Security Advisor
Defining How AI Lives Within Cybersecurity Analyst Workflows
Security Advisor
Defining How AI Lives Within Cybersecurity Analyst Workflows
Security Advisor
Defining How AI Lives Within Cybersecurity Analyst Workflows
YEAR
YEAR
YEAR
2025
2025
2025
ROLE
ROLE
ROLE
UX Lead
UX Lead
UX Lead
PRODUCT
PRODUCT
PRODUCT
Web Platform
Web Platform
Web Platform
THE OPPORTUNITY
THE OPPORTUNITY
THE OPPORTUNITY
As AI reshaped workflows across industries, cybersecurity remained largely manual. While over 70% of products in fields like marketing and design had adopted AI assistance, most security tools still depended on rule-based automation. This gap created an opportunity for ThreatDown to define how AI could meaningfully support analysts.
Security analysts spent much of their time triaging alerts and cross-referencing data, work that was repetitive and mentally taxing. Thoughtfully introducing AI had the potential to ease that load, speed up investigations, and provide richer context, positioning ThreatDown as a trusted partner that amplified analyst performance.
As AI reshaped workflows across industries, cybersecurity remained largely manual. While over 70% of products in fields like marketing and design had adopted AI assistance, most security tools still depended on rule-based automation. This gap created an opportunity for ThreatDown to define how AI could meaningfully support analysts.
Security analysts spent much of their time triaging alerts and cross-referencing data, work that was repetitive and mentally taxing. Thoughtfully introducing AI had the potential to ease that load, speed up investigations, and provide richer context, positioning ThreatDown as a trusted partner that amplified analyst performance.
As AI reshaped workflows across industries, cybersecurity remained largely manual. While over 70% of products in fields like marketing and design had adopted AI assistance, most security tools still depended on rule-based automation. This gap created an opportunity for ThreatDown to define how AI could meaningfully support analysts.
Security analysts spent much of their time triaging alerts and cross-referencing data, work that was repetitive and mentally taxing. Thoughtfully introducing AI had the potential to ease that load, speed up investigations, and provide richer context, positioning ThreatDown as a trusted partner that amplified analyst performance.
THE CHALLENGE
THE CHALLENGE
THE CHALLENGE
Cybersecurity had few examples of effective human-AI interaction, with most tools focused on automation rather than collaboration. We had to build from the ground up, defining how AI would behave, communicate, and earn user trust within ThreatDown.
Cybersecurity had few examples of effective human-AI interaction, with most tools focused on automation rather than collaboration. We had to build from the ground up, defining how AI would behave, communicate, and earn user trust within ThreatDown.
Cybersecurity had few examples of effective human-AI interaction, with most tools focused on automation rather than collaboration. We had to build from the ground up, defining how AI would behave, communicate, and earn user trust within ThreatDown.
USER RESEARCH
USER RESEARCH
USER RESEARCH
We began by revisiting our existing Jobs-to-Be-Done mappings and overlaying them with current analyst workflows to visualize where users experienced the most friction. This exercise revealed key moments of cognitive load, such as triaging alerts, investigating threat context, and prioritizing remediation steps.
Using these insights, we created a visual map that highlighted potential AI intervention points across the workflow. We then conducted interviews with security analysts to validate our assumptions and deepen our understanding of their goals, challenges, and expectations from AI assistance. These sessions helped us refine our focus toward designing AI interactions that reduced repetitive work, provided contextual clarity, and supported the analyst’s decision-making process.
We began by revisiting our existing Jobs-to-Be-Done mappings and overlaying them with current analyst workflows to visualize where users experienced the most friction. This exercise revealed key moments of cognitive load, such as triaging alerts, investigating threat context, and prioritizing remediation steps.
Using these insights, we created a visual map that highlighted potential AI intervention points across the workflow. We then conducted interviews with security analysts to validate our assumptions and deepen our understanding of their goals, challenges, and expectations from AI assistance. These sessions helped us refine our focus toward designing AI interactions that reduced repetitive work, provided contextual clarity, and supported the analyst’s decision-making process.
We began by revisiting our existing Jobs-to-Be-Done mappings and overlaying them with current analyst workflows to visualize where users experienced the most friction. This exercise revealed key moments of cognitive load, such as triaging alerts, investigating threat context, and prioritizing remediation steps.
Using these insights, we created a visual map that highlighted potential AI intervention points across the workflow. We then conducted interviews with security analysts to validate our assumptions and deepen our understanding of their goals, challenges, and expectations from AI assistance. These sessions helped us refine our focus toward designing AI interactions that reduced repetitive work, provided contextual clarity, and supported the analyst’s decision-making process.
EXPLORING OPPORTUNITIES
EXPLORING OPPORTUNITIES
EXPLORING OPPORTUNITIES
With the foundational layers in place, we explored multiple ways the AI agent could fit into ThreatDown’s existing console experience. The goal was to find an approach that enhanced workflows without disrupting them.
Our exploration focused on two main directions: contextual and conversational. The contextual approach involved embedding AI-generated insights directly within key pages, such as vulnerability lists or endpoint views, to provide real-time guidance and next-step suggestions in place. The conversational approach, on the other hand, centered on creating a dedicated space for analysts to interact with the AI through prompts, questions, or summaries — potentially through a side-panel or full-page dialog.
Balancing these two modes helped us think critically about how AI could add value both passively and actively, shaping our early prototypes around flexibility, discoverability, and user intent.
With the foundational layers in place, we explored multiple ways the AI agent could fit into ThreatDown’s existing console experience. The goal was to find an approach that enhanced workflows without disrupting them.
Our exploration focused on two main directions: contextual and conversational. The contextual approach involved embedding AI-generated insights directly within key pages, such as vulnerability lists or endpoint views, to provide real-time guidance and next-step suggestions in place. The conversational approach, on the other hand, centered on creating a dedicated space for analysts to interact with the AI through prompts, questions, or summaries — potentially through a side-panel or full-page dialog.
Balancing these two modes helped us think critically about how AI could add value both passively and actively, shaping our early prototypes around flexibility, discoverability, and user intent.
With the foundational layers in place, we explored multiple ways the AI agent could fit into ThreatDown’s existing console experience. The goal was to find an approach that enhanced workflows without disrupting them.
Our exploration focused on two main directions: contextual and conversational. The contextual approach involved embedding AI-generated insights directly within key pages, such as vulnerability lists or endpoint views, to provide real-time guidance and next-step suggestions in place. The conversational approach, on the other hand, centered on creating a dedicated space for analysts to interact with the AI through prompts, questions, or summaries — potentially through a side-panel or full-page dialog.
Balancing these two modes helped us think critically about how AI could add value both passively and actively, shaping our early prototypes around flexibility, discoverability, and user intent.
DESIGN LANGUAGE DIRECTION
DESIGN LANGUAGE DIRECTION
DESIGN LANGUAGE DIRECTION
The design language for AI functionality was developed in collaboration with marketing and visual design teams to align with ThreatDown’s brand identity. The focus was on using color, typography, motion, and iconography to convey intelligence and approachability while keeping a cohesive visual feel. The outcome was a unified direction that made AI elements distinct yet familiar within the overall product experience.
The design language for AI functionality was developed in collaboration with marketing and visual design teams to align with ThreatDown’s brand identity. The focus was on using color, typography, motion, and iconography to convey intelligence and approachability while keeping a cohesive visual feel. The outcome was a unified direction that made AI elements distinct yet familiar within the overall product experience.
The design language for AI functionality was developed in collaboration with marketing and visual design teams to align with ThreatDown’s brand identity. The focus was on using color, typography, motion, and iconography to convey intelligence and approachability while keeping a cohesive visual feel. The outcome was a unified direction that made AI elements distinct yet familiar within the overall product experience.
©2025 Ayo Omole • {no}coded with love & coffee
©2025 Ayo Omole • {no}coded with love & coffee
©2025 Ayo Omole • {no}coded with love & coffee