Role: Lead Product Designer

Tools: Figma (Animation + Prototyping)

Team: UX Design, Product Manager, Engineering

Timeline: 3 months (May 2025 - July 2025)

Responsibilities

I supported the greater UX platform team with building out Unity, including documentation and specification work of core components and patterns, tokens and framed out governance and adoption recommendations across all cortex products for designers and engineering.

Vulnerability Attack Path

The primary objective of the Vulnerability Graph is to provide a visual and detailed analysis of how a specific vulnerability is introduced into a given asset and the environmental risks that were identified in runtime by tracing it back to the exact code that created it and the exposure risks that were found. With this information, users can quickly access the situation and make informed decisions.I am the lead product designer for this feature and work closely with Product and Engineering. This requires close collaboration with the Platform and the cloud team. This is an ongoing project that we are validating.

PROBLEM STATEMENT

The problem

It's common to find security teams struggling with the task to effectively remediate vulnerabilities found in runtime and understand the risk factors that may be increasing the risk of exploitation of a given vulnerability.

The causes are related to lack of comprehensive visibility across the application lifecycle and a poor understanding of issue origins. This is compounded by insufficient guidance on root causes and remediation, missing ownership information that delays fixes, and a limited grasp of environmental risk factors associated with vulnerabilities.

Challenges

01

The solution should leverage existing platform components and patterns to ensure a unified experience. New patterns will need require cross-team efforts with the platform.

02

There are data dependencies with other engineering teams that will impact and possibly limit scope and engineering efforts.

Success metrics

Adoption

Track usage of active users that have loaded the dashboard at least once.

Engagement

Track the frequency of the widget engagmeents, followed by filters.

Personas

Based on our team’s user research, there are two key personas we are focused on—Cloud Security Analysts and DevOps Engineers—to build empathy and align design decisions with their distinct goals and pain points.

Cloud Security Analyst

Domain Knowledge

Advance

High

Limited

Operate In-Product

Frequent

Occasional

None

Responsibilities:

  • Validating alerts, investigating incidents, and prioritizing actions by severity.
  • Contacting asset owners for remediation and running automation sequences.
  • Understanding cloud inventory, response workflows, and incident playbooks.
  • Setting up investigation dashboards and assigning remediation tasks.

Motivations:

  • Maintain peer credibility for remediation requests
  • Minimize security issues and vulnerabilities
  • Build security expertise to identify patterns

Pain Points:

  • Alert overload from false positives.
  • Difficult issue validation due to insufficient information
  • Inconsistent inventory and data discrepancies
  • Limited automation confidence
  • Cumbersome compliance reporting and complex simple tasks

GOals:

  • Proactively secure infrastructure against critical vulnerabilities.
  • Prevent data breaches and enable early threat detection.
  • Prioritize expertise over triage speed.

DevOps Engineer

Domain Knowledge

Advance

High

Limited

Operate In-Product

Frequent

Occasional

None

Responsibilities:

  • Monitor workloads for drift and policy violations using Prisma Cloud.
  • Remediate security issues (misconfigurations, vulnerabilities) via code fixes and redeployments.
  • Integrate CI/CD/SCM plugins (e.g., PR comments) for pre-merge/deploy issue detection.
  • Collaborate with the security team on policy exceptions, guidance, and fix prioritization.

Motivations:

  • Collaborating with the cloud security team to understand how security policies apply to our applications and infrastructure.
  • Ensuring cloud resources are properly tagged for visibility, ownership, and policy application.

Pain Points:

  • Difficulty determining vulnerability root cause.
  • Challenges in locating source and identifying ownership.
  • Slow identification of vulnerability origin (base image, VM, OSS, 3rd party).

GOals:

  • Seamless security integration into developer workflows with minimal friction.
  • Automated compliance with clear feedback loops, reducing manual effort.
  • Timely notifications for runtime and deployment policy violations.
  • Collaborative exception handling, false positive resolution, and fix implementation with security.

Competitor Research

Analyzing competitors provided valuable insights into industry standards and opportunities.

Strength:

  • Showing attack path info in a list view for an asset, highlighting crown jewels
  • Attack story explains the attack path

Weaknesses:

  • UI can look too crowded and requires a lot of clicks to get to the important information

Strength:

  • Modern UI design
  • Built with flexibility and can provide deep context

Weaknesses:

  • Potentially information overload with the sheer volume of data it can potentially display

Strength:

  • Provides direct recommendations within the attack path visualization

Weaknesses:

  • Visually outdated design UI
  • Limited and inflexible

Exploration & Design

The main focus of the exploration work is to help product gather VM use cases and ultimately requirements across several separate teams.

Investigation

User Flows

Developed user flows of how analysts would investigate the root cause of an issue - specifically all assets affected by a certain vulnerability issue across the entire application lifecycle. This allowed us to identify what risk factors, mitigating controls associated with an issue analysts need to understand.

High Fidelity Designs

Iterating on Designs

I went from user flow diagrams to high fidelity mocks because we wanted to conduct several feedback sessions with product managers, designers, and Domain consultants. The attack graph was prototyped and animated to truly communicate how we wanted the graph to behave.

Our goals was to evaluate comprehension, identify edge cases, and validate the data against what analysts and DevOp Engineers would be looking for.

MVP

Final MVP is an interactive visualization that allows analysts to quickly discover the root cause of a vulnerability, understand the risk factors as well as the mitigating controls associated with that particular issue. This gives more visibility across all asset types (including repositories to runtime) and allow analysts to communicate fix instructions to asset owners.

Design Details

Attack Surface Testing

Attack Surface Testing (AST) is a module offered (previously for ASM customers) on the XSIAM platform. It conducts daily continuous assessment on internet-exposed assets to confirm true vulnerabilities. This additional layer allows us to validate and reinforce that the asset is confirmed vulnerable, or confirmed not vulnerable.

Risk Mitigation

A key requirement for the attack path feature is to highlight risk mitigation controls available to the analyst. We needed to provide a visual cue to identify whether there was an agent or firewall detected, misconfigured, or blocked.

Code to Cloud Tracing

The largest risk in this project is the code to cloud tracing aspect. It hinged on another engineering team to deliver (data). With only the partial journey, users would still be missing entire picture to determine the root cause.

At a minimum, we are still able to show if the vulnerability comes from a base image, VM image or OSS package. This gives analysts a minimal picture of what they need to know when investigating an issue.

Takeaways

01

Agile design: a flexible, iterative design approach helps the team adapt design and user experience processes to be more responsive to change and user feedback. Don't let perfection get in the way of progress.

02

Missing Data: we were faced with the challenge of project dependencies that impact much of the MVP capabilities. Any risk of those projects will impact what engineering is capable to deliver. It is critical to connect with engineering and product very early to validate what is possible and provide design solutions for when we are missing critical data.

Lynn Nguyen

Product Designer

Role: Lead Product Designer

Tools: Figma (Animation + Prototyping)

Team: UX Design, Product Manager, Engineering

Timeline: 3 months (May 2025 - July 2025)

Responsibilities

I supported the greater UX platform team with building out Unity, including documentation and specification work of core components and patterns, tokens and framed out governance and adoption recommendations across all cortex products for designers and engineering.

Vulnerability Attack Path

The primary objective of the Vulnerability Graph is to provide a visual and detailed analysis of how a specific vulnerability is introduced into a given asset and the environmental risks that were identified in runtime by tracing it back to the exact code that created it and the exposure risks that were found. With this information, users can quickly access the situation and make informed decisions.I am the lead product designer for this feature and work closely with Product and Engineering. This requires close collaboration with the Platform and the cloud team. This is an ongoing project that we are validating.

PROBLEM STATEMENT

The problem

It's common to find security teams struggling with the task to effectively remediate vulnerabilities found in runtime and understand the risk factors that may be increasing the risk of exploitation of a given vulnerability.

The causes are related to lack of comprehensive visibility across the application lifecycle and a poor understanding of issue origins. This is compounded by insufficient guidance on root causes and remediation, missing ownership information that delays fixes, and a limited grasp of environmental risk factors associated with vulnerabilities.

Challenges

01

The solution should leverage existing platform components and patterns to ensure a unified experience. New patterns will need require cross-team efforts with the platform.

02

There are data dependencies with other engineering teams that will impact and possibly limit scope and engineering efforts.

Success metrics

Adoption

Track usage of active users that have loaded the dashboard at least once.

Engagement

Track the frequency of the widget engagmeents, followed by filters.

Personas

Based on our team’s user research, there are two key personas we are focused on—Cloud Security Analysts and DevOps Engineers—to build empathy and align design decisions with their distinct goals and pain points.

Cloud Security Analyst

Domain Knowledge

Advance

High

Limited

Operate In-Product

Frequent

Occasional

None

Responsibilities:

  • Validating alerts, investigating incidents, and prioritizing actions by severity.
  • Contacting asset owners for remediation and running automation sequences.
  • Understanding cloud inventory, response workflows, and incident playbooks.
  • Setting up investigation dashboards and assigning remediation tasks.

Motivations:

  • Maintain peer credibility for remediation requests
  • Minimize security issues and vulnerabilities
  • Build security expertise to identify patterns

Pain Points:

  • Alert overload from false positives.
  • Difficult issue validation due to insufficient information
  • Inconsistent inventory and data discrepancies
  • Limited automation confidence
  • Cumbersome compliance reporting and complex simple tasks

GOals:

  • Proactively secure infrastructure against critical vulnerabilities.
  • Prevent data breaches and enable early threat detection.
  • Prioritize expertise over triage speed.

DevOps Engineer

Domain Knowledge

Advance

High

Limited

Operate In-Product

Frequent

Occasional

None

Responsibilities:

  • Monitor workloads for drift and policy violations using Prisma Cloud.
  • Remediate security issues (misconfigurations, vulnerabilities) via code fixes and redeployments.
  • Integrate CI/CD/SCM plugins (e.g., PR comments) for pre-merge/deploy issue detection.
  • Collaborate with the security team on policy exceptions, guidance, and fix prioritization.

Motivations:

  • Collaborating with the cloud security team to understand how security policies apply to our applications and infrastructure.
  • Ensuring cloud resources are properly tagged for visibility, ownership, and policy application.

Pain Points:

  • Difficulty determining vulnerability root cause.
  • Challenges in locating source and identifying ownership.
  • Slow identification of vulnerability origin (base image, VM, OSS, 3rd party).

GOals:

  • Seamless security integration into developer workflows with minimal friction.
  • Automated compliance with clear feedback loops, reducing manual effort.
  • Timely notifications for runtime and deployment policy violations.
  • Collaborative exception handling, false positive resolution, and fix implementation with security.

Competitor Research

Analyzing competitors provided valuable insights into industry standards and opportunities.

Strength:

  • Showing attack path info in a list view for an asset, highlighting crown jewels
  • Attack story explains the attack path

Weaknesses:

  • UI can look too crowded and requires a lot of clicks to get to the important information

Strength:

  • Modern UI design
  • Built with flexibility and can provide deep context

Weaknesses:

  • Potentially information overload with the sheer volume of data it can potentially display

Strength:

  • Provides direct recommendations within the attack path visualization

Weaknesses:

  • Visually outdated design UI
  • Limited and inflexible

Exploration & Design

The main focus of the exploration work is to help product gather VM use cases and ultimately requirements across several separate teams.

Investigation

User Flows

Developed user flows of how analysts would investigate the root cause of an issue - specifically all assets affected by a certain vulnerability issue across the entire application lifecycle. This allowed us to identify what risk factors, mitigating controls associated with an issue analysts need to understand.

High Fidelity Designs

Iterating on Designs

I went from user flow diagrams to high fidelity mocks because we wanted to conduct several feedback sessions with product managers, designers, and Domain consultants. The attack graph was prototyped and animated to truly communicate how we wanted the graph to behave.

Our goals was to evaluate comprehension, identify edge cases, and validate the data against what analysts and DevOp Engineers would be looking for.

MVP

Final MVP is an interactive visualization that allows analysts to quickly discover the root cause of a vulnerability, understand the risk factors as well as the mitigating controls associated with that particular issue. This gives more visibility across all asset types (including repositories to runtime) and allow analysts to communicate fix instructions to asset owners.

Design Details

Attack Surface Testing

Attack Surface Testing (AST) is a module offered (previously for ASM customers) on the XSIAM platform. It conducts daily continuous assessment on internet-exposed assets to confirm true vulnerabilities. This additional layer allows us to validate and reinforce that the asset is confirmed vulnerable, or confirmed not vulnerable.

Risk Mitigation

A key requirement for the attack path feature is to highlight risk mitigation controls available to the analyst. We needed to provide a visual cue to identify whether there was an agent or firewall detected, misconfigured, or blocked.

Code to Cloud Tracing

The largest risk in this project is the code to cloud tracing aspect. It hinged on another engineering team to deliver (data). With only the partial journey, users would still be missing entire picture to determine the root cause.

At a minimum, we are still able to show if the vulnerability comes from a base image, VM image or OSS package. This gives analysts a minimal picture of what they need to know when investigating an issue.

Takeaways

01

Agile design: a flexible, iterative design approach helps the team adapt design and user experience processes to be more responsive to change and user feedback. Don't let perfection get in the way of progress.

02

Missing Data: we were faced with the challenge of project dependencies that impact much of the MVP capabilities. Any risk of those projects will impact what engineering is capable to deliver. It is critical to connect with engineering and product very early to validate what is possible and provide design solutions for when we are missing critical data.

Lynn Nguyen

Product Designer

Vulnerability Attack Path

The primary objective of the Vulnerability Graph is to provide a visual and detailed analysis of how a specific vulnerability is introduced into a given asset and the environmental risks that were identified in runtime by tracing it back to the exact code that created it and the exposure risks that were found. With this information, users can quickly access the situation and make informed decisions.

Responsibilities

I am the lead product designer for this feature and work closely with Product and Engineering. This requires close collaboration with the Platform and the cloud team. This is an ongoing project that we are validating.

Role: Lead Product Designer

Tools: Figma (Animation + Prototyping)

Team: UX Design, Product Manager, Engineering

Timeline: 3 months (May 2025 - July 2025)

PROBLEM STATEMENT

The problem

It's common to find security teams struggling with the task to effectively remediate vulnerabilities found in runtime and understand the risk factors that may be increasing the risk of exploitation of a given vulnerability.

The causes are related to lack of comprehensive visibility across the application lifecycle and a poor understanding of issue origins. This is compounded by insufficient guidance on root causes and remediation, missing ownership information that delays fixes, and a limited grasp of environmental risk factors associated with vulnerabilities.

Challenges

01

The solution should leverage existing platform components and patterns to ensure a unified experience. New patterns will need require cross-team efforts with the platform.

02

There are data dependencies with other engineering teams that will impact and possibly limit scope and engineering efforts.

Success metrics

Adoption

Track usage of active users that have loaded the dashboard at least once.

Engagement

Track the frequency of the widget engagmeents, followed by filters.

Personas

Based on our team’s user research, there are two key personas we are focused on—Cloud Security Analysts and DevOps Engineers—to build empathy and align design decisions with their distinct goals and pain points.

Cloud Security Analyst

Domain Knowledge

Advance

High

Limited

Operate In-Product

Frequent

Occasional

None

Responsibilities:

  • Validating alerts, investigating incidents, and prioritizing actions by severity.
  • Contacting asset owners for remediation and running automation sequences.
  • Understanding cloud inventory, response workflows, and incident playbooks.
  • Setting up investigation dashboards and assigning remediation tasks.

Motivations:

  • Maintain peer credibility for remediation requests
  • Minimize security issues and vulnerabilities
  • Build security expertise to identify patterns

Pain Points:

  • Alert overload from false positives.
  • Difficult issue validation due to insufficient information
  • Inconsistent inventory and data discrepancies
  • Limited automation confidence
  • Cumbersome compliance reporting and complex simple tasks

GOals:

  • Proactively secure infrastructure against critical vulnerabilities.
  • Prevent data breaches and enable early threat detection.
  • Prioritize expertise over triage speed.

DevOps Engineer

Domain Knowledge

Advance

High

Limited

Operate In-Product

Frequent

Occasional

None

Responsibilities:

  • Monitor workloads for drift and policy violations using Prisma Cloud.
  • Remediate security issues (misconfigurations, vulnerabilities) via code fixes and redeployments.
  • Integrate CI/CD/SCM plugins (e.g., PR comments) for pre-merge/deploy issue detection.
  • Collaborate with the security team on policy exceptions, guidance, and fix prioritization.

Motivations:

  • Collaborating with the cloud security team to understand how security policies apply to our applications and infrastructure.
  • Ensuring cloud resources are properly tagged for visibility, ownership, and policy application.

Pain Points:

  • Difficulty determining vulnerability root cause.
  • Challenges in locating source and identifying ownership.
  • Slow identification of vulnerability origin (base image, VM, OSS, 3rd party).

GOals:

  • Seamless security integration into developer workflows with minimal friction.
  • Automated compliance with clear feedback loops, reducing manual effort.
  • Timely notifications for runtime and deployment policy violations.
  • Collaborative exception handling, false positive resolution, and fix implementation with security.

Competitor Research

Analyzing competitors provided valuable insights into industry standards and opportunities.

Orca Security

Strength:

  • Showing attack path info in a list view for an asset, highlighting crown jewels
  • Attack story explains the attack path

Weaknesses:

  • UI can look too crowded and requires a lot of clicks to get to the important information

Wiz

Strength:

  • Modern UI design
  • Built with flexibility and can provide deep context

Weaknesses:

  • Potentially information overload with the sheer volume of data it can potentially display

Microsoft Defender for Cloud

Strength:

  • Provides direct recommendations within the attack path visualization

Weaknesses:

  • Visually outdated design UI
  • Limited and inflexible

Exploration & Design

The main focus of the exploration work is to help product gather VM use cases and ultimately requirements across several separate teams.

Investigation

User Flows

Developed user flows of how analysts would investigate the root cause of an issue - specifically all assets affected by a certain vulnerability issue across the entire application lifecycle. This allowed us to identify what risk factors, mitigating controls associated with an issue analysts need to understand.

High Fidelity Designs

Iterating on Designs

I went from user flow diagrams to high fidelity mocks because we wanted to conduct several feedback sessions with product managers, designers, and Domain consultants. The attack graph was prototyped and animated to truly communicate how we wanted the graph to behave.

Our goals was to evaluate comprehension, identify edge cases, and validate the data against what analysts and DevOp Engineers would be looking for.

MVP

Final MVP is an interactive visualization that allows analysts to quickly discover the root cause of a vulnerability, understand the risk factors as well as the mitigating controls associated with that particular issue. This gives more visibility across all asset types (including repositories to runtime) and allow analysts to communicate fix instructions to asset owners.

Design Details

Attack Surface Testing

Attack Surface Testing (AST) is a module offered (previously for ASM customers) on the XSIAM platform. It conducts daily continuous assessment on internet-exposed assets to confirm true vulnerabilities. This additional layer allows us to validate and reinforce that the asset is confirmed vulnerable, or confirmed not vulnerable.

Risk Mitigation

A key requirement for the attack path feature is to highlight risk mitigation controls available to the analyst. We needed to provide a visual cue to identify whether there was an agent or firewall detected, misconfigured, or blocked.

Code to Cloud Tracing

The largest risk in this project is the code to cloud tracing aspect. It hinged on another engineering team to deliver (data). With only the partial journey, users would still be missing entire picture to determine the root cause.

At a minimum, we are still able to show if the vulnerability comes from a base image, VM image or OSS package. This gives analysts a minimal picture of what they need to know when investigating an issue.

Takeaways

01

Agile design: a flexible, iterative design approach helps the team adapt design and user experience processes to be more responsive to change and user feedback. Don't let perfection get in the way of progress.

02

Missing Data: we were faced with the challenge of project dependencies that impact much of the MVP capabilities. Any risk of those projects will impact what engineering is capable to deliver. It is critical to connect with engineering and product very early to validate what is possible and provide design solutions for when we are missing critical data.