Replacing mandatory security trainings

B2B, Cybersecurity, Web

Overview

Designed a new cybersecurity platform for an outdated industry

TL;DR

Employee mistakes, like clicking phishing links or sharing credentials, accounted for 80% of cybersecurity breaches. Most security tools focused on educating employees through mandated training videos. However, these trainings were widely disliked and failed to properly equip employees to protect themselves.

Dune Security, a pioneering startup, sought to solve this problem. I led the design and development of their founding platform, taking the product from ideation to launch. This effort secured $2 million in funding, attracted 50,000 users, and achieved product-market fit.

Role

Founding Product Designer

Team

CEO, CTO, Back-end & Front-end Engineer

Timeline

6 months, Launched October 2023

Problem

Employees often fell victim to online threats, leading to security breaches

Employees are often the primary targets of cybersecurity attacks, with 80% of all breaches caused by employee mistakes. These mistakes include clicking on malicious links, signing into fake websites, or sharing credentials with hackers.

CISOs were personally responsible for protecting the organization

Employee mistakes can jeopardize the entire organization. Chief Information Security Officers (CISOs) are tasked with protecting both the company and its employees from these threats. With personal liability for breaches, their careers are constantly on the line.

However, available cybersecurity tools were ineffective at protection

Problems with the cybersecurity industry, at the time:

Widely-disliked compliance videos

Employees saw videos as long, boring, and repetitive, leading them to rush through for compliance

Generic, one-size-fits-all training

Existing platforms used generic training methods that fail to address users' specific weaknesses

Goal

We aimed to educate employees on how to recognize and avoid attacks

Our mission was to address cybersecurity breaches caused by employee errors by educating them on their vulnerabilities and providing CISOs with actionable insights. We began with market research, competitor analysis, and discussions with CISOs.

Discussions with CISOs revealed key gaps in current security tools:

🛡️

Inability to quantify risk

Needed to measure risk levels accurately

🔄

Lack of automation

Needed to minimize employee risk without manual intervention

🔍

Irrelevant data

Needed to pinpoint areas of weaknesses within the organization

📚

Lack of personalized training

Needed to educate high-risk employees

Ideation

We created a framework to track and share users' engagement with threats

Based on current market gaps, CISOs needed a more accurate way to track user behavior and engagement with cyber threats. In response, we designed a framework that uses simulated tests to assess employees, delivers personalized training, and collects measurable data.

Onboarding

1. Account setup

CISOs set up their account information and upload a list of employees.

2. Product tour

They follow a step-by-step guided walkthrough to understand the platform’s core functionalities.

3. Launch risk assessment

We conduct a 30-day test to identify which employees and how many are most vulnerable to online attacks.

Platform use

4. Risk dashboard

We share reports on employee and organization risk levels and provide insights on employee weaknesses.

5. Automated training

We automatically assign training to employees based on the tests they fail and keep track of their performance.

6. Continuous monitoring

We conduct regular security tests to collect precise data based on real-world scenarios.

Validation testing

In the absence of users testing, I turned to investors for insights

As a startup with limited resources, funding, and time, we faced tough decisions around prioritization and validation. Without user input, I found creative ways to focus and refine our product.

Investor insights became crucial in guiding our next steps. I presented a high-fidelity Figma prototype during investor meetings, which helped us assess technical feasibility and better understand customer preferences.

Iterations

Though our ideas were promising, the platform was too difficult to use

Gathering feedback from investors, I found that there was strong demand for user behavioral data, but our platform was overwhelming and difficult to navigate. Instead of focusing just on the data, we needed to deliver simple, accessible, and user-friendly experiences.

As a result, I resolved issues with cognitive strain and navigation

✏️

Included microcopy

Provided clearer navigation explanations to reduce confusion and better guide users

💬

Added tooltips

Provided clarification and additional context for data points without cluttering the main display

🔢

Restructured info hierarchy

Organized and prioritized data visualizations based on importance to users

📊

Prioritized charts over numbers

Identified which data points should be presented through charts instead of just numbers.

Final design

A platform that identifies employee vulnerabilities using data

After several design iterations based on investor feedback, I led the creation of Dune Security's founding platform. Working closely with our CTO and founding engineers, we gathered essential data points and successfully launched in October 2023, with Antler Ventures as our first customer.

Check out prototype

Results

In the end, our efforts paid off with remarkable results

💰

Pre-seed funding

Secured $2 million in pre-seed funding, surpassing the average range

50K

🎯

Users

Attracted 50K+ users, demonstrating strong demand and product-market fit

💼

Top investors

Gained backing from Craft Ventures, Alumni Ventures, Antler, and Warner Music Group

This experience taught me that innovation needs simplicity

Designing for an early-stage startup from the ground up taught me that even the most innovative ideas can be undermined by complex, unfriendly designs. I initially focused on showcasing interesting data and insights, but soon realized that users, above all, crave simplicity.

Even CISOs, leaders and experts in cybersecurity, seek platforms that are intuitive and easy to navigate. This experience reinforced the importance of dreaming big while staying grounded in simple, accessible design.