Designing the MVP of a Cybersecurity SOC Tool
Client
Cybersecurity Services
Role
Lead Product Designer
Platforms
Desktop
About the Client
The client company was a newly established startup with 3 founding members who previously worked at one of the leading existing cybersecurity companies. With over 30 years of experience in the cybersecurity space, they had a different vision and scope for cybersecurity SIEMs than their previous company, and therefore set out to build a new one.
Problem & Context
The client recognized significant limitations in existing cybersecurity SIEM (Security Information and Event Management) solutions. Analysts were often overwhelmed with excessive data, making it difficult to focus on what truly mattered. In addition, much of the workload around case creation and initial reporting was still manual, slowing down the response to security threats.
Their vision was to build a SIEM that:
Reduced cognitive load by surfacing only the most relevant data to Analysts.
Automated repetitive tasks such as case generation and initial report creation.
Was fully aligned with the NIST Cybersecurity Framework (CSF) to ensure industry compliance and scalability.
The scope of the MVP focused on designing core workflows for two key user roles: Super Admin and Analyst.
Stakeholders & Team
Chief Technology Officer,
1 Developer,
1 Product Designer (me)
Initial Brief and Requirements
The initial domain and requirement research required me to study the NIST Cybersecurity Framework (CSF) to understand the desired architecture of the product and all the functions and sub-tasks could be performed from.
Key Requirements:
— Architecture of the tool should be as per the NIST Cybersecurity Framework (CSF)
— Design the flows for user roles of a Super Admin and an Analyst
— For the Analyst, the details on the screen should always be in context of a client which should be selectable using a global filter.
Information Architecture
For the information architecture of the product, I studied the framework and closely worked with the CTO to define the main modules of the product. This would strictly follow the guidelines of the modules as mentioned in the framework. The modules are Govern, Identify, Protect, Detect, Response and Recover. These would be the items in the primary navigation of the product, and all of these modules would be viewed in the context of a client selected on the global level filter.
Under each module, there were subsequent functions that an Analyst could perform and data points that they could view. Since the information architecture is unique to the tool and protected by NDA, it can’t be presented here.
Wireframing
As part of the first version of the prototype, I created low-fidelty mockups for each of the modules. Here's some selected wireframes.
Final Output
After the wireframes were approved, we selected the Carbon Design System to go ahead for the final designs. Here's some selected screens of the final output.
Outcomes & Impact
Over the course of the project, we built an MVP for the proof of concept of the product and quickly developed a high fidelity prototype that covers basic functionality of a typical cybersecurity SOC tool. In the process, we also laid the groundwork and foundation for the implementation of agentic AI tools that would be context aware and allow users to perform tasks in the cybersecurity space with ease.
Future Scope & Learnings
Since the prototype of the product with its core functionality is now built, the next phase focuses more on engineering and development to ensure proper functionality of those functions and all the role based user
