Making risk visibility simple and actionable
Security Risk Assessment (SRA) is a critical part of Nokia's internal product assurance process. The existing system suffered from structural fragmentation and excessive manual effort.
About Nokia
Nokia is a global telecommunications leader. Their Security Risk Assessment (SRA) process is critical for product assurance across distributed global teams.
Overview
The project focused on redesigning the SRA platform to enable intuitive vulnerability reporting, establish workflow consistency, and create a scalable system while preserving compliance requirements and traceability across distributed global teams.
Outcomes
My role
Led the complete redesign of the SRA platform, conducting user research with security specialists and engineers.
Let's break down the problem
User problem
Security specialists spent disproportionate time in spreadsheet management with limited capacity for actual risk analysis.
Assessment specialists were drowning in manual tasks instead of analyzing risks.
App experience problem
Teams operated without unified vulnerability visibility across projects. Information remained siloed by department, with duplicate and outdated entries creating confusion.
Business problem
The fundamental need was to make risk visibility simple and actionable for distributed global teams.
The existing system suffered from structural fragmentation, limited visibility, and excessive manual effort.
Process
Research & Discovery
Conducted systematic investigation through interviewing product security specialists, engaging engineers and assessment leads, and mapping the existing end-to-end process.
Fragmented Information Architecture
Teams operated without unified vulnerability visibility across projects. Information remained siloed by department.
Data Quality Issues
Duplicate and outdated entries created confusion. Rework became necessary to resolve inconsistencies.
Workflow Inefficiency
Assessment specialists spent disproportionate time in spreadsheet management with limited capacity for actual risk analysis.
Solution
#1 Risk Visualization
Prioritized risk presentation through tile-based layout with color-coded severity classification for immediate pattern recognition.
#2 Lifecycle Management
Unified timeline displaying complete vulnerability lifecycle progression with historical context for each entry.
#3 Navigation & Filtering
Smart filtration by product, owner, and status. Reduced cognitive load through contextual organization.
#4 Process Guidance
Structured review workflow with standardized step-by-step assessment process.
Learnings
- •Design in deeply technical spaces requires prioritizing information architecture over aesthetics
- •Visual clarity builds trust in technical environments
- •Systematic information hierarchy enables faster decision-making
Let's have coffee?
