Leading thru a year of turmoil

Sr. Manager, Product Design / Analyst Experience Pod Design Lead
Secureworks – Taegis XDR
2023

In 2023, the UX team lost 14 team members (nearly 50% of the team) over two separate work force reductions. Around the same time, the Docs and Training team joined the UX team, resulting in the integration of a group of newly defined content strategists. Everyone was stressed, wondering how their roles and projects would be impacted.

The new pod model

Secureworks follows an empowered team structure, where cross-functional teams are organized around specific product verticals. Product designers had been embedded within each empowered team, but we no longer had enough designers to support a 1:1 alignment, so in early 2023 we shifted to a new pod model where multiple designers supported multiple teams.

I assumed the role of design lead for the Analyst Experience pod, overseeing a team of three product designers, one researcher, and one content strategist (all but the content strategist are also my direct reports). My pod focuses on the security analyst persona (our product’s primary user) and supports six empowered teams, including Investigate & Respond, Prioritization & Triage, Search, Detection Platforms, Tactic Graphs, and Entity Graph/Context.

Focus on productivity and visibility

It was important to me to keep the team’s morale and productivity up. I also wanted our work to have an impact and keep us in front of leadership, so I immediately started meeting with the other pod leads (one each from Product Management and Engineering) plus the product managers of our six empowered teams to talk through their roadmaps and where they would need UX support throughout the year.

I prioritized, planned, assigned, and tracked UX work across those teams (plus the pod’s strategic discovery work, which wasn’t on the roadmap yet). Even though we had less UX resources, I was able to leverage each person’s strengths to make us more focused and efficient. As a result we got all the tactical roadmap work done on time and still had the time and energy to do some compelling discovery work around our future product vision.

Impact

Our pod delivered several new AI-powered features including a new Threat Score and AI-generated explainers for investigation summaries, alert detection logic, and command lines. These initiatives were industry innovations aimed at seamlessly integrating AI into security analyst workflows and positively impacting the analyst’s workload, productivity, and outcomes.

Threat Score inside Alerts page

Threat Score overlay and AI detection logic explainer inside an alert detail page

We also designed and launched (to Private Preview) the Taegis Entity Graph, helping security analysts and incident responders visualize and communicate the blast radius of an incident and quickly perform entity-specific response actions. Entity Graph was the top 10 requested feature of all time, and is already getting some great customer validation:

“This is really something that was missing in the product, and when I saw it for the first time, I said god…this is great! Visibility into the entity relationships saved us significant time.”

Taegis Entity Graph

Continuous discovery

On the UX research front, we introduced weekly continuous discovery sessions with internal Security Operations, external customers, and MSSP partners, effectively integrating user research into the design process to collect actionable insights.

Because our UX research team was impacted so hard by the WFRs, our pod’s researcher got really creative with his recruiting process, introducing targeted in-app Pendo forms to recruit research volunteers from our customer and partner base. Over 120 users volunteered in a matter of days before he paused the form.

The continuous discovery sessions have been so successful that other pods are now adopting them as well.

Vision work

My pod also pushed through ambiguity to lead strategic cross-functional discussions and brainstorming activities around what was to become a new Incident-based Workflow vision. (Today Secureworks leverages an alerts-based paradigm where security analysts triage hundreds of critical and high individual alerts a day trying to determine their significance and potential impact.)

We started with stakeholder interviews, talking to senior leadership across the organization about what an ideal security analyst experience would look like (if we ignored technical limitations and existing service descriptions).

I then synthesized the results of the interviews, identified themes, and we met as a pod to discuss what we had learned and determine next steps.

One of our lively stakeholder interviews (left) with the entire pod; the themes we identified as presented in our deck to leadership (right)

From there the path forward became really clear. We recommended a new type of workflow – an Incident-based workflow – which would leverage AI and other rules to auto-create an “incident” of correlated alerts, with key findings and recommendations already drafted. This would not only make analysts more efficient, but transform their role into something more high-level and less tedious.

In June, we shared our vision for the new Incident-based Workflow with the leadership team, including heads of Product, Engineering, UX, and other Senior Directors, and received their unanimous agreement on our recommendation.

We started socializing our vision with other stakeholders and sketching out some flows and ideas. We set up feedback sessions with our internal security analysts and tweaked our ideas accordingly.

We refined those ideas into some low-fidelity wireframes and before and after journey maps, and shared this next iteration with internal analysts as well.

In July I presented our vision and progress to 60+ people from Product, UX, and Engineering and it got a great reception.

In August we had a second round of work force reductions. 🙃

While we didn’t lose anyone in our pod, the Product Management and UX teams were reduced by 20%, and our Incident-workflow vision was temporarily paused while everything shook out. It was revisited at our Product offsite this past November, where ~35 of us, including the VP of product, participated in a vision workshop (facilitated by our pod’s researcher) to ideate further on what we had started. This exercise included identifying empowered teams that would be impacted and strategizing where we could start putting pieces of the vision into these teams’ roadmaps.

The path forward

The UX team has embraced this new pod model and we’ve worked out most of the kinks over the past year. Roadmaps for FY25 (Secureworks new fiscal year started on Feb 1, 2024) are being finalized and my team is aligned and engaged. Building blocks for the Incident-based Workflow have been prioritized in several of the empowered teams’ roadmaps, and backend API work is underway as well.

I just conducted my team’s annual performance reviews and the 360 feedback they received from product management, the UI team, backend engineering, and other UXers was overwhelmingly positive.

“Lisa’s contributions in FY24 as a pod leader have been exceptional; she is a hands-on leader who is equally comfortable rolling up her sleeves and helping out, as well as delegating work to the designers in her pod.” – Sr. Director Product Design and Research at Secureworks