We conducted discovery and usability research across 20+ distributed insider threat hubs to deliver a production-ready minimum viable product (MVP) within 6 months.
The original insider threat tracking process was a manual, rudimentary process that forced analysts to scour through thousands of lines spread across hundreds of spreadsheets. Our team was brought in to investigate how the actual process worked and uncover opportunities for improvement.
The Solution for Insider Threat Hindrance (SITH) is a Department of Defense project aimed at helping to mitigate and assess insider threat more effectively.
Our team conducted discovery and research sessions with insider threat analysts and stakeholders to identify the true problem, which was a need for a centralized case management system. After defining the problem, we quickly gathered insights from users in usability sessions and built a production-ready MVP (minimum viable product) in six months.
When our team was brought in, the Defense Counterintelligence and Security Agency (DCSA), along with the Directorate for Digital Services (DDS), were still defining the problem space. Our team jumped in and began our Discovery and Framing phase to uncover the insider threat user needs for this project.
In the first several months, the team conducted over 40 user interviews with individuals and teams in 20 different government agency hubs, which are groups assigned to analyze and mitigate threats at military branches. Each of these interviews was aimed at learning more about the Insider Threat process, along with their wishes and frustrations with the current experiences.
Through these interviews which were conducted mostly virtually, the team learned how multiple insider threat groups keep track of incidents and their surrounding processes and systems.
We organized all of these user interviews in a program called Dovetail, where we were able to analyze specific insights and note their relationships and frequency.
After discovery research, we presented findings back to stakeholders in the form of a research readout where we detailed quantitative results of user interviews as charts demonstrating the type of feedback received in relation the size of a team.
After the discovery research, we synthesized the data in a collaborative whiteboard where the beginnings of a user flow began to emerge. We then outlined this information into a service blueprint of the user journey that would serve as the base for future design exploration. Through every step of this process, we co-created directly with our users, listening to their needs and reviewing every artifact designed with them.
After meeting with users, the team would gather in a Figjam collaborative whiteboard where we synthesized the interviews into chunks of stickies categorized into Interviews, Facts, Insights, Opportunities, and Follow Ups.
At the end of the discovery and framing phase findings, there was one primary pain point that promised immediate value and impact: a case management system automating the analysts’ routine tasks through optimized workflows. The team began the solution exploration phase with a crisp framing for their objective:
The next phase of work involved conducting a series of usability tests aimed at iteratively gathering feedback on our designs to refine the MVP.
Using what we learned from stakeholders in a concept workshop, we mocked up multiple rounds of low-fidelity wireframes aimed at producing just enough information to let our users give useful feedback.
Our wireframes in Figma were created as low-fidelity as possible to iterate as quickly between user research sessions.
For the next three months, we recruited participants from multiple different insider threat hubs and created a structured research plan with two-week testing sprints. We shared information with various stakeholders through detailed communication plans. For each session, the team of Design, Product, Engineering, and Delivery worked together to define the research goals and initial research questions.
Once the week’s interviews were completed, the team would meet to synthesize all needed updates for the next research sessions and update the product and development teams on any relevant changes to designs or requirements. We utilized agile methodology to rapidly iterate, learn from the iterations, and support the developers as they built the MVP in a low-code platform.
At the SITH MVP celebration, we gathered stakeholders, collaborators, and users together in Washington, D.C. to showcase the work completed over the past year and celebrate everyone involved.
Near the end of the three-month usability research period, we prepared presentations for key stakeholders in the insider threat space and traveled to Washington, D.C. in order to demo the MVP for users.
The SITH project received overwhelmingly positive feedback from users, stakeholders, and project owners. Users praised the MVP:
“It’s very user-friendly, very intuitive...it has all the information right there at your fingertips.”
“It’s a very simplified system that still gets all the information in there.”
“This will be probably one of the more simple tools that I’ve ever used.”
In addition to user feedback, as the Truss team continued to deliver on our promises to DDS and DCSA, our relationship with the Government clients grew to be remarkably strong. One of the main stakeholders on the project shared her appreciation for our efficient, rapid, design and development, declaring:
“... Things are exceeding expectations. Everyone is more than satisfied with how well things are going with SITH and how rapidly we have gotten to where we are. Your team has been exceptional.”
The research conducted on the project continues to influence decisions in the second year of the project, where we've gone beyond the initial MVP and are building a prototype that adds more users and agencies and will launch into production.
