How design is helping Scope Security communicate ROI

Categories: Design

Written by Laura Bosco

“Some idiot who wants to start a company should go solve healthcare security.” A few years back, Mike Murray said this to everyone who’d grab a drink with him in San Francisco.

Today, Mike has his hands full as CEO of Scope Security — a company actively solving healthcare security.

Here’s the story of how Mike (spoiler: he’s no idiot) became that cybersecurity CEO and how his dashboard for Scope:

  • Uses customer understanding to aid an underserved niche

  • Provides critical context during the sales process

  • Enables expansion into larger customer bases

  • Accelerates Scope’s plans for the future

Scope healthcare security

Scope’s early days and why hospitals aren’t as secure as we think #

Think back to the last physical or appointment you had. How many times did you put down your social security number in the intake paper? I bet it was more than once.

Now, think about this: In 2019, Healthcare accounted for 45% of all data breaches.

Hospitals aren’t as secure as we’d like to think.

This is even more troubling when you realize we’re not just talking about databases of patient records that are open to attack (though that’s scary enough). We’re talking about an entire ecosystem of internet-connected devices — from huge imaging scanners to tiny medical pumps.

Technology in hospitals today is, frankly, astounding. But while healthcare is experiencing a transformation in the way it provides care, it hasn’t experienced a transformation in the way it secures data.

That’s a problem.

In mid-2019, Mike founded Scope Security and set out to solve this problem.

"The best companies are the ones you can’t not start."

— Mike Murray

Here’s what’s ahead:

  • Where others tried and failed to solve healthcare security

  • Why a customer-facing dashboard is an important piece of the scaling puzzle

  • How Krit and Scope worked together to build out a dashboard

  • What the new dashboard means for Scope’s future

Where others have tried (and failed) to solve healthcare security #

You may wonder, If the healthcare security issue is so obvious, then why hasn’t someone else solved it?

It’s not that others haven’t tried, it’s that they’ve gone about it in all the wrong ways.

Their biggest mistake? Assuming hospitals operate like banks.

Cybersecurity tends to build most security technologies for banks, financial services, and governments, Mike explained. The assumption is “if a bank can use it, then everybody can use it, too.”

Yet banks and hospitals couldn’t be further apart. Mike used the example of walking into a hospital compared to a bank. In a hospital, it’s not difficult to duck into a patient room. “Try that at your local bank branch...and see how close to the vault you get before someone tackles you,” he said.

Hospital layouts, teams, personnel, and approaches to security aren’t parallel to banks, and that means healthcare doesn’t fit a one-size-fits-all security solution. Mike knew this from his experience in healthcare (he previously worked at GE Healthcare) and from talking with hospital teams.

So, Mike started Scope with a different assumption — an effective security solution for healthcare is one that’s custom-built for healthcare teams.

Catering to early customers: a backend first and user interface second #

Hospital security teams are often small and spread thin. This was especially true of Scope’s first customers.

Among other things, this meant Scope’s initial customers wanted notifications in the tools they already used — Slack, text, or elsewhere — instead of a sleek dashboard (aka another tool). So, Mike’s team built the powerful backend of Scope first.

“We intentionally didn’t build a UI [user interface] first,” Mike emphasized. “We intentionally built the backend and the analytics and the ability to ingest all the data.”

This approach made sense in the early days. But Mike wants Scope to grow into the one name hospital teams think of when they think about healthcare security. To be that name, Scope will need to serve larger teams and hospitals.

And to acquire those larger customers, Scope needed an interface they could showcase in the sales process. A dashboard, a single pane of glass, would help communicate ROI to those with purchase power. Especially for a product such as Scope — when it’s working well, things are quiet. A dashboard visualizes all the benefits and work that go into a healthy quiet for security teams.

“The UI is going to matter more and more over the course of time as we go upmarket”

— Mike

There was just one problem: Mike’s team didn’t include a user interface (UI) designer.

The problem? Scope didn’t have a user interface designer on staff. #

Scope’s founding team is essentially computer hackers, an AI expert, and an infrastructure expert. They’re extremely talented, but their skills don’t extend to frontend design.

“Nobody on my team is a frontend person and I can barely draw a stick figure effectively.”

— Mike

Meaning, it’d largely be a waste of Scope’s skillset to focus on designing an interface. “If you ask John, our head of threat Intel, he'd probably tell you he's good at this, but ultimately he's also one of the best hackers in the world.” Mike explained, “and I'm not going to have him designing user interfaces for a living. He’s here for a reason and it's not UI.”

Mike had two options:

  1. Spend a year or more building a dashboard on his own, using highly specialized team members in areas where their skills don’t shine.

  2. Outsource the dashboard to a team of designers and developers who could set him up for future success.

Mike went with option two and hired us.

“...if we had started from scratch, it would have been a year before we got to where we are now.”

— Mike

Ultimately, we not only eliminated countless decisions for Mike’s teams, but we also delivered a framework he can continue building on for years. From Mike’s perspective, “We know the frame, and having that makes it easy for anyone who comes in to build upon that rather than start from scratch.”

Partnering with Krit allowed Mike to craft a beautiful, effective UI in a short amount of time, without compromising any of his teams’ strengths.

Here’s how both teams did it.

“We used Krit to get the headstart that allowed us to get to a place where all the basics are covered...Everything I vetted is awesome.”

— Mike

Scope + Krit: an inside look at building out the dashboard #

Building out Scope’s new dashboard involved several steps:

  • Roadmapping: solidifying a strategic vision

  • Sitemap: defining the app’s hierarchy

  • Wireframes: figuring out what elements go where

  • Prototypes: visualizing, in high-definition, the final interface

  • Frontend build: bringing a complex, secure architecture to life

Here’s what each of those steps involved and how Scope played an integral role along the way.

The Roadmapping Session: defining where to go first #

The first step of working with our agency is an in-depth Roadmapping Session. In that session, we work with our client to define a clear starting point, timeline, and other critical factors.

cybersecurity user flow

A 10,000ft view of Scope’s user flow, crafted during a Roadmapping Session.

Without a clear and agreed-on plan, it’s easy to waste thousands of dollars and months of development time (a mistake no founder or team ever wants to make). Roadmapping Sessions safeguard against this mistake, ensuring time and money goes exactly where it needs to.

That sounds simple, but focus is rarely easy. It often involves knowing what corners you can and can’t cut.

Scope, for example, deals with hospital data, so cutting corners on security wasn’t an option. That corner has a razor-sharp edge — a security shortcut could cut the company to shreds.

“There are corners you can cut and there are corners you can’t.”

— Mike

A helpful analogy Mike used here was the idea of glass balls and rubber balls. He says every company juggles both, and there’s no job where you can keep all the balls in the air at the same time. The trick is to figure out which balls are made of glass (these shatter when you drop them) and which are made of rubber (these bounce).

For Scope, some features, like interactive comments in the dashboard, were rubber balls. Scope’s team could drop this from the first version and pick it back up later. But other dashboard aspects, like security, were glass balls. These would shatter if dropped and be impossible to repair — therefore dropping them wasn’t an option.

Once both teams had a clear understanding of the project, priorities (glass vs. rubber features), timeline, flow patterns for the application, and other critical factors, it was time to dive in.

Sitemap: defining hierarchy and priority #

The sitemap is the first and simplest step of the design process. It’s where our team breaks down how features will be organized, how the overall navigation will work, and other fundamental decisions.

cybersecurity UI

Example sitemap.

Small steps like this one are important because the design process involves an enormous of decisions. And just like you wouldn’t make every decision about building a home at one time, you don’t make every decision about building a product or app at one time. You start with the foundation and blueprints and then move into more detailed decisions from there.

The sitemap and wireframes (the next step) are a bit like blueprints — they break big decisions into more approachable buckets. Krit Partner and Creative Director Austin Price explains, “you're trying to break it down to where you're making a decision about one thing at a time.”

Wireframes: defining what information lives on each page #

Once the sitemap was in place, Austin moved on to wireframes. Here, we focused on how information appeared on each page.

This included determining how and where the following pieces showed up:

  • Alerts

  • Incidents

  • Findings

  • Investigations

  • Anomalies

  • Events

cybersecurity wireframe

A wireframe of Scope’s new dashboard. Wireframes show where information lives on each page, without all the nitty-gritty design details (those come next).

Like other steps of design, Austin didn’t build out wireframes in a vacuum.

To produce these wireframes, he consulted regularly with Scope’s team and engineers, plus leaned on information gathered in the Roadmapping Session and customer interviews.

Prototype mockup: visualizing the data for the customer #

After both teams agreed on the flow of the UI (the sitemap) and what information went on each page (wireframes), Product Designer Iris Wang created the mockups.

cybersecurity dashboard design

High-fidelity mockup of Scope’s new dashboard.

Mockups are what’s called high-fidelity — they’re so detailed, they look like the final product. We even make our mockups clickable, so clients can tour the entire design and see what happens when you click a button.

You may notice data presentation was a big part of the final design. To get this piece right, Krit dedicated additional research time to data visualization.

Scope’s data needed to:

  • Stand out from other security dashboards

  • Appeal to Scope’s wide variety of customers (and their wide range of technical expertise)

  • Look more like healthcare than traditional security (e.g. no dark-mode)

  • Focus on high-level reports and metrics

  • Immediately answer, “what is going on?”

Iris started by looking into a variety of visualizations for inspiration. She asked questions like, “what do other visualizations get right and wrong?” and “how can we ensure Scope customers immediately grasp what they’re seeing?”

A small clip from Iris’ inspiration board.

“I wanted to make sure I created something a user could see and immediately understand what was going in their organization.”

— Iris Wang

As a result, the visualizations in the final designs are clean, simple, and uncluttered. They also strategically used bold colors to draw customers’ eyes to the most important pieces of information first. For example, we sparingly used red — we reserved it for important items like critical escalations — so attention goes there first.

cybersecurity design

We reserved bright red for critical items that demand attention.

“The biggest thing with the dashboard is, whenever you log into it, the things you need to see are the first things that you DO see.”

— Austin Price

Frontend build: bringing a complex architecture to life #

After revisions and tweaks to the mockups, it was time to translate the visual designs into the product customers would use.

This is where we encountered some timeline road bumps.

As we mentioned up top, security was a non-negotiable for Scope. Mike needs to be able to guarantee each purchaser that data from their hospital can never mingle with data from another hospital. Mike explained it’s critical these customers hear, “‘I can 100% prove to you that if there are patient records in your data, it will never end up in someone else's database. And there's no way for it to because they're actually physically separate things.’”

To get technical, this meant Scope needed a non-commingled multi-tenant architecture with a single frontend. And while it wasn’t easy to build, that’s exactly what Scope received.

cybersecurity dashboard

To build Scope’s UI, we used Vue.js, Tailwind CSS, and data Scope provided through their backend.

But creating this architecture wound up extending our initial timeline, and that delay was tough for Mike.

However, he knew from experience that patience was the best approach. After all, he’d tried other options in past roles. “I've sent the yelling email. I’ve pounded on the desk. I've done all of those things,” he reminisced. “And then in my experience, not one of those changed a thing other than making everybody feel bad...it's going to take how long it's going to take.”

Besides, both parties knew these architecture complexities were glass balls — they were those non-negotiables that couldn’t get dropped. And Mike understood our team was working hard to build things the way Scope needed because that’s what we’d done all along. Mike acknowledged, “I don't think that anyone's sitting around twiddling their thumbs playing on their Nintendo switch instead of working. So what point is there to be upset about it?”

To be clear, delays aren’t ideal for Krit either, but we prioritize our client on every project. (It’s also why we don’t do fixed scope contacts — so we can be flexible to any changing needs!)

Scope’s new dashboard: a competitive advantage, accelerated head start, and foundation for years to come #

While Scope’s new UI is a useful dashboard for healthcare, it’s far more than that.

As we mentioned earlier, it’s an effective sales tool, a way to communicate ROI to those with purchase power, a step toward acquiring a larger customer base, and an accelerated headstart for Scope’s growth plans.

The dashboard is also:

  • A competitive advantage for acquiring healthcare customers

  • A foundation Scope can confidently build on for years

A competitive advantage for acquiring healthcare customers #

Unlike other security companies, Scope understands healthcare. Their dashboard is one more place they get to prove this.

Because the dashboard shows alerts and reporting, it helps Scope pitch executives with purchase-power.

The funnel graph, for example, reminds customers what they’re paying Scope for — to head off problems. From left to right, it visualizes potential issues the healthcare team could’ve faced but, thanks to Scope, don’t have to face. This value is otherwise hard to communicate — when Scope’s team is doing their jobs well (as they do), there’s very little to report.

cybersecurity visualization

The funnel graph is an easy way for customers to grasp what Scope is doing behind the scenes.

It also provides value to the security teams who use it day-in-and-day-out.

From usability to intuitive screen flows to un-cluttered data visualizations, the dashboard is custom-built for security teams in hospitals. While there are security elements in the design, the overall look says to customers, “We get healthcare” not “this is a one-size-fits-all security tool.”

This differentiates Scope from any other security solution on the market.

A foundation Scope can confidently build on for years #

While both teams are proud of the current dashboard, it’s still evolving, and there’s plenty of work to be done.

But Mike is confident the foundation is a well-engineered starting point.

“When I look back two years from now, we’ve taken what Krit built and we’ve built upon it rather than starting from scratch.”

— Mike

He said, “We know what the look and feel is, we have the color scheme, we have the structure of pages and functions...now it’s just building on what Krit has done.” Meaning, this structure is one both teams can work on together and something MIke can confidently bring in-house down the road.

“It's been great...we got exactly what we wanted.”

— Mike

Working on a cybersecurity product? #

If you’re a founder who’s growing a cybersecurity company and trying to figure out how to scale your product, we’d love to talk with you.

Schedule a free strategy call with Andrew to learn more about the services we offer and how we can help you delight your customers.

We’d love to hear from you.

Laura Bosco is a writer and people person. She helps tech startups do tricky things, like explain who they are and what they're doing. Ping her on Twitter to say hi.