ENGAGEMENT
DayBlink was engaged by the InfoSec Organization of a large Financial Institution to streamline and automate how cybersecurity services were requested and the workflow for getting the requests fulfilled. These requests numbered in the thousands per year performed by hundreds of product owners, developers, administrators and engineers (aka: customers).
PROBLEM
Customers – product owners, administrators, engineers, and developers – seeking security services from the InfoSec Org (e.g., system security plans, system architecture reviews, onboarding SAST and DAST tools, processing ACL requests, etc.) were frustrated at the painful intake process. Our analysis revealed that a common use case, for example an architectural change to an existing platform that required a security review, had several pain points: (1) there were nearly 50 different services to choose from and it was unclear which were required, (2) the service intake form required over a hundred questions to be answered and could take hours to complete, (3) the data entry form was clunky with a poor UI/UX, (4) after submission it was unclear what the next steps were, when the work would start, and who would be the primary point of contact within InfoSec for further questions, and (5) after submitting all of this information there was no mechanism to save in a format that could be reused for the next security service for the same platform.
SOLUTION
DayBlink was engaged in the capacity of a Product Manager responsible for streamlining and optimizing this service. Our engagement included analyzing the existing process, workflow and tools end-to-end, recommending solutions, and then managing the implementation. This analysis was conducted in four phases: (1) planned and executed pain point discovery sessions with customers (aka: voice of the customer analysis) and the InfoSec Team responsible for managing this function. (2) Assessed the pain points, distilling these into a prioritized roadmap of opportunities to improve the service request and fulfillment process. (3) Developed technical and functional requirements for a new service management system. (4) Transition from Product Manager to Program Lead supporting the client with implementation of the solution.
Notably, the analysis and resulting solution borrowed many best practices from the CRM and Service Management industries, a welcomed approach from cybersecurity leadership that recognized optimizing the customer experience was not their core strength.
RESULT
Improved the customer experience in several ways. Rationalized the number of services offered and improved the value proposition of each. Dozens of security intake questions were eliminated cutting the intake cycle time in half. Deployed a new front-end to improve the UI/UX simplifying the form submission process. Introduced a security request specialist role that acted as the owner and primary point of contact throughout the fulfillment process, responsible for setting expectations on next steps, timing, and completion dates. Streamlined and standardized practices and processes across the fulfillment teams i.e., the cybersecurity SMEs that do the work. Finally, set-up a variety of self-service functions including the ways customers could interface with the InfoSec Team based on their preference including chat, email, phone/virtual and office hours.