Tenable is a leading provider of cyber exposure management solutions
that help organizations protect their assets and data from cyber threats.


View Website
  • Timeline
  • Most Recent
  • Tools
  • Figma
  • JIRA
  • team
  • Product Designer(me)
  • Product Manager
  • 3 Developers
  • QA Manager
  • Copy Writer
  • Methods
  • User Interviews
  • User Testing
  • Stakeholders meeting
  • Journey Mapping
  • Wireframing
  • Prototyping
  • QA using JIRA

My role at Tenable

As a product designer on Tenable’s 10-person design team, I owned the Scan Management user experience of Tenable’s top three major products IO, SC, and Nessus. This involved cross-functional collaboration with the project manager, developers, copywriter, and QA analyst, to build a robust web enterprise application.

To understand our users, we started with a deep dive into the personas and user journey. From there, I designed multiple rounds of wireframes, iterating on feedback from user testing and stakeholders. I led weekly meetings with the stakeholders to walk them through my design decisions and prototypes. Once wireframes were approved, I worked with a copywriter to match the brand voice. Finally, I participated in QA and worked with the developers for the final handoff.

My Design Approach

image of Design Approach

Problem

Tenable users faced significant challenges in analyzing scan results for large assets using the older vulnerability management (VM) tool. The tool could have been more convenient, varied, and prone to freezing or breaking due to the overwhelming amount of scan data. This posed a data risk and made it unsuitable for efficient data storage. Moreover, the tool needed more effective tracking mechanisms to prioritize scans and manage assets effectively. The user needed data visualization and a list view with more detailed filter functionality for scan data.


image of problem 1



image of problem 2

Discovery

Understanding the users, the problem, and the proposed solution


I was brought in after the project had already been kicked off and scoped, so my first step was to familiarize myself with the users, the problem, and the proposed solution before jumping into the design.

The Users

For the purposes of this case study, I decided to focus on the primary users, who are the IT security managers, in charge of security systems, firewalls, and data protection controls. They need detailed information on vulnerability scanning results, CVSS score data, Asset Inventory, Assets scan results, and Unscanned assets.


User Flow

Once I had a better understanding of the users, the problem, and the proposed solution, I led a user flow session with the team. This helped me understand the different paths the user could take within the tool, which would help me complete the next iteration more effectively.

userflow

Visual Design

Bringing the sketching, ideating, and user research to life.

Making this a more self-serve, analytical product, and creating a visual view for users to analyze scan runs each month was a huge step our sales team could see.

It was the first step in creating the bridge from a mythical process that happened behind the scenes, to actually seeing filter options, what function they served and some of the scan metadata in the bottom panel to help them make a decision.


solution 1

USABILITY TESTING

Testing the prototype with actual users to iterate based on user needs and feedback

I tested the prototype with 6 IT security managers working in Fortune 500 companies who are Tenable’s customers.

To test the users I sent them the link and had them share their screens with me. I asked them to narrate their thoughts and processes as they clicked through the tasks I gave them.

Solution

A tool under TenableOne allows for organized scan data storage, easy visual view and list view for assets and plugins, and basic and advanced filter functionality. The solution we created enables security managers to easily analyze scan results and new asset updates.

solution 2

REFLECTION & RESULT

Looking back on what went well and what could have been improved

This project was incredibly challenging and rewarding. I learned how to work with limited time, resources, and budget to arrive at the best possible outcome for the users. For example, I did brainstorming sessions with PMs on how we can show a visual view of scan metadata in the bottom panel and calender functionality so users can view scan status based on the calendar (days/weeks) and I am confident I will bring this to my next projects.


If I could go back and change things, here’s what I would have changed:

  • I would have been involved in the scoping of the project to ensure enough hours were allocated to UX to go through more of the UX process.
  • I would have started wanting to work with developers earlier on in the process to make sure I was designing for cleaner data storage in the back end.

UX Impact

  • Designed and delivered scan template feature in Tenable IO, a new feature for 40,000 active organizations, resulting in 20% increased sales.
  • Improved satisfaction rates by 12% and engagement of the scan experience by introducing Scan Analytical View and Scan List view with metadata.
  • Redesigned and delivered Tenable’s internal tool DemoLAB which helps sales managers, product managers, and engineers to monitor different versions of the product features.
  • Redesigned and closed gaps between Tenable IO and Tenable SC and Nessus to the new interface. The path is the way to deprecate the old interface entirely.
  • Designed and delivered Analytical view and Accountability features for managed security service providers (MSSP).
  • Designed centralized network management of security center products to facilitate reporting and management of multiple consoles, scanners, and assets.
  • Collaborated with other designers to iterate on Tenable’s design system by adding new component libraries and standardizing the color system of fusion charts for dark and light themes.
Unfortunately, I cannot disclose more information regarding
this projects but happy to discuss on a call.