The cyber security space is naturally a very difficult domain to explore and understand. From the Defensive Cyber Operations (DCO) side, there are streams of new exploits types and malicious attacks constantly threatening an array of different network environments. Endgame aimed to help companies defend their environments with analysts who are often inexperienced and new to the domain. With the current Endpoints Protection Platform (EPP) market so saturated, Endgame differentiated itself with it's advanced capabilities with R&D and the extreme ease of use. (Both recently highlighted by Gartner).
I was the lead product designer when the product (1.0) was first created from scratch. In the five months to it's release, I worked with product and directly with all engineerings teams in all facets of research and development. Shortly after the first release, I was brought on as the user experience manager to refine our agile development pipeline, feed the product road map through user-research and prototyping, significantly scale the UX team, as well as still participate in feature teams.
Through the next half-dozen releases our team has held many user interviews, mock scenario and A/B testing. Through our research, we have narrowed our users to four main groups: Tier 1 Analysts, Tier 3 Analysts, Forensic Hunters, and SOC Managers. Below is a description of the most basic of the roles, the Tier 1 Analyst:
A typical defensive analyst job is to maintain their knowledge of these attacks; they need to know what patterns to look for, what to spot, essentially finding that needle in a haystack - in a very short amount of time. Of course once that needle is found, these security analysts are then tasked to find where other corresponding problematic areas exist; exposing and remediating other areas of the network the attacker could have manipulated. It's a classic ‘cat and mouse’ game that keeps analysts constantly on their toes searching or reacting to malicious events.
The Design Process
Our design process followed a macro-structured timeline of events that were mapped to 3-4 month release cycles directly with the product team. This often involved initial storyboarding, and long term research engagements. For current development, our process was paired down to the 2 week engineering sprint cycles. (I had the team completely prep work at least 2 sprints out).
Analysis and Discovery: This included user validation testing, low fidelity wireframe creation, and implementation meetings/feature prioritization.
Development and VD: This included high fidelity visual design and edge-case interactions. Designers would pair daily with developers in feature teams.
Documentation: This included ongoing technical documentation for customers and internal spec documentation for QA,FE, and the Component Library.