A1 PRODUCT RESEARCH

FIRST CLIENT-FACING DIGITAL PRODUCT FOR CYBERSECURITY ENGAGEMENTS

PRODUCT DESIGN

ABOUT

Arete is an enterprise service provider specializing in mitigating and investigating cybercrimes, including ransomware attacks and business email compromise incidents.

This project involved deep-dive research into user needs, industry gaps, and platform requirements, revealing a critical need for a centralized incident response and threat intelligence dashboard. Insights from this research informed the structure and functionality of the broader platform.

My research for the A1 Threat Intelligence Dashboard focused on understanding the needs of Insurance Claims Professionals, CTI and TA Comms Analysts in the DFIR process. By conducting interviews and analyzing workflows, we identified key challenges related to data overload, communication, and real-time decision-making. These insights highlighted the need for a centralized dashboard to streamline processes, improve efficiency, and provide actionable intelligence for these two main user groups.

OVERVIEW

In researching the existing state of the A1 Threat Intelligence Dashboard, I focused on understanding the critical needs of two key user groups: Insurance Claims Professional and TA Comms Analysts. Through a combination of qualitative interviews and quantitative workflow analysis, I uncovered pain points related to data sharing, analysis, and communication during the digital forensics and incident response (DFIR) process. These insights illuminated opportunities to improve efficiency by centralizing data and providing targeted intelligence.

RESEARCH

GUIDING QUESTIONS

PERSONAS

  • What data is essential for Claims Professionals during policy assessments?

  • How do Threat Actor Communications Analysts gather and analyze threat data in real-time?

  • And what are the main communication challenges faced by each user group with internal and external stakeholders?

Based on these research findings, I developed detailed personas for each key user group—Insurance Claims Professionals and TA Communications Analysts—to better understand their specific needs and behaviors. By mapping their journeys throughout the DFIR process, I identified critical touch-points, pain points, and opportunities for improvement in their workflows.

These personas and journey maps provided valuable insights into how each user interacts with the platform, highlighting the unique challenges they face and informing the design of solutions that streamline communication, data analysis, and decision-making.

TAKEAWAYS

UNCLEAR DATA

  • Both users struggle with an overload of disparate and unclear information, making it difficult to focus on key data points.

    LACK OF REAL-TIME THREAT INTEL

  • Rapidly changing threat landscapes require live data for informed decision-making.

STAKEHOLDER MISCOMMUNICATION CHALLENGES

  • Effective communication and documentation among various stakeholders is crucial, particularly during ongoing incidents.

WORKFLOWS & MVP

To effectively leverage these insights, I explored various workflows from the perspectives of both primary and secondary user groups, depicting existing processes and identifying opportunities for refinement, all with the aim of achieving an ideal workflow. This exercise was pivotal in understanding the comprehensive overhaul and redesign needed to genuinely meet user requirements and needs, as well as to document and communicate these findings to stakeholders.

Based on these insights, I identified key opportunities for a dashboard and used a prioritization matrix to evaluate components by user value, complexity, and urgency. These were the results.

  • TOP THREAT INTELLIGENCE

    • Providing an overview of the top five adversaries and malware related to ongoing engagements helps Claims Professionals make informed risk assessments.

  • AGGRAGATE RANSOM METRICS

    • Rapidly changing threat landscapes require live data for informed decision-making .

  • CURATED THREAT INTEL FEED

    • Effective communication and documentation among various stakeholders is crucial, particularly during ongoing incidents

  • COMPREHENSIVE THREAT PROFILES

    • Providing detailed threat profiles, engagement logs, and historical interactions allows for better strategy planning and negotiations

  • IR MONITORING

    • Real-time views of ongoing engagements, status, key milestones, and budgets help facilitate smooth communication among stakeholders

IMPACT

This case study represents a portion of the research and design work I conducted for the A1 platform, which served as the foundation for further developments addressing additional key user groups. The research was instrumental in uncovering how the platform was being utilized, its limitations, and opportunities for improvement. These insights informed strategies that not only enhanced the user experience but also drove business growth and supported revenue optimization for the company.

OF SURVEYED USERS REPORTED IMPROVED WORKFLOW INTEGRATION AND USABILITY OF THE PROPOSED CENTRALIZED DASHBOARD

REDUCTION IN TIME SPENT GATHERING CRITAL THREAT DATA, ENABLING FASTER DECISION MAKING DURING ACTIVE INCIDENTS.

REDUCTION IN MISCOMMUNICATION AMONG INTERNAL AND EXTERNAL TEAMS, ACHIEVED THROUGH ENHANCED CLARITY AND COLLABORATION VIA CENTRALIZED WORKFLOWS

INCREASE IN THE ACCESSIBILITY OF ESSENTIAL THREAT DATA FOR INSURANCE CLAIMS PROFESSIONALS AND TA COMMUNICATIONS ANALYSTS.

90%

35%

40%

50%