As GitLab grows, so does our need for new, more area-specific personas. Recently, as part of our effort to create personas, I was given a chance to craft one. As the UX designer for the Secure team here at GitLab, I jumped at the opportunity to learn more about security professionals, and how we may create products and features to meet their needs. Throughout the entire process, I gained a greater sense of empathy and a deeper understanding of the needs, goals, and pain points of security professionals. The result was our new Security Analyst Persona, Sam. However, I will add a caveat that this is not the end of the process, but the beginning of how we can better support security professionals with new features and functionality that address their specific needs. You can peruse the highlights and the persona itself below, and let us know what you think by tweeting us @gitlab!
The research
Here are some takeaways from the 10 interviews I conducted to create the Security Analyst persona.
We’ve learned that the Security Analyst is a bit of a generalist when it comes to their day-to-day tasks. From the research, I found that there isn’t one specific task that defines their day, but a grouping of tasks under the umbrella of security. I’ve written the summary of the persona to reflect the somewhat general nature of the Security Analysts' role:
"I wear lots of hats, but the majority of my time is spent monitoring and flagging events, running down high-priority tasks and working with other teams to implement new systems."
What motivates a Security Analyst?
Security Analysts strive for order in the chaos and, based on our research, are taking steps to achieve that order. One specific example:
When I’m monitoring my dashboards, I want to see everything I am monitoring in one tool, so I can do my job easier and more efficiently.
Moving between different tools and dashboards was identified as a significant problem area for Security Analysts. They found it hard to create a workflow that was conducive to remediating security issues while having to work across multiple tools.
Another motivation I found during the research was that Security Analysts desire to be more proactive than reactive in their work. I’ve summarized this by adding the objective below:
When security testing, I want to be more proactive than reactive, so I can anticipate potential threats or vulnerabilities before the bad guys do.
By being more proactive or shifting left in their work, Security Analysts are able to identify and remediate potential vulnerabilities before they become a problem or even lead to an attack.
What are some of the frustrations Security Analysts have?
I’m frustrated I don’t have the resources to complete this project to its specifications.
and
I’m frustrated when I know how to fix a security issue but the red tape at my company doesn’t allow me to in a timely manner.
A common theme seen throughout the research was that of constrained resources and time. Often we found that security teams were small in comparison to other teams within their organization. This resource discrepancy leads to work being done at such a pace that the project can’t be completed to its specifications or in a timely manner.
How are we using the security Analyst persona at GitLab?
We are all-in on making the Security Persona a first-class persona here at GitLab. Recently we launched the Group-level Security Dashboard, which allows security professionals to monitor all their projects, in one view, for vulnerabilities, and gives them the ability to take action on those vulnerabilities right from the dashboard itself.
Aside from security dashboards, we are constantly dreaming up more security features and enhancements that will help users keep their instances, groups, and projects secure. You can see our roadmap here for more on what's coming.
The persona
Keep an eye out for the rest of our series on the new personas!
Photo by Andrew Neel on Unsplash