Strengthening user safety with data
B2B, Cybersecurity, Web
Overview
Designed a new cybersecurity platform for an outdated industry
TL;DR
Employee mistakes, like clicking phishing links or sharing credentials, accounted for 80% of cybersecurity breaches. Most security tools focused on educating employees through mandated training videos. However, these trainings were widely disliked and failed to properly equip employees to protect themselves.
Dune Security, a pioneering startup, sought to solve this problem. I led the design and development of their founding platform, taking the product from ideation to launch. This effort secured $2 million in funding, attracted 50,000 users, and achieved product-market fit.
Dune Security, a pioneering startup, sought to solve this problem. I led the design and development of their founding platform, taking the product from ideation to launch. This effort secured $2 million in funding, attracted 50,000 users, and achieved product-market fit.
Role
Founding Product Designer
Team
CEO, CTO, Back-end & Front-end Engineer
Timeline
6 months, Launched October 2023
Problem
Employees often fell victim to online threats, leading to security breaches
Employees are often the primary targets of cybersecurity attacks, with 80% of all breaches caused by employee mistakes. These mistakes include clicking on malicious links, signing into fake websites, or sharing credentials with hackers.
CISOs were personally responsible for protecting the organization
Employee mistakes can jeopardize the entire organization. Chief Information Security Officers (CISOs) are tasked with protecting both the company and its employees from these threats. With personal liability for breaches, their careers are constantly on the line.
However, available cybersecurity tools were ineffective at protection
Problems with the cybersecurity industry, at the time:
Widely-disliked compliance videos
Employees saw videos as long, boring, and repetitive, leading them to rush through for compliance
Generic, one-size-fits-all training
Existing platforms used generic training methods that fail to address users' specific weaknesses
Goal
We aimed to educate employees on how to recognize and avoid attacks
Our mission was to address cybersecurity breaches caused by employee errors by educating them on their vulnerabilities and providing CISOs with actionable insights. We began with market research, competitor analysis, and discussions with CISOs.
Discussions with CISOs revealed key gaps in current security tools:
π‘οΈ
Inability to quantify risk
Needed to measure risk levels accurately
π
Lack of automation
Needed to minimize employee risk without manual intervention
π
Irrelevant data
Needed to pinpoint areas of weaknesses within the organization
π
Lack of personalized training
Needed to educate high-risk employees
Ideation
We created a framework to track and share users' engagement with threats
Based on current market gaps, CISOs needed a more accurate way to track user behavior and engagement with cyber threats. In response, we designed a framework that uses simulated tests to assess employees, delivers personalized training, and collects measurable data.
Onboarding
1. Account setup
CISOs set up their account information and upload a list of employees.
2. Product tour
They follow a step-by-step guided walkthrough to understand the platformβs core functionalities.
3. Launch risk assessment
We conduct a 30-day test to identify which employees and how many are most vulnerable to online attacks.
Platform use
4. Risk dashboard
We share reports on employee and organization risk levels and provide insights on employee weaknesses.
5. Automated training
We automatically assign training to employees based on the tests they fail and keep track of their performance.
6. Continuous monitoring
We conduct regular security tests to collect precise data based on real-world scenarios.
.png)
Validation testing
In the absence of users testing, I turned to investors for insights
As a startup with limited resources, funding, and time, we faced tough decisions around prioritization and validation. Without user input, I found creative ways to focus and refine our product.
Investor insights became crucial in guiding our next steps. I presented a high-fidelity Figma prototype during investor meetings, which helped us assess technical feasibility and better understand customer preferences.
Investor insights became crucial in guiding our next steps. I presented a high-fidelity Figma prototype during investor meetings, which helped us assess technical feasibility and better understand customer preferences.
Iterations
Though our ideas were promising, the platform was too difficult to use
Gathering feedback from investors, I found that there was strong demand for user behavioral data, but our platform was overwhelming and difficult to navigate. Instead of focusing just on the data, we needed to deliver simple, accessible, and user-friendly experiences.
As a result, I resolved issues with cognitive strain and navigation
βοΈ
Included microcopy
Provided clearer navigation explanations to reduce confusion and better guide users
π¬
Added tooltips
Provided clarification and additional context for data points without cluttering the main display
π’
Restructured info hierarchy
Organized and prioritized data visualizations based on importance to users
π
Prioritized charts over numbers
Identified which data points should be presented through charts instead of just numbers.
Final design
A platform that identifies employee vulnerabilities using data
After several design iterations based on investor feedback, I led the creation of Dune Security's founding platform. Working closely with our CTO and founding engineers, we gathered essential data points and successfully launched in October 2023, with Antler Ventures as our first customer.
Check out prototype
Results
In the end, our efforts paid off with remarkable results
2M
π°
Pre-seed funding
Secured $2 million in pre-seed funding, surpassing the average range
50K
π―
Users
Attracted 50K+ users, demonstrating strong demand and product-market fit
4+
πΌ
Top investors
Gained backing from Craft Ventures, Alumni Ventures, Antler, and Warner Music Group
This experience taught me that innovation needs simplicity
Designing for an early-stage startup from the ground up taught me that even the most innovative ideas can be undermined by complex, unfriendly designs. I initially focused on showcasing interesting data and insights, but soon realized that users, above all, crave simplicity.
Even CISOs, leaders and experts in cybersecurity, seek platforms that are intuitive and easy to navigate. This experience reinforced the importance of dreaming big while staying grounded in simple, accessible design.
Even CISOs, leaders and experts in cybersecurity, seek platforms that are intuitive and easy to navigate. This experience reinforced the importance of dreaming big while staying grounded in simple, accessible design.
