Josh Kimmell

Design Principal | Designer | Experience Fanatic

Predicting the cost of risk

View all
Case study

Predicting the cost of risk

Risk Manager

I delivered a concept that would allow security executives to see their overall risk exposure and its monetary impact to the business, and then immediately share it with leadership. Analysts would be able to provide those executives with estimated monetary values of potentially risky scenarios relevant to their enterprise.

Skills used

Leadership, UX design, UI design, UX research, prototyping

Background

Qualitative approaches to risk are neither scalable nor consumable by executives, and are usually subjectively inaccurate. Enterprises often use their own non-standard methodologies.

Always begin with research

As if configuring how risk is calculated wasn’t complex enough, users wanted to throw cost into the mix. And, as with any new foreign topic within a domain, the first step was to conduct some generative research. I partnered with UX researchers to interview four security executives and one Chief Risk Officer at mid-to-high maturity enterprises.

The results clarified what our users needed:

  • To understand that details of the model are key to building trust and adoption and that qualitative explanations are required in order to aid in understanding quantification
  • The ability to adjust the formula behind quantification in order for it to be contextual to their business
  • Access to information on demand, rather than through ad-hoc modeling projects
  • Integrations with IT systems, which are key to achieving on-demand information

Recommendations and principles

Based on the results from the research, I documented four principles for the team and got to work on explorations:

  1. Provide customers with complete control over all parameters of the model, enabling them to adjust it.
  2. Focus on content to aid the user in understanding the model, as well as its output.
  3. Build a rich ecosystem of integrations with IT systems, with an eye on further integration with financial systems, facilitating on-demand information.
  4. In addition to a financial metric, produce a non-financial metric*, allowing teams to measure their progress over time.

Prototype everything

Since quantification is such a complex concept, I began prototyping the experience early on, starting with low fidelity vignettes and finally culminating in to an end-to-end experience that was shared with leadership, in which the quantification process was broken into steps that provided explainability to the user.

Impact

Users will have a way of assessing risk in monetary terms

I received the Product Design Trailblazer Award

3

New design patterns

[Josh] led the complete redesign of our asset and threat management experience, providing a solution for “risk quantification”, a complex method of assessing the risk of certain assets in monetary terms.


– Walid Rjaibi, CTO and DE for Data Security


Josh has recently joined a new team (Risk Manager) specifically because he listened for need. He interviewed the existing designers, heard there was some trouble with how design and development were interacting, and he chose to jump in and help. He’s spent the last couple of months expanding his impact on the team by aligning design, development, and product management in the Risk Manager project. He’s worked to strengthen our understanding of design, how we work, and how we can be better together. In addition, he’s working to improve how development works with Carbon and understand the CloudPak for Security frameworks by bringing other architects and resources from multiple teams. He’s also listened for need around other parts of the CP4S platform and is making sure the designs the team are producing serve the entire platform, not just his team! He’s also working to lend his talents to other projects with Office Hours. Josh always brings his best self to work. He’s happy to help other team members, lift them up and make everyone better. He is making waves that are generating change for good and building bridges along the way.


– Haidy Perez-Francis, VP of Design, IBM Security

Hide