Josh Kimmell

Design Principal | Designer | Experience Fanatic

Modernizing risk

Modernizing illustration
View all
Case study

Modernizing risk

IBM Risk Manager

As Design Lead for Risk Manager, I used my expert knowledge of Carbon patterns and components to bring the product up to 100% compliance. I drew from my expertise in UX design to reimagine how security professionals configure risk and identify high priority network assets. In addition, I supported the integration of risk configuration and our recommendation engine into Guardium Insights for the GA launch.

Skills used

Leadership, UX design, UI design, prototyping, workshop facilitation

Background

Security analysts are often bombarded with risk scores they can’t configure from all their various tools, and they find it hard to trust in the calculation of those scores.

Risk configuration

Risk configuration

When I joined the team, risk management was new to me, so when I saw the state of the product, I knew I had to onboard very quickly. Relying on my knowledge of UX principles, I reimagined how a security worker might calculate risk for his network assets.

I also guided the development team to guarantee future Carbon compliance. Any page my experience touched, I made sure the team updated the UI to the latest version of Carbon.

The outcome

The experience we delivered ensures that security professionals are empowered to customize how risk is calculated for every scenario and to control how their assets are prioritized.

Asset enrichment

In any business, there are usually hundreds of network assets ranging in priority from “not important at all” to the company’s “crown jewels” which should be protected at all costs. Using existing research about network asset management, I set out to find a way to let users enrich those assets so they can better prioritize them. The higher an asset is in priority, the higher the risk score and the more protection the asset receives.

I started with the concept of tagging assets with meaningful words, like “crown jewel” or “GDPR.” Carbon had a tag component, but there wasn’t yet a pattern to create, read, update, or delete tags. After multiple explorations, usability tests, and design reviews, I delivered an experience that would allow users to not only create and manage tags, but also assign those tags to categories used to calculate risk scores.

The outcome

This experience enabled security professionals to enrich assets with tags and custom properties that are factored into risk score configuration. This design pattern was used as a basis for a centralized tagging service utilized by all applications in QRadar Suite.

Asset enrichment
Project "Co-pilot"

Project “Co-pilot”

I joined Risk Manager because I thought they needed my help, but also for the opportunities I saw in the product. From day one, I spoke to the product manager at length about how Risk Manager should be the hub for severity and risk scoring across the QRadar Suite platform. Almost a year later, the first seedling of that vision started to emerge as an integration with another IBM Security product, Guardium Insights (GI).

I worked with the GI product team on a strategy for integrating our experiences in a way that scaled as each product matured.

The outcome

These efforts enabled GI users to configure their risk calculations and prioritize their assets, resulting in an increase in revenue, sales, and retention.

Impact

$41M

Total revenue since Guardium Insights launch

29

New sales to new and existing clients

355%

Increase in sales over two years

4

Design patterns contributed to the Carbon Design System

I heard about the impact you are having with our Risk Manager team—wow! Just knowing you were willing to come to a team that was not as healthy as the one you left, to transform their culture while things have not been easy outside of work, is a selfless act that I admire. I just wanted to send you a small token of my appreciation in recognition of your efforts in helping our RM team be One Team, think differently (e.g. “Everything is a prototype”), and learn Carbon by helping them to make connections with the Data Explorer development teams. So thank you Josh!

– Brady Starr, Program Director

Hide