Cipher

Innovation & Novelty 

in a Stagnant Industry. 

Injecting novel ideas and better UX into cybersecurity awareness training.

projects
  • Phish Test Landing Page design project
  • Cipher Platform Analytics Suite design project
Example New Features
  • 'Real-time Remediation'
  • 'Security Events'
Project Overview

While operating as the Senior Product Designer for Cipher, a security awareness training platform, I had full ownership of the design and development of many new features. Two notable, innovative contributions to the industry on my behalf were 1.) 'Real-time Remediation', a novel concept of allowing users to test out remediation training after failing a simulated phishing test, and 2.) 'Security Events', data analytics overlay that allowed admin users to add custom annotations to charts and graphs to make better sense of their analytics.

Results & Impact

Both Real-time Remediation and Security Events were some of our most well-received new features and became staples of the sales process.  They not only created value, but they reinforced our brand story that we were here to change the industry.

Introduction

Reimagining Corporate Security Training Through Human-Centered Design

As Senior Product Designer (and de facto Head of Product) at Cipher, I faced a landscape where corporate security training felt stuck in the 1990s—unfriendly, uninspiring, and seemingly written by robots. Instead of imposing another dreary lecture, I led with a human-centered design process: talking directly with users, sketching rough ideas early, refining prototypes through real feedback, and iterating until the product truly felt like it belonged to the people using it. This thoughtful approach guided the creation of Real-time Remediation for phishing simulations and Security Events in our analytics platform, both of which helped reshape the industry from top-down mandates into a conversation that considered real human needs.

Part 1 – Real-time Remediation

Chapter 1

“Ah, sh*t!  I knew that was a phishing link!”

The idea for Real-Time Remediation came from an everyday moment: watching my girlfriend tackle her inbox. She spotted a phishing simulation email, recognized it immediately, but accidentally clicked the link while trying to delete it. The result? A mandatory hour-long training—even though she clearly understood her mistake. This led me to question the punitive approach of traditional security training. Why punish users who already know what went wrong? I proposed a solution: Real-Time Remediation, where users could test out of lengthy training by demonstrating their understanding immediately, within the browser. The idea resonated with our CEO and customers, transforming compliance into a quicker, more human-centered process that respected users' time while maintaining company safety.

Chapter 2

Validating and Refining the Idea

Once we saw promising feedback from customers, it was time to ensure the idea wasn’t a false positive. As both the product lead and designer, my focus was on de-risking the concept by validating assumptions and testing usability. I quickly iterated on multiple user flows, prioritizing a seamless experience that kept users “in the tunnel” of task completion while remaining clear and intuitive. Prototypes were shared with engineers to confirm technical feasibility and tested with customers to gather real-world input. The response? A resounding “yes!”—solidifying the potential of Real-Time Remediation as a game-changing feature.

Chapter 3

From Latent need to Customer Delight

When we shared Real-Time Remediation with customers, the feedback was electric—unanimous excitement and declarations of “I love this!” made it clear we were onto something transformative. This wasn’t just a novel feature; it was a demonstration of how a human-centered design approach could revolutionize a stagnant industry. By prioritizing the people using our product and crafting an experience that respected their time and intelligence, we proved that corporate security training didn’t have to be a dreaded chore. Instead, it could be intuitive, effective, and even something users appreciated—a breakthrough in both innovation and approach.

Part 2 – Security Events

Chapter 1

Transforming Data into Action with Security Events

The idea for Security Events came from recognizing a major gap: our promised data analytics platform didn’t yet exist, and user research revealed that customers were deeply dissatisfied with existing solutions on the market. This was our chance not just to meet expectations but to create the best tool for turning data into actionable insights that make companies safer. I wanted to go beyond standard charts and graphs, focusing on the belief that data is only as valuable as the story it tells. To make our visualizations more insightful, I introduced Security Events—data points embedded directly into charts that users could hover over to reveal context, like a new policy’s impact on key metrics. This innovation turned raw data into a meaningful narrative, empowering users to make smarter, faster decisions.

Chapter 2

From Idea to Reality: Prototyping Security Events

A picture may be worth a thousand words, but a prototype is worth a thousand meetings. I quickly moved into prototyping to bring Security Events to life, starting with low-fidelity designs to ensure we weren’t overinvesting in ideas that might not pan out. This approach allowed me to collaborate closely with engineers, identifying technical and data-related gaps early on, while also engaging customers to validate the concept. Iterative testing and refinement confirmed not only the value of Security Events but their potential as a tool users would rely on regularly. By launch, we had a polished v1 ready to deliver immediate impact, along with a clear roadmap for future enhancements.

Chapter 3

Designing for the Extremes: Testing the Edges

One of the most valuable lessons I’ve learned with data-driven features is the importance of testing the edges. Users will inevitably push a product to its limits, and ignoring edge cases early on can lead to significant headaches down the line. To ensure our analytics and Security Events features were robust, I conducted extensive "chart studies" that explored how the system would handle extremes. Would the interface still work with 10 events? What about 100? Would everything fit on the screen, and what controls could we provide to manage it? By designing for these edge cases, we not only prepared for the unexpected but also created a more thoughtful, durable product that worked better for all users.

Chapter 4

Delivering a Game-Changer: Security Events in Action

With our due diligence complete and a well-defined V1 in hand, I shifted to high-fidelity mockups that would become the new face of our analytics suite—both beautiful and functional. The addition of Security Events transformed raw data into meaningful narratives, empowering users to make informed decisions and confidently take action. Even before full production release, these features became a cornerstone of our sales conversations, with customers praising the control, thoughtfulness, and tangible value we delivered. Many called it the linchpin that tipped them toward choosing our product. As the feature set goes live, we can take pride in knowing we’ve equipped our customers with a more powerful tool—one that helps them work smarter and keep their organizations safer.

Previous

Lowman Education: Thumb Drives to the 21st Century

Next

Flux Bucket: Running a Premier Product Agency

© 2024 Colin Van Ert.  All rights reserved.