Panaseer is a cybersecurity automation and data analytics company that helps organisations prevent avoidable breaches by ensuring their security controls are properly deployed and effective, it is maximising their security investments and resources.  Its Continuous Controls Monitoring platform gives a complete, reliable view of security controls, offering metrics and action guidance aligned with best-practice frameworks to enhance collaboration and prioritisation.

Panaseer helps prevent avoidable breaches. Its Continuous Controls Monitoring platform , the first of its kind for enterprise security, enables teams to strengthen their security posture, automate metrics, measurement, and reporting, and maximise the value of their investments in people, tools, and processes.

In human words: Panaseer helps companies protect their data by automating security checks, improving teamwork, and making the most of their security tools.

My Journey at Panaseer

In July 2021, I joined Panaseer as a UX/UI designer, where I worked closely with cross-functional teams, including product managers, data scientists, and engineers to guide projects from initial research to final, development-ready UI. My focus was on creating innovative solutions tailored for cybersecurity professionals, always balancing user needs, business objectives, and technical realities. As part of the Product Experience team, I applied user-centered design methods like interviews, card sorting, and prototype testing to craft intuitive and engaging experiences. Over time, I contributed to the strategy, design, and agile development of our web application, helping elevate both the product and our team’s UX/UI practices.

Objectives

Remediation

The Challenge

Many organizations struggle with asset visibility, a common problem in cybersecurity where incomplete inventories (e.g., CMDBs) create "blind spots." This lack of visibility means some assets are left unprotected, weakening the overall security posture and creating a significant risk to the business.

The Goal

The primary objective of this project was to create a solution to this problem, providing customers with an way to remediate these “blind spots” and a way to manage and track the remediation of security risks.

The Research

Researches showed that it was technically doable and feasable, and a first MVP could be done. Customers and success/technical team typically wanted an efficient interface, we could break down the needs:
- Track Progress: Users need a simple way to monitor their progress in closing control gaps.
- Manage Goals: Users want a simple interface to create, edit, and track specific remediation objectives.
- Visual Insights: Users want clear, visual data to quickly understand their performance and the state of their security posture.
- Access to Data: Users need easy access to a list of assets that require immediate remediation.

Lean UX canvas

The Lean UX Canvas was chosen to ensure a user-focused, outcome-driven approach. It helped the team: align on the core problem of "unprotected assets," prioritize business outcomes like security and customer satisfaction over features, and validate key assumptions early, minimizing risk and guiding the development of the "Objective campaign feature."

The workshop included 1 product manager, 2 designers, 1 engineer, 1 front end developer, 1 data analyst, 2 customer/technical success team and 2 customers.

We understand why tracking remediations is challenging, what engineers and analysts can realistically do, how the data is implemented, and what the limitations of the pipeline are.

We understand that users will frequently update their progress manually. Users want an easy way to understand how their remediation is progressing and what gaps remain.

And agreed on success metrics: at least 30% of our customer have created at least one objective on the first 3 months and having 50% of the created objectives monitored.

Personas

Gideon the Analyst: Gideon analyses risks across controls, identifies data gaps, and delivers accurate vulnerability reports to strengthen cybersecurity hygiene and lower security risks.

Elliot the Engineer: Elliot maintains full data coverage, builds a secure environment through effective controls, and automates processes to boost efficiency and stakeholder trust.

Angela the Manager: Angela leads remediation efforts, prioritises business risks, and produces clear reports that demonstrate progress and enhance the company’s security posture.

Colin the CISO: Colin drives the organisation’s security strategy, embeds policies across systems, and delivers high-level insights to prevent attacks and guide remediation priorities.

Main user of Remediation objectives :
Gideon the Analyst: because Gideon will use the feature to set and track goals for failing metrics, quickly monitor progress, and deliver accurate reports without manual Excel work.
Elliot the Engineer: because Elliot relies on it to define targets for control gaps, follow remediation progress, and keep device coverage on schedule efficiently.