Skip to content

Case study · Security Awareness Platform · 2026

Awareness10 Security awareness training

Turning a scattered set of phishing, training and survey campaigns into one measurable human-risk system — where every campaign rolls up into a single organization risk score security leaders can act on.

Role
Product Designer & Team Lead
Team
4 designers · 4 devs · 1 PM · 1 QA
Timeline
6 months
Platform
Web App
Awareness10 — dashboard with an organization risk score, phish-prone trend and behavior map

01

Overview

Project info

Awareness10 is an enterprise security awareness training and human risk management platform. Admins run phishing simulations, training and awareness campaigns, surveys, USB-drop tests and policy attestation across their workforce — all rolling up into one analytics dashboard. I led design for a ground-up redesign of the core reporting and campaign surfaces, owning both the hands-on work and the design direction for a cross-functional team of four designers.

34 → 72 Organization awareness risk score (0–100, higher = safer)
27% → 6% Phish-prone rate — employees who clicked a simulated phish
−64% Time to configure & launch a campaign (45 → 16 min)

02

The challenge

The platform ran real programs, but the data behind them didn’t connect. Phishing results, training completion and awareness activity lived in separate tables with no shared score — so admins could report what happened, but not whether the organization was actually getting safer.

Fragmentation
Phishing, training, awareness and survey campaigns each reported in isolation, with no shared metric to compare them.
No risk signal
Raw counts (sent, opened, completed) had no interpretation — nothing told an admin if the org was safer than last quarter.
Audit pressure
Security leads needed defensible, exportable evidence fast, but assembling a coverage report meant stitching several screens by hand.

03

The before

What the core reporting and campaign screens looked like before the redesign — raw counts with no scoring, no filtering, no forensic detail.

Legacy dashboard — a wall of raw counts with no risk score, trend or behavior data
Dashboard — a wall of raw counts. No risk score, no trend, no behavior data.
Legacy training campaigns — a bare list with no status, progress or export
Training campaigns — a bare list. No status, no progress, no export.
Legacy training reports — one flat dump with no tabs, filters or coverage view
Training reports — one flat dump. No tabs, no filters, no coverage view.
Legacy phishing campaign users — who was targeted, not what happened to them
Phishing campaign users — who was targeted, not what happened to them.

04

Approach

  1. Research

    Phase 01 · research Discovery

    Interviewed security-awareness admins, CISOs and compliance leads, and shadowed live phishing and training programs. Found the same behavior — a repeat clicker, a chronic non-completer — being reported five different ways with no single view.

  2. Information architecture

    Phase 02 · information architecture Structure

    campaign types reporting into one risk score

    We re-modelled the org’s security posture as a single risk score, not five disconnected reports. Phishing, training, awareness, survey and attestation campaigns now all feed one behavior model — so a click on a simulated phish, a missed training deadline and a skipped attestation all move the same needle admins can watch over time.

  3. Systems & leadership

    Phase 03 · systems & leadership Scale

    As team lead, I set the direction for four designers and built a shared component system (stat bands, filter bars, expandable rows, export toolbars) so four engineers shipped consistently across ten-plus campaign types without a fragmented UI.

  4. Prototyping & validation

    Phase 04 · prototyping & validation Proof

    Tested the risk-score gauge and the phishing drill-down with real security admins; iterated until a risk trend and a forensic click-through both felt trustworthy at a glance.

We stopped reporting campaigns one at a time and started scoring the humans behind them.

05

The solution

A dashboard with a real risk score

An organization risk-score gauge, a phish-prone-over-time trend and a behavior map replace raw counts — so a security lead can see, in one glance, whether the workforce is getting safer, and export the view for the board.

Dashboard with an organization risk-score gauge, phish-prone trend and behavior map
Dashboard with risk score — final screen.

Campaigns that track themselves

Status, live progress and per-row actions turn a static campaign list into something admins operate — launch, monitor and close a campaign without leaving the table, then export results for the record.

Training campaigns list with status, live progress and per-row actions
Training campaigns, tracked — final screen.

Reports that connect

Tabbed coverage views, a real filter bar and cross-linked course-to-campaign columns let an auditor answer “who’s covered?” in seconds instead of stitching screens by hand.

Training reports with tabbed coverage views, a filter bar and cross-linked columns
Training reports & coverage — final screen.

Forensic phishing outcomes

A seven-metric outcome band (delivered, opened, clicked, reported and more) plus an expandable device-and-geo drill-down turn “who was targeted” into “what actually happened” — legible enough for a five-minute standup, detailed enough for an incident review.

Phishing campaign users with a seven-metric outcome band and device-and-geo drill-down
Phishing campaign users, forensic view — final screen.

06

Results

34 → 72 Organization awareness risk score (0–100 composite, higher = safer)
27% → 6% Phish-prone rate — clicked a simulated phish, over 3 quarters
58% → 91% On-time training completion
−64% Time to configure & launch a campaign (45 → 16 min)
−48% Time to assemble an audit-ready awareness report (~2 → ~1 day)
−52% Repeat clickers — clicked in 2+ consecutive simulations

Within three quarters, the platform stopped just reporting campaigns and started managing risk. Security leads could point to one number in a board meeting instead of five reports, admins launched a new phishing simulation in the time it used to take to find the last one, and the audit team pulled a coverage report in an afternoon instead of two days.

07

Reflection

The hardest part wasn’t designing a screen — it was designing what to measure. The risk-score model was the real unlock: once phishing, training and attestation data fed one behavior model, every downstream screen (dashboard, reports, campaign detail) had something meaningful to show. If I ran it again, I’d bring engineering into the information-architecture phase even earlier — the risk model only held together because we agreed on how behaviors get scored before a single chart was drawn.

Durus — the galvanizing-plant processing board

Next case

Durus / Running a galvanizing plant on one screen

Continue

08

Let’s Connect

Looking for a designer who can bring clarity to complex products and improve business outcomes? Let’s connect.

Download CV