Problem: SOC analysts frequently lost critical investigation time because console access details were missing for devices and integrations.
My role: Senior UX Designer in a cybersecurity platform, leading problem discovery, UX strategy, and end‑to‑end design of the solution.
Outcome: Reworked the configuration flow to require an explicit decision about console access and surfaced visibility gaps earlier.
Impact: ~60% reduction in console access–related support tickets, faster investigations, and clearer accountability.
Product: Enterprise cybersecurity platform used by SOC teams to investigate and respond to threats.
Users: Internal SOC analysts conducting live investigations; customer-facing teams supporting onboarding and escalations.
Constraints:
Security‑sensitive workflows
Enterprise customers with strict access controls
Existing configuration patterns and technical debt
Why this mattered: Missing console access information routinely stalled investigations, costing hours, days, or even weeks of response time and increasing operational overhead for multiple teams.
SOC users often needed console access to gather evidence during investigations. However:
Console access details were frequently not provided by customers during setup.
Analysts had no visibility into whether access was missing until mid‑investigation.
The recovery path required contacting a customer‑facing employee, who then contacted the customer — creating long delays.
This wasn’t an edge case. Ticket analysis showed this was a systemic issue, not isolated customer behavior.
User goals:
Know upfront whether console access is available
Avoid investigation delays caused by missing information
Business goals:
Reduce support tickets and escalation overhead
Improve investigation efficiency and trust in the platform
Success metrics:
Reduction in console access–related tickets
Improved visibility and proactive handling of missing access
My responsibilities:
Analyzed support ticket volume and patterns
Interviewed internal SOC users and customer‑facing teams
Identified root causes in the configuration experience
Designed and validated UX changes to address systemic failure
Partners: Product management, engineering, SOC stakeholders, customer‑facing teams
Methods used:
Support ticket analysis
Internal user interviews
Configuration flow audits
Key insights:
Console access was labeled “optional”, leading users to assume it was unnecessary
Users didn’t understand why console access was needed
Cybersecurity professionals default to least‑privilege access, making omission likely without strong context
There was no way to see missing access until it blocked an investigation
What surprised us:
The issue wasn’t user negligence — it was a UX signaling failure.
Approach:
Treated missing console access as a decision that needed to be explicit, not implicit
Focused on earlier visibility rather than reactive fixes
Key decisions:
Make console access a required step in configuration
Allow users to explicitly opt out, rather than silently skip
Record and surface opt‑out decisions for visibility later
Tradeoffs:
Preserved customer autonomy while increasing friction just enough to prevent accidental omission
Updated the configuration flow so users must either:
Provide console access details, or
Explicitly confirm they are opting out
Added visibility indicators showing which devices/integrations lacked console access
Captured opt‑out intent so SOC users understood the situation immediately
This ensured missing access was a known, intentional state, not a surprise during an investigation.
How we tested:
Reviewed flow changes with SOC users and customer‑facing teams
Monitored support ticket trends post‑launch
What improved:
Analysts could anticipate limitations earlier
Customers were more likely to add access when they understood the need
~60% decrease in console access–related tickets
Faster investigation timelines
Reduced back‑and‑forth between SOC, customer teams, and customers
Improved trust that the platform surfaced critical gaps proactively
Add contextual education explaining when and why console access is critical
Explore progressive disclosure for highly sensitive integrations
“Optional” labels can unintentionally suppress critical data
Security‑first users need clear intent signaling, not assumptions
Making decisions explicit is often more respectful — and effective — than reducing friction blindly