Hello! I’m Alissa Wang, a product designer currently based in San Francisco, CA.

As a natural problem solver, I’m always eager to dive into new challenges. Let’s connect!

︎    Work
︎    Info
︎    Play

I’m Alissa Wang, a product designer currently based in San Francisco, CA. As a natural problem solver, I’m always eager to dive into new challenges. Let’s connect!

Vanguarda Cybersecurity






︎ A cybersecurity tool on autopilot. ︎


Enable IT admins to efficiently setup their security solution and gain actionable insights on human layer vulnerabilities in the company.








Introduction:

Vanguarda offers a cybersecurity system on autopilot to keep organizations’ data safe. The platform identifies vulnerabilities within by gathering risk data on the individual level, and adapts its AI and machine learning module to send simulated cyber attacks and targeted training materials in real time.

I collaborated with two designers to design and prototype the minimum viable product design.  Our focus was on streamlining the onboarding flow and creating an intuitive admin portal that emphasizes prioritization and visualization of risk insights.



Responsibilities:

Competitive Analysis / Qualitative Research / Persona Development / UX/UI / Prototyping / Usability Testing / Visual Design





Role:

Lead Product Designer
UX Researcher


Team:

Carolyn Jaeger
Jason Du


Timeline:

3 weeks








Problem

70% of cyber attacks are caused by human error.


Ensuring the security of an organization lies in empowering and educating its most valuable assets, the employees, with the knowledge and skills required to protect against cyber threats. Unfortunately, the current market solutions inadequately address this crucial human layer to cybersecurity.






Solution

Quantifiable improvement in human layer security.


Vanguarda offers an unobtrusive agile solution that combines AI-driven cyber attack simulations, real-time risk scoring, targeted training, and a powerful machine learning module. This comprehensive approach delivers impactful, data-driven decisions that drive measurable improvements individually and across the organization.



Focus Areas

Recognizing the importance of the employee in addressing cybersecurity threats, we determined that prioritizing the development of the admin's experience was necessary within our time constraints. Therefore, our initial focus was on resolving the needs of the admin.

  • Company onboarding
  • Baseline assessment campaign launch
  • IT admin risk dashboard


Framing Question

How might we enable admins to efficiently setup their security solution and gain actionable insights into company vulnerabilities?











UX Framework

Phase 1:

Research
& Synthesis


Market Research
Qualitative User Research
Affinity Mapping
Persona Development



Phase 2:

Define, Design & Test


Problem Statement
Concept Ideation
Flow Mapping
Wireframes
Usability Testing







Phase 1: Research & Synthesis











Competitive Matrix & Analysis

Learning about the industry and its competitive landscape.


As newcomers to the cybersecurity field, we recognized the need to quickly familiarize ourselves with the industry and understand Vanguarda’s position in terms of its competitive landscape. This research was essential to ensure we are well-informed and prepared for the design process.


  • Assess the functionalities and features offered.

  • Reveal Vanguarda’s competitive advantages and weaknesses.

  • Understand user sentiment and satisfaction with existing solutions.

  • Identify the goals users want to achieve.





Key Takeaways

  1. New and emerging companies are utilizing AI and machine learning to automate and simplify the traditional complex process offered by solutions like KnowBe4 and Proofpoint.

  2. Competitive and flexible pricing models appealed to smaller companies with a limited budget and offered an edge against established companies.

  3. New and emerging companies are leveraging integrations with other platforms to compete against the comprehensive functionalities offered by established platforms.








Qualitative User Research

Empathizing with users and understanding their needs and goals.


We wanted to understand the security challenges IT admins currently face, the potential impact of cybersecurity threats, their experience with current solutions, and their relationship with employees.

On the employee side, we wanted to gather insights on their experience with security training and threats, and their opinions on the effectiveness of the solutions in both personal and professional contexts.



Participants:


  • 4 IT managers/Chief Information Security Officers (CISOs) who work in gaming, investment, financial tech, and big tech.


  • 6 Employees who work in government, healthcare/research, and tech.






Insights

Identifying patterns and actionable insights.



Employees:

  • They have a negative impression of trainings. They find trainings a waste of time and often multitask, not giving their full attention.

“I think they’re so boring…because I’ve taken them so many times. I just click as soon as I can click to the next module.”


  • They feel more engaged and learn more from trainings that share real-life scenarios of past threats & how they were solved.

  • Employees feel shame when they fall for a scam, but the threats feel distant and impersonal.

“I think it feels so distant and impersonal to me that it doesn't feel personally violating because I'm not engaging with it.”



IT Admins/CISOs:

Efficiency & Simplicity

  • IT admins and CISOs have a range of responsibilities beyond security and often handle additional tasks, making simplicity and efficiency crucial in the security products they use.

“This year we reduced headcount by 65%, I was able to make it work is because I’ve kept security solutions simple. I don’t have much time to manage programs and do things manually.”


Training Effectiveness

  • IT admins understood that even the smartest, most well-versed employees fall for fake phishing emails.

  • IT admins identified that existing solutions aren’t effective because they are not tailored to employees’ specific failings.

“I was looking for a system that educates people specifically on what they're failing on.”


Insightful Data

  • IT admins found data from existing solutions generic and not actionable, they weren’t next steps beyond numbers.

“Having more specific insights into why people are failing would allow you to provide more specific trainings.” 


  • They are very cost-conscious, and need to justify products to their stakeholders who want to know that these solutions are a good investment to prevent more catastrophic repercussions.

“Often, the question is, here's a baseline, are we getting better? And how are we going to get better?”









Persona Development

Contextualizing research findings.


We focused on solving for our primary persona, the IT admin, as our MVP in the given time.


Primary Persona

Nelson is the CISO of a growth startup, his primary goal is to implement a security solution that addresses his company’s security vulnerabilities. Some of the frustrations he faces are lack of time and resources, current ineffective solutions, and a lack of actionable insights.

We created a journey map to understand the steps he takes to accomplish his goal of implementing a new security solution for his company.










Phase 2: Define, Design, Test









Problem Statment

Nelson needs an efficient security solution that exposes company vulnerabilities and provides insightful results because he wants to protect his company from the repercussions of a potential cyber breach.










References & Inpsiration

Auditing prototype draft & competitor products.


We dissected the initial prototype provided by our clients to understand the tasks our users need to navigate through, and referenced competitor platforms to recognize high impact features existing on the market. This provided us with a solid understanding of the landscape going into the ideation phase.









Ideation

Setting up a framework to brainstorm solutions and inviting our clients into the ideation process.


We developed framing questions surrounding efficiency, campaigns, results, and technology to ideate upon and address all touchpoints of our users.


  • How might we provide efficiency in a security solution and reduce the workload for IT admins?

  • How might we provide effective training solutions?

  • How might we provide meaningful insights that go beyond generic data?

  • How might we leverage existing technologies?



Co-creation Workshop

We populated ideas into our brainstorming framework, and hosted a collaboration session with our clients to validate and prioritize ideas with their expertise, and to align with overall business goals.






Evaluation

Desirability, Functionality, Feasibility.


This process was extremely powerful and provided us with confidence moving into the next phase of design. Some of the key ideas and features we wanted to implement were:



Efficiency

  • Streamline initial product setup flow through integration of platforms like Linkedin, Workday, and Google SSN. This reduces manual effort and increases productivity in a busy CISO’s day.


Campaigns

  • Leverage AI and machine learning to achieve a “set it and forget it” approach in the assessment campaigns and training, this ensures that campaigns run effectively with minimal ongoing effort.


Results

  • Provide advanced and deeper layer of data that is meaningful and actionable, this helps admins feel assured that improvements are being made, and to justify the product to their stakeholders.










Flow Mapping

Prototyping content/features structure.


We started user flowing through our primary persona’s tasks to visualize his user journey and determine how to organize content and features in a logical and coherent order.

Referencing our client’s prototype flows, we considered various changes such as having the users commiting to the purchase before entering sensitive company information, syncing their HR tools to streamline the user onboarding process, reducing unnecessary steps that didn’t highlight Vanguarda’s unique advantage of automation, and more. We presented the final user flows to our clients to align our efforts towards a common goal.



  1. Company onboarding

    Set up company profile, and launch the baseline assessment campaign.


  2. View results

    Review dashboard risk insights, and share report.







Wireflows & Wireframes

Iterating & refining layout, structure, and interactions.


Moving into wireflows, we defined how each screen relates to one another in the overall user journey, and started to sketch out wireframes to determine the hierarchy and prioritization of content and features within the interface.







Usability Test, Findings & Revisions

Identifying usability issues & making informed revisions.


We performed 6 usability tests to uncover any points of friction our users have with our design, and to gain feedback and insight into the data they prefer to see in the risk dashboard. We addressed the findings and implemented revisions in our final prototype.




Company Onboarding







View Results










Visual Design

Creating a style guide that aligns to brand values and industry sector.


We created color styles, typography styles, and UI components to include in our design library. We considered Vanguarda’s client base of financial tech, tech, and healthcare companies, and aligned the visual design to the vibe of those industries.











High-Fidelity Design

Implementing revisions and applying styles.




Company Onboarding

  • Auto-populate company details from Linkedin.
  • Integrate HR tools for easy user management.






Company Onboarding

  • Upload logo, signatures, and sample email to make simulated attacks more realistic to sender speech patterns.
  • Default baseline campaign settings, with adjustability.
  • Introduction to next steps following the baseline assessment.







View Results

  • Overview of company risk score against industry benchmark, improvement rates, key threats, risk trends.
  • Layer of data on the types of attacks users are falling for.
  • Training and compliance completion rates.
  • Department specific vulnerabilities insights.







View Results

  • Employee insights on their areas of failures, targeted training completion rates, and training test scores.
  • Vanguarda is running in the background delivering targeted training in real time.







Share Results

  • Admin can share insight reports through email, or powerpoint and file download.









Next Steps

Further usabilitiy testing, and build out the employee experience.


Continue to test and prototype the design with usability tests with IT admins & CISOs.


  • Understand how a user might use and appreicate the streamlined processes in onboarding, and if there are any additional integral steps during setup.


  • Gather more direct feedback on the risk dashboard and the data that is displayed.



Dig deeper on the employee end experience.


  • We got a ton of great employee insights from our user interviews that we will develope further. There is a symbiotic relationship between the IT admin and employees, by lowering employee friction with the product and training, we would also make the admin’s job easier, all while improving the company’s security posture.








Reflection

Effective collaboration efforts from both teammates and clients.


Although we faced an initial challenge of quickly familiarizing ourselves with the cybersecurity industry, we embraced a continuously agile design approach and adapted our strategy to align with our goals, user needs, and business goals.

We collaborated closely with our clients to understand their unique needs and apporach, while leveraging their expertise to ensure design solutions that were not only user-centric but also aligned with industry best practices.

This is the first comprehensive product design project that I have led, and I’m proud of what we accomplished in a short amount of time and can‘t wait to further develope the product.




︎︎︎
 © Alissa Wang 2023