Betty Lam - Arctic Wolf Networks

Converting backend processes into digestible GUI

Role

UX Designer

back

Skills

User Research

UI/UX

Design Systems

Status

Shipped

Project duration

4 months

Intentions Configuration Unit (ICU)

Context

Arctic Wolf Networks is a cybersecurity company that protects businesses by detecting and dealing with threats.

I joined the Research and Development team as a UX intern to assist in designing a user interface that improves the workflow efficiency of security analysts within the company.

Arctic Wolf’s security analysts are always on the lookout for online threats that target the businesses that they serve. The existing process of preventing threats consists of manually editing documents of code.

Security alerting involves placing rules and conditions on a client's file, where the client is alerted, should there ever be a security breach (or a threat of one happening).

Security rules, also known as intentions, can be modified by Arctic Wolf's security engineers per client request.

HOW THE ALERTING PROCESS WORKS

Understanding the process

What is the problem?

Security analysts face road blocks in their flow due to the lack of resources–whether it comes in the form of their knowledge in their work or tools required to complete their tasks.

As the company hires new security analysts that may not be adept in coding, they hope to implement a new way of doing things that could limit the room for human error while also improving work efficiency.

33%

of users reported that it was difficult

to navigate the existing workflow

😓

74%

of users reported to have roadblocks in their workflow due to its scattered nature

😵

55%

of senior-level employees complained about not having time to tackle lower hanging fruit tasks

🍑🍑

Goal

Design a user-friendly interface that corresponds with the existing backend process for editing security rules in order to reduce the chances of errors as well as to create a more forgiving workflow for security engineers.

USER NEEDS & GOALS

USER FRUSTRATIONS

I need to be able to make quick changes to security rules. Since I’m interacting face-to-face with clients, they want to see live changes being made more often than not.

I want to avoid making mistakes when editing security rules, as it could potentially result in a security breach, which would be detrimental to Arctic Wolf’s relationship with its clients.

It’s difficult for me to make live changes to my clients’ security rules because of the lengthy and tricky process of editing backend code.

The process, if done correctly, takes too long and clients want to see the immediate changes.

I feel like I can’t really do my job properly.

Triage Security Concierge

@ Arctic Wolf Networks

“I work face-to-face with clients to understand their security needs and to directly quarantine problems that they may face”

USER NEEDS & GOALS

USER FRUSTRATIONS

I can work through client tickets quickly, but I’d like to have a workflow that’s less prone to mistakes.

I’d also like to have a simpler process that doesn’t require me to switch back and forth between 10 tabs to get my work done. It can get a little confusing sometimes.

I like simplicity and don’t like to make mistakes.

I’m constantly switching tabs to make changes to different security rules. Because of this, it’s easy to miss small details and syntax errors happen all the time.

It’s extremely time-consuming to search through hundreds (and sometimes thousands) lines of code to find where the mistake was made.

Triage Security Engineer

@ Arctic Wolf Networks

“I take client requests through JIRA’s ticketing system and make changes to their security rules by directly editing JSON code”

The ICU

Below is a walk-through of the final ICU design.

The ✨impact✨ of the ICU

75%

of Security engineers adopted the new ICU workflow As of q4 of 2021

conversion rate

86%

reduction in errors made when modifying security rules

ERROR RATE

82%

reduction in time it took for engineers to complete THEIR tasks

Time on Tasks

client meets with concierge engineer to discuss modification of security services

client requests for security rule changes through jira ticket system

triage engineer reviews details of jira tickets

concierge engineer notes down client’s requests for changes to be made

engineer navigates to security rule json file to make changes and pushes code to merge on github

security engineer reviews protocol on editing security rule

security team is alerted of changes that will be made

security engineer makes changes to the intentions by editing backend code (json)

note* both concierge and triage engineers operate on the same workflow. the difference between the two is that one (concierge) is more client-facing.

WHAT HAPPENS WHEN CLIENT WANTS TO MODIFY THEIR SECURITY RULES

Learnings

🤔 Having something and not always needing it is better than needing something and not having it

Many users initially believed that it was redundant to have a search bar accompany a table of contents of the security rules. Upon further testing and observation, I found that the search bar was useful for reducing time on tasks.

🤡 There are no silly questions!!

Any question will be returned with an answer. Throughout the design process, we need as many answers as we can get.

🗣️ Users may say one thing, but will probably do another

While it's important to listen to what users are saying, pay attention to what they actually do.

If you have any questions or would like to get passionate about skincare 🧴, let’s connect.

Work

About

Resume