Role: Senior UX Researcher
Client: Cisco Security
Product: Cisco XDR (Extended Detection & Response)
Timeline: 2024

This study explored how security teams navigate and respond to incidents within Cisco’s XDR (Extended Detection and Response) platform, a cybersecurity system designed to unify and correlate threat data across multiple sources. While users were able to quickly locate relevant information, the research revealed a critical gap between visibility and action. Security analysts, IT managers, and incident responders described workflows where data was accessible but lacked the clarity needed to confidently decide what to do next.

Through seven in-depth interviews and real incident walkthroughs, I examined how users interpret incident data, prioritize threats, and engage with AI-generated summaries. The findings showed that users rely heavily on visual cues such as color and status to make quick judgments, yet often ignore AI summaries due to low trust and limited perceived value. What users needed most was not more information, but clearer context—specifically around impact, timelines, and recommended actions.

Findings & Outcomes

The research highlighted a consistent gap between finding information and acting on it. While incident data was easy to access, it lacked the structure and guidance needed to support decision-making. AI summaries were underutilized, signaling an opportunity to rethink them as actionable tools rather than passive overviews. These insights informed recommendations to strengthen visual hierarchy, emphasize impact and timelines, and introduce clearer next steps within the interface.

Ultimately, this work helped reframe XDR from a system of visibility into a system of action—shifting the focus toward supporting faster, more confident decisions in high-pressure environments.