Threat Stack

Threat Stack had made a new commitment to provide its users with actionable insights. Leadership sent out a directive for Product to build some kind of analytics feature. As the sole UX Researcher, I embarked on a mission to find out what this should look like. Through robust user research and team ideations, we created an analytics feature that would come to be known as: Inform.

In order to gain a high-level understanding of the space, we conducted a focus group on security challenges and analytics. Eleven customers joined us for a multi-hour discussion and problem solving event.

Key Findings

• Customers need help baselining what is normal in their environments
• Baselining needs to be sensitive to seasonal behaviors, such as maintenance
• Data exfiltration was cited as the top concern of participants
• Concern about user activity goes beyond typical anomalous behavior from external parties, but also to monitoring and alerting of insider threats, namely, risky behavior of developers
• The term analytics evokes feelings of skepticism and overwhelm

The UX team got together with the Product Management and Post-Sales Engineering to ideate solutions.

After the focus group, I took a deeper dive by talking one-on-one with customers. Six participants from five organizations took part in user interviews.

"I need you to separate the important stuff from the noise"

"We're judging a lot from the gut - easy to miss things when just relying on rules"

With generative research complete, the first iteration of wireframes were created for design validation with users. Below illustrates the process of using the Inform feature.

Step 1

Step 2

Step 3

The Inform initiative was exciting to be a part of. There was a lot of buzz about what we were building, both internally and with customers. Unfortunately, right as we were about to validate the design with users, Threat Stack leadership decided to put the initiative on hold, in order to focus on its intrusion detection capabilities.