UX / Product Design · B2B SaaS · Panaseer · Cybersecurity
Remediation
Objectives
Designing a workflow that turns thousands of security control gaps into a clear, prioritised remediation plan.
Security teams were drowning in data,
but starving for direction.
Panaseer is a continuous controls monitoring platform used by companies in financial services, healthcare, and energy to measure cyber risk in real time. Security teams ingest data from hundreds of tools and Panaseer is here to surface it where controls are failing.
But surfacing gaps wasn't enough. Security teams could identify risks, but lacked a structured way to track, assign, and resolve them at scale. Every Monday meant exporting spreadsheets and manually coordinating remediation efforts.
Security teams were drowning in data,
but starving for direction.
Security teams could see thousands of control gaps, but couldn't track, assign, or prioritise them systematically. Every Monday meant a fresh Excel export and hours of manual work.
"We have 4,000 control failures. My team can action maybe 40 this sprint. Where do we even start?"
CISO, Global Financial Services firm
4,000+
Average control gaps visible per enterprise customer at any given time
100%
Of interviewed customers had a manual remediation tracking process, Excel.
3 to 5
External tools to Panaseer (Jira, email, Excel,...) used to manage remediation work around the project
Understanding the work before designing for it.
I facilitated a half-day Lean UX workshop with 10 stakeholders, product, engineering, customer success, and two customers to align on the problem definition before any design work started. This prevented months of misaligned effort and surfaced four non-negotiable user needs
Real-time visibility on how close a team is to hitting a security objective.
Create, name, own, and time-bound a remediation objective without leaving the product.
A progress chart over time that replaces the manual weekly status report.
Drill-down to the underlying control gaps from within the objective view.
Different personas,
different levels of engagement.
Angela and Colin mainly interacted with remediation through reporting and oversight, while Gideon and Elliot managed control gaps day to day. We prioritised workflows that supported frequent operational use over occasional reporting needs.
GOALS
- Track progress against the objectives his team owns
- Know which controls to fix this sprint
- Export evidence for compliance reporting
PAIN POINTS
"I spend two hours every week copying data into Excel that I could just look up in Panaseer if it had a list view."
GOALS
- See which gaps are assigned to him specifically
- Mark controls as remediated without analyst involvement
- Get notified when a target deadline approaches
PAIN POINTS
"I don't know what the priority is until Gideon pings me. There's no single place I can see what's actually mine to fix."
From Crazy 8s to shipped product
in 6 months.
FigJam Discovery
Mapped the full remediation workflow with the team. Identified with the data and engineering team the properties and data input/output of a remediation objective. The journey mapped two fundamental modes: creation (rare, deliberate) and monitoring (frequent, quick-scan). This split shaped the entire IA.
Crazy 8s
8 concepts / 8 minutes / 3 perspectives: engineering, customer success, and end users.
Wireframes
Low-fidelity flows for Create, List, and Detail screens. Validated with engineers early. I built low-fi wireframes to test the core flows with real users. These were deliberately rough — the goal was to validate structure, not visual design.
Create, track, and close remediation objectives in one streamlined workflow.
The Remediation Objectives feature gives security teams a structured workflow to create remediation objectives. Two core views: an overview page surfacing the most important information across all objectives, and a detailed view focused on remediation progress, to track control gaps within the expected timeframe.
Measurable impact after launch.
Outcomes measured via Pendo analytics across our 30 enterprises customers in the first six months of production use. Remediation Objectives became one of the most-cited differentiators in Panaseer's enterprise sales cycles.
50%+
of customers created at least one remediation objective within the month.
70%+
Of remediation monitored at the 60 month mark. Showing retention even just not launch curiosity.
80%+
of customer actively using Remediation Objectives at the 180 days mark.
Things this case study
taught me about product design.
01
The archive is as important as the active workflow
Completed objectives aren't just closed items, they're a record of progress, a reference for future efforts, and evidence of maturity during audits. Designing the archive as a meaningful workspace rather than a dead end made the whole system feel more coherent and long-lived.
02
Customer Success teams often know customer behaviour better than customers themselves
Working closely with CS was one of the most valuable parts of this project. They had ground-level insight into how customers actually used the platform, where confusion appeared, and what users could realistically do on their own. That perspective helped ground the design in real behaviour, not idealised workflows.
03
Involving Customer Success early shaped adoption, not just usability
Because CS onboards and supports customers throughout their journey, bringing them in early surfaced friction points beyond pure UX — activation, explanation, long-term fit. Their input helped produce a workflow that was easier to introduce and integrate into existing customer processes.
Want to see more?
A few more projects worth exploring. Each one is a different challenge, a different product, but the same attention to craft. From design systems to marketing websites, here is another look at how I work and what I bring to a product.
Price Reporting · SaaS · 2025
Benchmark Minerals Intelligence
Marketing Website
A responsive marketing experience for the leading B2B data and pricing platform in the lithium-ion battery supply chain.
Cybersecurity · SaaS · 2023–25
Panaseer
Panaseer Design System
Rebuilt and documented the end-to-end design system with WCAG 2.1 AA baked in as the single source of truth.