Guardum Analyzer.png

Guardium Analyzer | Cloud Compliance

Guardium Analyzer | Cloud compliance

Guardium Analyzer | Cloud Compliance

Guardium Analyzer is an IBM Security SaaS offering within the Guardium data protection portfolio. It is a lightweight hybrid solution that allows user to derive compliance insights from their data. It uses an on prem data connector and leverages IBM analytics to identify how well data complies with a chosen regulation, assess data patterns, and highlight key vulnerabilities that require remediation. Guardium Analyzer is useful for small companies to large enterprise oragnizations who need help better understanding where their data lives, and how compliant they are with regulations such as GDPR, HIPAA, PCI, SOA, etc.

The Challenge

My job as a researcher while working on this continuous delivery product team was to collaborate closely with my ux and front end development colleagues to refine existing personas based on an evolving involving, assess and prioritize user needs, conduct secondary research on state of the art practices, map user needs to new experiences, and liase with sponsor users and business partners. Finally, the most rewarding part of my job was getting face to face time with users to conduct conduct interviews and prototype evaluations. I also worked on UX tasks including site maps, wireframing, prototyping, and delivery of high fidelity mockups.

Empathizing with our users to understand their perspective is key. In addition to empathy maps and journey maps we took an in-depth look at our information architecture to ensure users could navigate swiftly to accomplish their task at hand.

Empathizing with our users to understand their perspective is key. In addition to empathy maps and journey maps we took an in-depth look at our information architecture to ensure users could navigate swiftly to accomplish their task at hand.

Business Outcomes

My design colleagues and I introduced the product team to innovative approaches such as experience blueprints that helped us to define user journeys before jumping into interative wireframing. I provided unique value to my team by implementing new research methods for evaluation and synthesis, and by creating reusable templates I reduced the turn around time for research synthesis, so that I could provide my team with the key insights they needed faster.

User Impact

Users expressed excitement over a lightweight and intuitive tool for assessing regulatory compliance. Our product team became highly efficient in continuous delivery, working at a rapidly and agilely to map experiences, iterate on designs, produce prototypes, and deliver code in the course of just a few weeks. While on the team I helped to deliver experiences for risk over time, getting started experiences, notifications, multi-regulation, and auditor reporting. In talking to users I identified a new persona, the data engineer. who has become crucial to the industry, the data engineer and produced extensive research synthesis which I then was able to contribute to the wider security design team portfolio.

Time //

Jan 2017 - March 2017

My role //


My team //

Theresa Phelan | UX

Deri O Huiginn | FRont end development

Esteban perez hemminger | LEad & project management.

Rick Sobiesiak | Mentor

Methods //

competitive analysis

Research planning

Prototype evaluation

Empathy maps

System maps

persona creation

Iterative wireframing

Research synthesis

Quantitative and Qualitative research

Artifacts //

Experience blueprint

Workflow Map

To-be experience

Invision prototype

Research playback


“The way you guys are embracing personalisation is important.”

-Sponsor user

Empathy maps for Guardium Analyzer personas

Empathy maps for Guardium Analyzer personas


Stepping into our users’ shoes

Our team had great success using experience blueprints to build empathy with our users and gain a holistic perspective on their journey. We created a blueprint for each experience. We prepared for the blueprint by identifying the key persona(s). We then wrote need statements for the user specific to their needs around a story or set of tasks (eg. risk over time). We then mapped out the steps within the journey, and from there we were able to work together with our dev team to identifying user actions, and what had to happen on the front end and the back end to communicate progress to users and allow them to move forward in their task flow, so they could accomplish their goal.


My team uses sketch to create workflow maps and wireframes

We often collaborate with development and offering management to map our experiences in mural before exploring in wireframes

We often collaborate with development and offering management to map our experiences in mural before exploring in wireframes


Iterative wireframing and prototyping

My teammates and I met daily to share brief updates and review work as necessary. We use Sketch for creating workflows and wireframes. We like to start at the lowest possible fidelity, pen and paper, so that we can make changes quickly. Once we had a solid idea of where we are headed and the content on each screen we moved to sketch and create progressively higher fidelity flows.

As we worked on wireframing, I captured key assumptions we made as designers. I shared these assumptions with my team. I asked them to review and add to the list so that we could then identify the questions we really needed to ask our users. Once we had a rough draft of questions I would take time to craft these questions in an open ended way that would confirm or deny our assumptions without leading a user to a pre-defined answer.

Planning is crucial for effective execution

Preparing properly for each user session is of paramount importance to build trust with our users and ask the non-biased, substantive questions. Each time I conduct a generative interview or an evaluative user testing session I am thinking about two things:

  1. I need to ensure that my team will get the most value possible at of each user session

  2. I want our users to derive value from the sessions. They should feel truly heard and have the opportunity to see how their feedback impacts our design decisions.

As a user researcher, I am the user advocate, and I need to champion their perspective and keep my team aligned to their needs. I create a tailored guide for each round of testing. I meticulously track feedback, and then I provide the synthesis in a variety of visualizations and key takeaways so that my team can quickly consume the insights and act on them. For Risk Over Time we learned that comparison is key to any data engineer’s job and that they want progressive disclosure of information. They need to start with the big picture and then drilldown on a single database and track metrics over an assigned time period. Those insights validated design decisions and led us to make key revisions to notifications and the details panel on the database page.


User interviews, Prototype evaluations, and Research synthesis

While on the Guardium Analyzer team I met with a wide variety of different types of users, including internal subject matter experts, respondent recruits, business partners, and sponsor users. In IBM, building relationships with users over time is highly valued. It is so important to establish a rapport, so that users feel comfortable to speak honestly and want to continue to share feedback. Meeting with users is my favourite part of any project as I get to hear their stories, including their pain points and the opportunities they envision. I then can highlight those key moments for my product team so they we can really articulate the value of our design. The users are why we loop through the process of observing, reflecting, and making, so that we can make their lives a little easier.

A preview at the invision prototype we showed our users