12 Days of HaXmas: Designing Information Security Applications Your Way

Last updated at Fri, 15 Dec 2023 15:09:18 GMT

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 days of blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them.

Are you a busy Information Security professional that prefers bloated web applications, fancy interactions, unnecessary visuals, and overloaded screens that are difficult to make sense? No…I didn't think so!

Being a designer, I cringe when I see that sort of stuff, and it's something we avoid at all cost at Rapid7. You don't even have to be a designer to dislike it. My mantra mirrors that of Derek Featherstone, who said “Create the minimum viable interaction by providing the most valuable piece of information for decision-making as early as possible.” And focusing on good design is the gift I bring to you this HaXmas!

To bring you this gift, I am always learning about new ways to solve the problems that you and your teams face on a day-to-day basis. That learning comes from many sources, including our customers, books, webinars, blog posts, and events. One notable event this year was the aptly named An Event Apart, held in Boston.

An event what?

An Event Apart is a tech conference for designers and developers to learn,and to be inspired by, the latest design trends and coding techniques that improve the way we deliver applications. While other conferences tend to focus only on design, this conference does much more by bringing a variety of topics under one umbrella, including coding, web and mobile app design. To that end, every speaker at An Event Apart is pretty famous in our world—it was great to see them in real life! Three days and twelve presentations later, my head was swimming with ideas. But the most important themes I brought away were to:

• Design the priority
• Speed it up
• Be more compassionate

Let's look at each of these concepts one-by-one and see how they apply to the way we designed InsightIDR, Rapid7's Incident and Detection Response tool, which allows security teams to detect intruders earlier in the attack chain.

Design the priority

At the conference, Ethan Marcotte, the father of Responsive Design, said “Design the priority, not the layout”. Ethan mentioned this because designers tend to consider the layout of an application screen first. Unfortunately, this approach has a tendency to throw out the signal-to-noise ratio. Jeffrey Zeldman agreed with Ethan when he said, “Design your system to serve your content, not the other way around.” This concept has really come to the forefront with the Mobile First approach from Luke Wroblewski, who argues that "Mobile forces you to focus".

Well, I argue that you do not need to be mobile to focus! This concept is just as important on a 27” screen as it is on a 5” screen. As we design InsightIDR, we design the priority, not the layout, by helping our customers focus on the right content. As you can see on the InsightIDR design to the left, the KPIs are placed in order of importance, with date and trending information, allowing our customers to prioritize their next actions as they protect their organizations. This results in a better user experience, and time saved for other tasks.

Speed it up

According to Jeffrey Zeldman, the applications we build need to be fast. Very. Fast. Commonsense, I hear you say, and I agree completely. But that's no easy thing when you are collecting, analyzing, and sorting the amount of information that InsightIDR captures. Can we sit back and start to think that our customers would understand if it takes a few seconds for a page to load? Not at all! Yesenia Perez-Cruz, design director at Vox Media, suggests that organizations need to better plan for a more strategic way to decrease the file size of web application pages, while concurrently increasing load times. We have taken Jeffrey's and Yesenia's message to heart, as we strive to ensure the pages and content within InsightIDR load as quickly as possible, so you can get your job done faster.

Be more compassionate

Being compassionate by standing in the shoes of the people we design for might seem like a no-brainer. After all, the ‘U' stands for ‘User' in my job title ‘UX Designer.' Yet, some designers do not take the time to actually speak with the people they are designing for. But at Rapid7, I speak with customers about their security needs through our customer voice program on a regular basis. The customers that have signed up for the program have a say in the features we design, and they get to see those designs early so they can, in effect, co-design with us by letting us know how to modify the designs to make them more effective. Only then can I and the rest of the UX team at Rapid7 truly design for you. In this respect, as Patty Toland, a regular An Event Apart speaker, says “Design consistency isn't pixels; it is purpose.”

Wrapping up

At Rapid7, I am always learning about design, about our customers' needs, and about the future of information security. So, if you are in Boston and hear someone on the T softly say “Create the minimum viable interaction by providing the most valuable piece of information for decision-making as early as possible,” that will probably be me as I go to work.  On a more serious note, if you have not done so already, make sure you sign up for our Voice Program to see what's in the works, and have a say in what we do and how we do it. Here are a few links to that program if you are interested:

Rapid7 Voice: https://www.rapid7.com/about/rapid7-voice/

Rapid7 Voice email: Rapid7Voice [at] rapid7 [dot] com

I look forward to speaking with you in the near future, as we work together to design the next version of InsightIDR!

Thanks for reading, and have a wonderful HaXmas!
Kevin Lin, UX Designer II

Rapid7

Image credits:
First image: An Event Apart (©eventifier.com, @heyoka)
Second image: insightIDR