Security Made Simple: Crafting a Policy Experience Users Actually Understand

Company: Cisco Cybersecurity
Role: Director of User Experience

Previous Next

Goal

Customers know intuitively how to write policies and know exactly what happens when they are deployed, so they can be confident in the security of their entire infrastructure.

Illustration of cybersecurity policy mechanics for protecting company data and infrastructure.
Security policy as a concept isn’t hard to understand: rules are created that manage access to specific data and corporate infrastructure, which prevents the wrong people from accessing what they shouldn’t be able to.

Opportunity

Simplify and unify the way customers created, managed, and orchestrated security policy across an entire portfolio of software products to:

Screenshots of policy management UIs in the Cisco cybersecurity portfolio.
In a portfolio built on the acquisition of multiple companies, there were many different legacy methods of policy creation and management, making selling consistent and unified cybersecurity solutions a big challenge.

Solution

Starting with an audit of all existing policy models across the entire range of security and networking products, I got a clear picture of the breadth and depth of this problem for the first time. Taking a daunting catalog of features, use cases, and technologies, I led a cross-functional team through a series of design thinking workshops to distill all this data into a meaningful customer-focused narrative that made the task of policy unification not only coherent but feasible. Using the developed guidelines, I then led a cross-product team of designers through the process of building a user experience-driven security policy design system that showed individual product teams both the end goal they were to achieve as well as the roadmap to get there.

Screenshots of the policy UI and workflow guidelines created for product teams to follow.
Since there could never be a single, one-size-fits-all policy workflow due to a staggeringly wide range of use cases, we created a flexible framework of policy components that individual products could take off the shelf as their specific needs dictate.

Outcomes

The Forrester Wave Leader report shows Cisco as a leader in enterprise firewalls with perfect policy management and usability scores.
We moved cybersecurity policy management from a liability to a strength by prioritizing usability and coherence so customers could be more confident in how policy orchestration was managed across their corporate infrastructure.

Accomplishments

What I learned