Back to Work List

ThreatConnect

Intelligence Requirements

IR Creation: Setup and Specifications
IR Creation: Keyword Tracking Setup and Specifications
IR Creation: Review Results Returned
IR Details: Overview Tab
IR Details: Result Details Open with Actions Available
IR Details: Card Edit States
IR Details: Associations Tab

Role

Lead Designer on Project

Cross-Functional Partners

Product Management, Frontend Engineers, Backend Engineers, & QA Team

Core Focus

Multi-Stage Creation Pipelines, Scoping Management, & Cyber Triage Workflows

Overview & Challenge

Project Summary

Intelligence Requirements (IRs) guide threat intelligence analysts in their daily research to safeguard organizations. Because IRs demand varied use cases across dynamic market sectors, and geographies, a robust, end-to-end workflow was required within the ThreatConnect platform. I led the design of a comprehensive IR creation and management workflow, encompassing a structured keyword-based search setup, real-time data verification states, and a workspace where analysts can seamlessly triage threat results, dismiss false positives, and pivot findings into system associations.

The Challenge

Automating threat intelligence ingestion introduces high noise-to-signal ratios, threatening to overwhelm security personnel. Analysts needed a highly targeted keyword framework to return relevant cyber threat data without drowning in information overload.

To bridge this workflow gap, I created a linear, multi-stage creation flow (Setup → Keyword Tracking → Review Results) that allows data verification before finalization. Within the active workspace, I introduced capabilities that allowed users to mark false positives, archive results, edit requirements dynamically, and convert result objects into IR associations.

Process & Execution

MVP Scoping

I co-facilitated cross-functional "Is / Is Not / Is Not Yet" scoping sessions with product management, engineering, and QA. This framework successfully isolated technical constraints and narrowed down a high-impact, tight MVP scope for the initial release.

Validation Loops

I worked with product management to run validation sessions with clients, capturing feedback on the IR interface. Low-effort friction points were resolved pre-launch, while larger requests were triaged into a prioritized future enhancements roadmap.

Workflow Automation

Post-release data confirmed high feature adoption rates. The UI successfully automated a previously manual, exhausting research process, empowering analysts to set up continuous keyword queries and effortlessly track critical threat developments over time.

Back to Work List