Thumbnail for Building from the Service Up
Back to Work

ActZero · Phase 2 of 3 · Architecture

2021

  • 9-week launch cadence
  • Cross-functional NPS 64

Building from the Service Up

First customer portal built from analyst workshops — complete IA before engineering, shipped in nine weeks with no prior product spec.

Challenge

Live MDR service, no product documentation — nine weeks to ship a portal engineering could build against.

Role

Product Design Director — workshop facilitation, IA, and ship

Approach

Collapsed research and architecture into analyst-led workshops; scoped MVP boundaries in the IA document itself.

Outcome

Portal IA shipped as built → cross-functional NPS 64; workshop model became ongoing roadmap process.

Thesis

When the service and the interface are built simultaneously, the people operating the service are the spec. The design job is building extraction and synthesis fast enough to keep pace with engineering.

ActZero · Phase 2 of 3 — Architecture

With a public brand and marketing site in market (Phase 1), the next constraint was legibility — customers needed to see what the MDR service was doing on their behalf. There was no product spec. The portal architecture had to be extracted from analyst knowledge before engineering could build.

Context

ActZero was operating a live MDR service — 24/7 threat detection and response for SMB and mid-market companies without in-house security teams — while building its first customer portal. The portal needed to surface monitored events, escalated incidents, reporting, and the ongoing work of ActZero’s analyst team.

The service was still being formalized as a product. Analysts held the operational knowledge: what customers asked about, what confused them, what the service produced but never surfaced. There was no documentation to design from. The interface had to be extracted from the people running the service, on a timeline compressed by the parallel stealth exit already underway.

Insight

Analysts held authoritative knowledge but had never been asked to externalize it — traditional research timelines would miss the launch window entirely.

Hypothesis

Same-session extraction and prioritization would produce build-ready requirements without a separate synthesis phase.

Decision

Ran journey-stage workshops before any UI design — P0 requirements emerged from repeated customer anxieties, not stakeholder opinion.

The Service Blueprint Workshops

The method was a hybrid format — part research synthesis, part roadmap prioritization — run with MDR analysts, product, and GTM together. The goal wasn’t traditional research deliverables. It was to extract operational knowledge, surface customer patterns from service delivery, and translate both directly into product requirements.

Sessions were structured around customer journey stages: first login, first incident escalation, first reporting cycle, first renewal conversation. For each stage, we mapped what analysts knew, what customers experienced, and what the portal needed to make visible. If analysts mentioned the same anxiety three times across two sessions, it became a P0 requirement.

Design maturity staircase diagram showing four stages from non-design through form-giving, process, and strategy
Workshop alignment tool — positioned design at the strategy and process layer, not form-giving on top of decisions already made.

The Portal Blueprint

The workshops produced a complete information architecture before engineering began — a sitemap and user flow hybrid documenting every section, navigation path, content requirement, and MVP boundary.

ActZero Customer Portal MVP — complete sitemap and user flow hybrid showing all six navigation sections, authentication paths with SSO provisioning, portal home content specification, security assessments two-path architecture, endpoints, reports, and MVP scoping decisions
Portal MVP blueprint — every section, flow, and scoping decision documented before the nine-week build began.
Portal navigation and entry flow — global nav bar showing Home, Endpoints, Security Assessments, Reports, My Account and Contact; authentication entry via Login with SSO path and Reset Password; Portal Home, Contact, My Account and Reports section specs
Global navigation and authentication flows — six portal sections with content specification at each node.

Six navigation sections came from workshop output: Home, Endpoints, Security Assessments, Reports, My Account, and Contact. Authentication flows — SSO provisioning, four-step password reset — were specified alongside feature flows.

Scoping decisions are visible in the document itself: vulnerability tracking and a Security Assessment summary widget on Portal Home were flagged out of MVP scope in an Idea Box. Designing the boundary as deliberately as the features is what made nine weeks achievable — engineering had a definitive in-scope list, not an open-ended brief.

Security Assessments carried a question mark in the IA — still being validated for MVP. It shipped. The two-path architecture underneath became the structure in Security Posture Assessments.

Portal Design and Ship

The portal served three audiences: the SMB owner or IT generalist who needed posture clarity without technical fluency, the CISO who needed evidence for board reporting, and the analyst team who needed to communicate escalations clearly.

The dashboard reflected workshop findings directly: monitoring metrics at the top, a security coverage gauge, events over time, an escalations table, and a severity breakdown for executive reporting. Every element mapped to a specific customer question the workshop process had surfaced.

ActZero customer portal dashboard showing monitoring metrics, security maturity gauge, events chart, escalations table, and severity breakdown with component annotations
Shipped portal dashboard — monitoring metrics, escalation views, and executive reporting surfaces mapped to workshop requirements.

Before launch, we ran an early access usability program — moderated sessions through first login, navigation, report generation, and assessment flows. Findings fed the final pre-launch iteration.

ActZero First Look Customer Portal early access program usability testing session deck showing scenario and activity cards
Pre-launch usability testing — scenario cards covered the flows most likely to generate support load if wrong.

Outcome

The portal shipped on a nine-week cadence. Cross-functional NPS landed at 64 — a strong signal the experience held together across customer, analyst, and product teams. Self-serve onboarding reduced analyst support load. Escalation visibility and executive reporting became daily workflow surfaces for customers who had previously relied on email and ad hoc reports.

The workshop model itself became a deliverable — a repeatable mechanism for keeping the roadmap grounded in what the service was actually delivering.

flowchart TD A([No product spec\nanalyst knowledge only]) --> B[Service blueprint\nworkshops] B --> C[Portal IA +\nMVP scope] C --> D[Dashboard design\n+ usability testing] D --> E([Portal shipped\n9 weeks]) E --> F([Cross-functional\nNPS 64]) C -.-> G[Security Assessments IA\nPhase 3]

The Security Assessments feature — scoped in the portal IA, designed and shipped as the evidence layer for renewal conversations — is covered in Security Posture Assessments.