I set up weekly cross-work stream design reviews and priority meetings with product leads; worked with UX researchers to make sure we were meeting user needs; and hosted design work sessions to push the experience to be even more delightful.

After all the design work was delivered for GA, I orchestrated an effort to build a prototype showcasing the analyst’s end-to-end experience across all work streams. This maintained continued alignment and solidified our strategy for UAX.

Impact

5

Product teams aligned on priority and scope

UAX became the default experience of the QRadar Suite platform

3

Jira roadmaps created and followed to the letter

100%

Design work delivered on time

From the moment you joined our XDR Connect team you have successfully onboarded to the domain and developed relationships with the other 4IAB leaders. You quickly lead the DRC team to fix Sev1 usability issues and secured PM and Dev commitment to fix them before the Beta. You then rallied with me to own the weekly Design Jams and establishing your voice and providing much needed UX and Visual critique to our designers across the 3 hills. You have almost single-handedly setup Jira for our 4IAB hill teams in such a way that helps PM get visibility into all the work happening between design and dev, but also helps design and dev align on acceptance criteria and dependencies between their work items—your coaching and mentorship here has leveled up skills for a dozen or more senior leaders. You helped our Setup Hill design team out of tough spot. You delivered a prototype of what the GA experience will be and lead the discussion with our PM and Development partners that ultimately allowed all of us to align. Yes, the experience is not what it needs to be, but you demonstrated for everyone what good partnership, negotiation, and compromise looks like, especially under stressful and frustrating circumstances—all within 4 weeks.

– Brady Starr, Program Director

Hide