ShieldOps is a security operations dashboard designed to cut through data overload
and help analysts act with confidence. Built around clarity, speed, and trust, the
platform transforms dense streams of threats, compliance metrics, and asset data into
modular, actionable insights—empowering SecOps teams to detect, investigate, and
resolve attacks without losing focus in the chaos.
A Unified Design Language for a Global Digital Ecosystem
Context
As part of a UX design take-home challenge, I was tasked with designing a network security dashboard to help Security Operations (SecOps) teams detect, monitor, and investigate threats effectively.
The assignment required addressing six core modules: Threats, Compliance, Assets, Source–Destination Pairs, Threat Frequency, and Payload. The goal was to balance data density with usability, enabling analysts to work with clarity under pressure.
Problem
Overwhelm users with low-severity alerts
Lack clear source-to-destination context
Make it difficult to track compliance metrics (MTTD/MTTR)
Provide opaque confidence scores without explainability
SecOps teams face data overload, alert fatigue, and high-stakes decisions. Existing
dashboards often fail because they:
Design challenge: Create a dashboard that surfaces critical data
quickly, reduces noise, and supports smooth triage workflows.
UNDERSTANDING THE PROBLEM
Designing for Clarity, Control & Confidence in Security Operations
Jane is a seasoned SecOps analyst working at a mid-to-large tech enterprise. With over 8 years in cybersecurity, he monitors real-time threats, investigates anomalies, ensures compliance, and protects high-value assets.
He needs a dashboard that surfaces critical data fast, prioritizes actionable insights, and enables smooth threat triage and resolution—all without overwhelming him.
Role: L2 SOC Analyst
Org Type: Financial Enterprise
Tools: SIEM, DNS Logs, End-point Alerts
Goals:
Prioritize real threats
Reduce time spent on false positives
Confidently act on alerts
Pain Points:
Alert fatigue
Low confidence in scores
Manual source-destination tracing
Where the Breakdown Happens....
Product Challenges
Balancing data density with visual clarity
Designing for multiple data types: threats, assets, payloads
Supporting both summaries and drill-down workflows
Aligning with triage, investigation, and action flows
INFORMATION ARCHITECTURE
Dashboard Structure & Module Overview
ShieldOps is structured around operational clarity, letting users scan summaries or dive deep—without getting lost.
ShieldOps dashboard consists of six key modules designed to provide focused insights and actionable data, helping users efficiently monitor, analyze, and respond to security events.
6 Modules:
THREAT FEED : Review live threats by severity, confidence, and reputation
COMPLIANCE : Track MTTD / MTTR and trend metrics
ASSETS : Manage critical assets and system-tagged watchlists
SOURCE - DESTINATION : Investigate attacker patterns and origins
FREQUENCY : Monitor spikes, dips, and anomalies in threat trends
PAYLOAD : Understand what’s being delivered and to where
VISUAL FRAMEWORK
Design Process & Grid System
Outlining the foundational design steps and the responsive grid system behind ShieldOps—ensuring a balanced, intuitive interface that scales across use cases.
What did I do?
Grid Layout - Scalable & Responsive
Main Dashboard Design
INSIGHTS TO INTERFACE: TRANSLATING NEEDS INTO DESIGN
A modular control center designed for clarity, urgency, and scalable threat visibility.
01. Threat Overview
Clarity and action in the Threat Investigation Worflow
• Designed for fast triage and deep investigation—where every click leads to action.
• This module provides analysts with a detailed view of incoming threats, ranked by system-evaluated
scores, labels, and traceability.
02. Network Origin Analysis
For fast triage and deep investigation—where every click leads to action.
• This module helps to identify the most frequent source-destination IP pairs involved in threats and
enable filtering for deeper investigation.
03. Compliance
Designing for Trend Awareness and Data-Driven Response Decisions
• The compliance section is designed to help analysts quickly assess how well the organization is
detecting and resolving threats — both at a glance and over time.
04. Threat Frequency
Visualizing operational efficiency and uncovering threat trends over time.
• This module provides visibility into the volume of incoming threats over time — enabling analysts to
detect spikes, patterns, or unusual lulls that may indicate shifts in attacker behavior or detection
performance.
05. Asset Watchlist
Designing for Prioritization, Tagging, and Intelligence
• This module help users monitor key or vulnerable assets and allow system + user-generated tracking of
assets with threat history.
06. Payload Visibility
Focusing attention on what matters most—your
• This module provides visibility of the file type or the size of payloads - enabling the analyst to view
trends with respect to similar file types affecting the system.
Designing for Intelligence at the Point of Decision
Turning Insight into Action: A Design Concept - You've to
change this
Enhancing threat triage with contextual summaries, kill-chain insights, and actionable AI-driven
recommendations — designed to reduce analyst workload and accelerate decision-making.
AI Driven Opportunity
Embed an “AI Assistant Panel” that offers:
• Natural Language Summaries of active threats, e.g.,
“This is a high-severity phishing attempt from a poor-reputation source, likely targeting finance
systems.”
• Suggested Actions, e.g.,
“Alert IT, block source IP, or mark as false positive?”
• Explainability & Learning Mode
“Why was this marked critical?” → The assistant explains based on Severity + Confidence + Reputation.
• Conversational Querying
“Show me unresolved high confidence threats from last 24 hours targeting finance assets.”
Why This Matters?
• Reduces mental load for analysts
• Helps new team members get up to speed
• Accelerates detection → decision → action
• Brings explainability and trust to AI in security
SYSTEMATIZING UX
Design System & Interaction Rationale
Reflections & UX Impact
Designing with purpose: driving confident decisions, faster responses, and scalable SecOps workflows.
01 . USER-CENTERED OUTCOMES
Significantly can reduced threat detection time through intuitive visual alerts and seamless drill-down capabilities.
Enabled effective prioritization of threats and critical assets using structured tagging, threat matrices, and personalized watchlists.
02 . DESIGN THINKING
Aligned design with key user goals: rapid detection, triage, and thorough investigation.
Tried to achieve an optimal balance between data density and clarity via thoughtfully designed graphs, summary metrics, and contextual tables.
03 . Impactful Micro-Interactions
Micro-interactions such as tooltips, sorting, and dynamic labeling foster user confidence and informed decision-making.
Streamlined interaction flows minimize clicks, enhancing situational awareness and operational efficiency.
04 . KEY LEARNINGS
Developed a structured approach to translating complex security data into clear, user-centric visual hierarchies.
Deepened my understanding of designing interactions that align with high-pressure investigative workflows in SecOps environments.
Strengthened my ability to establish scalable, reusable design components that promote consistency and efficiency.
Gained valuable insight into responsibly integrating AI features that support decision-making through explainability and contextual relevance.