Mallory Frye logoMallory Frye logo
Navigate back to the homepage

Onboarding security admins to a compliance monitoring tool


Security specialists need to set up controls that monitor their environment for suspicious activity…

  • for security purposes, so they can catch a potential threat before it escalates
  • for regulatory compliance purposes, so they can prove to an auditor that they are doing everything in their power to keep their customers’ sensitive data safe from harm

This is a very complex, high stakes process for any company to tackle. While my team and I spents months redesigning the experience for every day use, we also wanted to ensure the first time experience was simple enough so that any user, regardless of their experience level, could learn the basics and start getting value out of our tool ASAP.

Need statement

A new user needs the option of getting help and guidance throughout their initial set up, so they can confidently build the monitoring controls that best suits their company’s needs. 



IBM Security products use a tool called WalkMe that allows product teams to create getting started or get help moments that are not dependent on product releases. This meant our design squad could own the experience and update it regardless of our release schedule. However, we would need to complete the tool’s training to gain access, and design the experience within the tool’s constraints.

Understanding users

While customers of IBM are typically other large enterprise companies, their needs and experiences can vary widely. When approaching designs for a getting started experience, I considered the variations between those users:

  • How long have they been working in cybersecurity?
  • Have they done this process before using another tool?
  • Do they work in cloud, on premise, or hybrid environments?
  • Have they used IBM Security products, specifically our legacy product before?

Define objectives

After comparing the variations in users with the current experience, I identified areas where hand holding might be needed. I decided it would be best to break the experience into smaller, more targeted flows — that way, if a more experienced user had a very specific use case they needed help with, they could find that particular assistance without being trapped in one long flow.

Post-its with getting started steps
Initial exploration getting started flows and content

Creating content + prototyping

My team does not have a dedicated content writer, so I stepped up to complete this work. I worked in a text file and drafted what would be included in each step, as well as the call-to-action that would trigger the next step. I received guidance along the way from a technical documentation writer.

Text file describing first getting started tour
Structuring content in a Box note

After receiving early feedback on content in design critiques, I created a high fidelity prototype in Invision. I sent this prototype around to my product team to collect feedback. Based on their comments, I adjusted the orientation of some steps, condensed a few into one, and clarified wording, where necessary.

On screen options to start a tour
Example screen from prototype

Building the flows in WalkMe

The time had finally come to build out the flows in the WalkMe tool. As this was my first time using the tool, I learned a lot from trial and error. I had to consider different pathways a user might take to get to various flows to make sure the tours still functioned properly.

Screenshot of WalkMe builder
Building flows in the WalkMe tool

Final experience

Tour 1: Create a policy


Tour 2: Create a rule


Tour 3: Intro to the policy builder


More projects from Mallory Frye

Usability testing an end to end experience for data security compliance

IBM Security

Streamlining data security workflows

IBM Security

© 2021–2022 Mallory Frye
Link to $ to $ to $ to $