Human Firewall · InfoSec Ventures

Evolving a legacy security platform into an AI-native risk intelligence system

Enterprise SaaS · Cybersecurity · AI-Assisted Design

Timeline

2024 to Q1 2026

Team

Product, Eng, CS

Role

Product Designer

HF 3: Dashboard Overview
Human Firewall 3: Dashboard Overview showing campaign stats, action hotspots, and department performance

01: The Starting Point

A 10-year-old platform. Functional, not empowering.

Human Firewall 2.0 had been running for nearly a decade. It allowed security teams to run simulations, assign training, and view risk scores. It worked, but it reflected the era it was built in.

Campaigns were historically executed. Analytics were static. Risk was displayed as a number. Workflows required frequent support involvement.

The system was functional. It wasn’t empowering. Modernizing without breaking trust became the real challenge.

HF 2: Legacy

  • Manual campaign creation
  • Static reporting
  • CS-dependent workflows
  • Risk as a number

HF 3: What Was Needed

  • AI-assisted creation
  • Behavioral intelligence
  • Self-serve confidence
  • Risk as a structure

02: The AI Shift

Retrofit vs. Rebuild

HF 2.0 was built in a pre-AI era. Campaign creation was manual, content required effort, reporting was static. Meanwhile, competitors were adopting AI-driven workflows.

We had two options:

Option A

Add AI to a 10-year-old system

Modernize the surface. Not the foundation.

Option B ✓

Build entirely new

Design around AI, not on top of it.

I used Gen AI tools (Cursor, Claude, ChatGPT) to rapidly explore flows and prototype campaign structures. AI accelerated exploration. Direction and constraints were always human-defined.

Working with Engineering

Engineering pushed to defer AI-assisted content creation to a later MVP: the LLM fine-tuning needed for realistic phishing templates and landing pages required time we didn't have. We treated base-level AI assistance as essential for launch: users had to feel that HF3 was doing the work from day one. The compromise: ship a pre-made library for MVP1 while building the AI creation flow in parallel. Building that library manually taught us exactly how our backend prompts needed to behave, so when AI creation shipped in MVP2, it was grounded in real content patterns, not guesswork.

HF 3: AI-Assisted Campaign Creation
HF 3: AI-Assisted Campaign Creation flow

03: Low Compromise ≠ Low Risk

Low compromise didn’t always mean low risk

In several campaigns, compromise appeared low, but open rates were low too. We weren’t measuring vulnerability. We were measuring non-engagement.

Sent
100%
Opened
72%
Clicked
38%
Compromised
12%
Reported
24%

To improve measurement accuracy, we introduced:

  • Action-based delivery: emails triggered when users were active
  • Needle phishing: AI-personalized content for realism

Open rates increased. Compromise increased. Not because risk worsened, but because it became visible.

Action-Based Delivery Logic
Action-Based Delivery Logic

04: AI Could Launch. We Said No.

Sending a campaign to 10,000 employees is not a background action. It is an organizational event.

Automation

AI prepares

Authority

Admins approve

Automation reduces effort. Authority stays human.

Campaign Review & Preview: HF 3
Campaign Review & Preview: HF 3

05: Risk Score Redesign

A risk score without context is just anxiety

HF 2 showed risk as a number. But a number without explanation creates uncertainty. Admins couldn’t see why risk increased, which factor contributed most, or where to intervene.

What we tried before the radar

V1

A weighted single number with hover to explain

The number got better. The trust did not. Admins still asked CS what it meant.

V2

A long horizontal bar split by contributing factor

Technically accurate. Admins read it left to right and stopped at the first factor.

V3

A radial gauge with severity zones

Looked decisive. But severity was the wrong frame. A user is not eighty percent risky. They are risky in a specific way.

The shift came when we stopped trying to summarize risk and started trying to describe it.

Behavior

Simulation response patterns

Training

Compliance & completion

Amplifier

Role sensitivity weight

Hierarchy breakdown

OrganizationDepartmentGroupUser

Not a score: a structure.

vCRO: Radar Chart & Factor Breakdown
vCRO: Radar Chart & Factor Breakdown

“Understanding our security posture used to be a closed conversation between us and the security team. With vCRO, every role can read it from their own view. The non security stakeholders finally understand where we stand.”

CISO, mid sized enterprise customer. Paraphrased from migration feedback.

06: Reporting Without Distortion

We chose not to soften truth, and not to dramatize it either.

Compromised
Reported

No ranking of failures. No public exposure of compromised users.

Gamification rewarded positive behavior: reporting phishing, completing training, improving over time.

Failure stayed private. Improvement became visible.

Gamification Dashboard: Points & Badges
Gamification Dashboard: Points & Badges

07: Compromise → Micro-Learning

Compromise became intervention, not punishment

CompromiseLanding PageFlashcard Training

A transparent landing page explained the simulation and highlighted missed cues, followed by a single action: Start Training.

Flashcards became the core format. Each pack combined learning cards with quiz cards: short, interactive, immediate. No long LMS modules. No passive video fatigue.

Training strictness was configurable. Compliance modules remained non-skippable by default. Awareness modules allowed flexibility.

Simulated phishing email in Gmail: Apple Vision Pro Enterprise Beta lure
HumanFirewall reveal page shown after clicking, “Oops! Apple wasn't real” with the warning signs breakdown
HF 3: Flashcard Training cover card preview

See how the training builder was designed

08: Building HF3 While HF2 Lived

Two systems. One customer base. Zero room for confusion.

HF 3 was not a replacement launched overnight. Migration had to feel justified, not forced.

“I don’t need to call CS for everything.”

From customer calls during the HF3 beta.

“I trust the system more.”

From customer calls during the HF3 beta.

HF 3 reduced dependency. It increased clarity. That difference, more than AI, drove adoption.

HF 2: Legacy
HF 2: Legacy campaign creation with 7-tab manual workflow
HF 3: Redesigned
HF 3 Redesigned campaign creation: answer 4 questions (What, Who, Then, When) wizard

09: Confidence Replaced Dependency

The shift wasn’t loud. It was behavioral

48 percent increase in admin engagement after the HF3 rollout.

Measured before and after across all 10 migrated clients.

The shift showed up across signals over the first six months of HF3, not in a single dashboard.

CS tickets that used to come in before every campaign launch dropped to a trickle. Campaigns that took days to schedule started going out the same day. Admins began discovering features without asking, the role sensitivity settings, the gamification controls, the training strictness toggles.

The numbers backed this up. Admin engagement went up 48 percent, measured before and after across all 10 migrated clients. Customer side report adoption rose 32 percent, measured via portal downloads across the same clients. And new feature and bug report escalations dropped roughly 20 percent on onboarded customers.

Admins stopped needing reassurance before pressing launch. The platform stopped feeling like a tool they operated carefully. It became a system they trusted.

“We trust the system enough to launch without help. That is the win.”

Security operations lead, enterprise customer. Paraphrased from migration feedback.

10: What This Project Changed in Me

I moved from designing interfaces to defining boundaries

  • Where AI should act.
  • Where humans must decide.
  • How risk should be shown.
  • How failure should be handled.

In the AI era, execution is accelerated. Judgment is not.

Clarity builds trust.

Trust creates autonomy.

Autonomy scales products.