Transforming Vulnerability Management

SERVICE DESIGN

What is Vulnerability Management?

To set the stage, I defined the core service we were redesigning at SecurityHQ. As a Global Managed Security Service Provider (MSSP), our VM service is a proactive defence layer designed to identify and close security gaps before threat actors can exploit them.

  • The Technical Stack: We leverage industry leaders like Qualys and Tenable

  • The Mechanism: Agents installed on customer endpoints scan for vulnerabilities, which are then analysed to prioritise patching efforts.

  • The Value: Helping customers maintain compliance and drastically reduce their attack surface.

The challenge

Despite our technical expertise, we faced a significant business hurdle.

To remain competitive, we had to move from being a data provider to a strategic security partner.

Actionable User Journeys (MVP Goals):

  • The Asset View: "How vulnerable is this specific device, and how was it discovered?"

  • The Landscape View: "What is my total CVE impact, and what are my specific mitigation steps?"

Mapping the current service

Before designing the UX/UI of the new product, I had to understand the existing service. I facilitated a discovery phase to bridge the gap between our internal analysts and the end customer.

I used this board to identify "black holes" in our process. How do customers currently access reports? What internal approvals do they need before patching? How do our analysts track remediation progress manually?

I listened in all customer calls and got to know where they were engaged, what topics were covered, what was questioned…

Based on the calls, i summarised features with the benefits framework. "What's in it for me?" *Blurred for NDA reasons

The service blueprint

I developed a comprehensive Service Blueprint to visualise the end-to-end journey—from "Patch Tuesday" to the "Executive Monthly Report."

The blueprint allowed us to identify exactly where automation could replace manual labor. *Blurred for NDA reasons

The solution

By synthesising global business goals with the gaps found in the blueprint, I designed Exposures - the first product in the platform to highlight a customer's vulnerabilities. This was the first step in moving our MSSP service from manual reporting to product-led intelligence.

Exposures v1

The impact

  • Collaborated with data engineers, customers and internal users to deliver a mobile-responsive product that shipped to production to replace PowerBI

  • Transformed vulnerability reporting from static PowerBI dashboards to a role-based platform, directly addressing the primary driver of customer churn

  • Selected as a strategic custom-build after buy-vs-build analysis, validating its business value and differentiation potential

Demonstrating the value

Scenario 2: Linking incident to Risk

  • Context: Type 8 logons (cleartext password authentication) are detected on a customer's legacy system. The system is cost-prohibitive to replace, creating a persistent security concern.

  • Customer Response: The customer acknowledges the risk but chooses to accept it due to the high cost of upgrading or replacing the legacy infrastructure. This decision is formally documented in the risk register as an accepted risk.

  • Risk Acceptance: The customer officially "accepts" the risk in the register, indicating acknowledgment and willingness to tolerate it under current circumstances.

  • Next Steps: Review and update the use case manager rulebook to incorporate the necessary rules and alerts for ongoing detection and prevention.