Corelight - Network Security
Corelight - Network Security
Embedded Files
My role
My role
At Corelight, I drive the design of intuitive, user-focused solutions for security analysts, helping them triage detections quickly and effectively. By collaborating with cross-functional teams, conducting user research, and iterating on prototypes, I’ve delivered features like enhanced detection workflows, streamlined alert management, and actionable insights. My work has improved user efficiency and contributed to aligning the product with the needs of technical, detail-oriented users.
Results
Results
Key results include launching the Guide triage workflow, reducing user friction by simplifying complex log-scale queries during detection triage. This enhancement drove a 20% increase in POC conversions and ARR growth for Corelight in the enterprise market.
The challenge: A Frustrating Investigation Process
The challenge: A Frustrating Investigation Process
Imagine being a security analyst staring at endless lines of logs, trying to identify potential threats. Every second counts, but the process is slow—flipping between multiple tools, deciphering fragmented information, and struggling to connect the dots before an attack spreads.
At Corelight, we saw this firsthand. Analysts were overwhelmed, missing key details, and spending too much time triaging alerts instead of taking action. They needed a better way to investigate threats —fast, intuitive, and reliable.
Understanding the users: The SOC Analyst’s Daily Battle
Understanding the users: The SOC Analyst’s Daily Battle
To truly grasp the problem, I spent time with analysts—observing their workflow, listening to their frustrations, and mapping their processes.
A key challenge they faced was querying the correct logs. Analysts needed deep knowledge of each alert indicator to differentiate true positive threats from an overwhelming number of false positives.
The patterns were clear:
Analysts spent too much time switching between tabs and piecing together data manually.
Cognitive overload led to missed insights and slower threat response times.
The interface lacked a clear way to prioritize high-risk alerts.
The Breakthrough: Guided Triage
The Breakthrough: Guided Triage
Instead of minor UI tweaks, we asked: What if we could completely transform how analysts investigate alerts?
Enter Guided Triage—a streamlined workflow that consolidated all relevant information into a single, interactive view. No more scattered data or manual log queries. We solved the problem by bringing alert indicator values directly into the UI, eliminating the need for analysts to dig through logs. AI-powered summaries contextualized these values, reducing cognitive load and enabling faster decision-making.
The solution was designed to be accessible for less sophisticated users, making complex investigations easier. At the same time, advanced users still had log-level access at their fingertips, ensuring they could dive deeper whenever needed.
Analysts now had:
Context-rich alerts enhanced with AI-driven insights.
Visual timelines mapping threat activity over time.
Clear next steps for fast, confident decision-making.
Report abuse