Enterprise Cybersecurity

Cyber Threat Operations Center

A unified dashboard ecosystem for SOC analysts, fraud teams, and cybersecurity leadership, built to compress mean-time-to-detect, cut alert fatigue, and translate technical risk into board-ready language.

ctoc · fusion-kill-chain
Fusion Kill Chain, hero dashboard
Fusion Kill Chain, the SOC floor's first screen each morning
The Brief

Thirteen dashboards, one system

A bank's threat operations live across fragmented, alert-noisy tools. The work spans three very different audiences, the analyst on an overnight shift, the investigator chasing a lead, and the executive who needs a board-ready read on risk.

A self-directed concept: I framed the domain, defined the terminology, designed a shared UI system, and built thirteen interlocking dashboards as a single, coherent product.

Role
Product Designer · self-directed
Scope
Framing & IAUI system · Prototype
Audience
SOC · Fraud opsCISO / Executive
Status
Hi-fi prototype
Domain
Enterprise Cyber · Banking
System
1 design system · 13 views
Challenge

Signal, buried in noise

Three structural problems shaped every decision, each became a design constraint rather than a feature request.

01
Alert fatigue
Analysts drown in undifferentiated alerts. Severity has to be unmissable, and readable at a glance, color-blind safe.
02
Fragmented tools
Detection, incidents, fraud, and intel live in separate apps. The analyst is left to stitch the story together.
03
Risk ≠ board language
Leadership needs technical risk translated into exposure, trend, and decisions, not raw event counts.
The Hero · Fusion Kill Chain

Every stage of an attack, on one timeline

The dashboard the team turns on first: live kill-chain progression, fused signals, and the single most urgent thing to do next.

Fusion Kill Chain dashboard
Approach

One system, three layers

The product is organized into three tiers that mirror how the work actually flows, from the live SOC floor, to deep investigation, to the executive read. Shared chrome and one severity language hold all thirteen views together.

01
The SOC floor
Real-time monitoring built for an eight-hour overnight shift, glanceable, low-fatigue, severity unmissable.
02
Investigation
Deep-dive views for incidents, fraud, insider risk, DLP and intel, every alert opens the same triage drawer.
03
The executive read
Risk translated into exposure, posture, and trend, board-ready language, not raw event counts.
04
One severity language
Five levels, encoded in more than one channel so it stays legible and color-blind safe everywhere.
The Triage Workflow

Click any alert, anywhere

One consistent right-side drawer opens over every dashboard, context, evidence, and the next action, without losing your place.

Triage drawer open over a dashboard
The Ecosystem

The other twelve

Every dashboard inherits the same chrome, top bar, sidebar, time-range, KPI strip, so moving between them never costs a re-orientation.

Detection dashboard
Incidents dashboard
Threat intel dashboard
Fraud / money movement dashboard
Insider risk dashboard
Executive risk posture dashboard
By the Numbers

Scope of the system

0
Interlocking dashboards designed
0
Severity levels, color-blind safe
0
Experience layers, floor, investigation, exec
0
Shared design system across them all
SELF-DIRECTED CONCEPT ON SYNTHETIC DATA, NOT VALIDATED PRODUCT METRICS.

Before drawing a single screen, we wrote down what the product should never do, then designed everything else around those lines.

Design principle · CTOC
More Work

Recent cases

All work
Goals-Driven Finance
FINTECH · AI
Goals-Driven Finance
Money, anchored to your life
 Smart Lighting App
CONSUMER IOT
Smart Lighting App
Whole-home lighting, made personal
Version Showcase Standard