Cybersecurity Dashboard

ROLE

Lead Product Designer

CROSS FUNCTIONAL TEAM

VP of Product, Director of Product, Design Manager, 5 Product Designers, 3 PMs, 1 PMM, 2 CSMs

MY PRODUCT TEAM

1 PM, 1 Eng Manager, 8 Engineers

TIMELINE

August 2024 - Present

 

PROJECT OVERVIEW

For the past decade, Clever has helped school IT administrators streamline account management through secure automated rostering, ensuring smooth data flow between systems and reducing login errors.

In the last three years, Clever has expanded into identity and access management to address the rise in cybersecurity threats, particularly ransomware attacks targeting student data. This shift has positioned Clever as a cybersecurity provider for K-12 education.

While we've added new features to our Dashboard, it still feels rooted in rostering, making it seem more like a tool with cybersecurity features rather than a dedicated cybersecurity product. This highlights the need for a more cohesive Dashboard UX that aligns with Clever’s expanded focus on cybersecurity.

 
 

Discovery

On September 3, 2022, the Los Angeles Unified School District (LAUSD) was targeted in a cybersecurity attack, resulting in the theft of student data. Two weeks later, the attackers issued a ransom demand, threatening to release the stolen data on the dark web within three days if their payment demands were not met. Unfortunately this story is common across public school districts in the US and has become a top of mind concern for school districts.

 
 

To better understand the cybersecurity challenges districts face—I conducted user interviews, stakeholder interviews, and spoke with many customer-facing teams like Onboarding and Customer Success,

Problems district administrators face with cybersecurity 

  • Personnel and Budget Constraints: Mid-sized districts face challenges managing multiple systems with limited resources. Cost considerations heavily influence decisions on new cybersecurity initiatives.

  • Reactive Mindset: Many districts respond to cybersecurity threats only after incidents occur, often driven by insurance requirements rather than strategic planning. Prioritization of cybersecurity initiatives is often linked to recent attacks, whether they were experienced or observed nearby.

  • Siloed Teams: Often, the admin managing Clever in the day day is different from the admin focused on cybersecurity prevention. Some cybersecurity admins may have a Clever account but don’t actively engage with it which is why our cybersecurity offerings aren’t reaching them.

  • Responsibility Gaps: Management of Clever varies where some districts task instructional staff while others involve IT-focused admins, leading to mixed empowerment levels in advocating for cybersecurity.

  • Persuading Upper Management: There’s often a gap in convincing upper management to prioritize cybersecurity initiatives, particularly those not mandated by cybersecurity insurance, indicating a compliance-driven mindset.

  • Varied Approaches: Smaller districts tend to adopt point solutions reactively, while larger districts prefer integrated solutions that enhance security and simplify management.

 

Framing for this UX vision

It became very clear to me that there are two different personas in the dashboard who have a different set of jobs to be done. One of them (the Rostering admin) is in Clever daily. The other (the cybersecurity-minded admin) is not in Clever as much. 

How might we introduce cybersecurity concepts to the district experience in an approachable way, even if they aren’t part of the Rostering DAs (let’s call this person Joe) normal workflow

  • Joe’s high level job to be done is to make sure teachers and students get access to their digital learning

  • Their lower level jobs to be done: make sure application partners don’t get access to more data than they need, make sure district’s data systems are talking to each other, and vet/manage what applications are available to districts

How might we help the more cybersecurity minded admin (let’s call this person Brenda) who’s not in Clever in the day to day complete their jobs to be done

  • Brenda’s high level job to be done is to avoid being in the news due to a cybersecurity attack.

  • The lower level jobs to be done that we think we can help them with are making sure their district users have baseline accounts, protecting those accounts without compromising usability, incident monitoring, incident response, and helping to educate their staff on cybersecurity.

How might we encourage the admin that’s in Clever to invite their more security minded peers into the dashboard

Often, engineers and designers were too stretched thin to update Dewey components, leading them to create one-off versions for specific use cases. These custom components, which cannot be reused across the team, contribute to inconsistencies across our products. For instance, a component used by multiple teams remains unintegrated into Dewey, causing variations and duplications in different codebases.

 

UX Audit based on each JTBD

I conducted a UX audit based off the jobs to be done for cybersecurity minded district admins. This approach aimed to identify gaps in Clever’s offerings and also highlight issues in the connective tissue between our cybersecurity features. This audit was shaped by a combination of interviews with DAs to understand their usage of our security features, insights from conversations with our customer-facing team, and Amplitude data. This is a synthesis of what I learned from that UX audit: 

  • Homepage lacks strategic focus: Our homepage doesn’t tell users anything about identity management or secure access. We have an applications table on the home page that takes up the majority of the page, which has no actionable information, and users can see this exact table on the next tab. 

  • Dashboard lacks cybersecurity feature visibility: Our cybersecurity features are buried, requiring multiple clicks to access. 

  • Dashboard lacks security feature integration: Users need to go to too many different places to do related work, making it difficult for them to connect the dots (our account reset and recovery functionality is scattered across the dashboard). There's a clear division between paid and free products yet there’s a lot of intersection between their functionality that's not clear.

  • Alert fatigue: dashboard has a lot of unimportant alerting that makes it difficult to distinguish what security related alerts are truly important.

 

Highest priority opportunities from UX audit findings

 

Dashboard homepage

Initial explorations

From this point, I explored various design directions for the dashboard homepage, considering several unbalanced approaches. I carefully evaluated the trade-offs of each direction and discussed them with the executive team at Clever to ensure alignment with business goals and user needs. After thorough consideration, we ultimately decided to pursue a troubleshooting-focused direction, aimed at helping district administrators quickly respond to security incidents and efficiently unblock students' access to edtech tools."

Final homepage

After deciding to focus the homepage around troubleshooting, I facilitated a large brainstorming session with our internal customer-facing teams to identify the most common troubleshooting actions within the dashboard. Through this process, I discovered that the majority of cybersecurity-related troubleshooting tasks actually begin with search. As a result, I adjusted the homepage design to prioritize search functionality, ensuring that security-related actions could be accessed directly from search results. My vision is to make search a central, prominent feature on the homepage, with relevant security actions seamlessly integrated into search results, and eventually incorporating AI-powered summaries to enhance user experience

Prototype of final homepage

Conclusion

Outcomes

The homepage redesign is currently in development and is slated for release by the 'Back to School' season in July 2025. In the meantime, I can share the plan and the key metrics we're aiming to achieve. The goal for this initial phase, as we transition the Dashboard into a more cybersecurity-focused tool, is to make it easier for District Administrators to complete their routine tasks—particularly those related to cybersecurity, such as resetting passwords and badges. Our primary metric for success will be increasing the number of cybersecurity-related actions taken within the dashboard, as well as driving organic traffic to our cybersecurity pages. We'll track progress by comparing weekly page views of these pages before and after the redesign.

Reflections

Adapting to Evolving Business Goals: Creating a UX vision to support a shift in the company’s focus from one cybersecurity challenge to another was a unique challenge. It required me to not only rethink the product's goals but also anticipate how our users' needs would evolve. Reflecting on this, I’ve learned how crucial it is to stay adaptable and responsive to changing business objectives, ensuring the UX vision aligns with new priorities while maintaining a user-centric approach.

Aligning Product Strategy with User Needs: As the company pivoted to solve a different cybersecurity problem, my UX vision had to bridge the gap between our evolving strategy and the real-world needs of our users. One key lesson I learned was the importance of frequent collaboration with stakeholders to ensure the vision remained relevant and accurately reflected both user pain points and the company’s new direction. It pushed me to think about long-term impact and how to guide the team through strategic shifts without losing sight of the end user."