Open to roles across product, design & research Get in touch →

I'm Meghan
sole designer and PM Lead at a B2B security startup.

Hello Friend

I own UX end to end and drive product direction. I'm at my best at the messy, undefined front of a project, turning "we're not sure what this is yet" into something clear, shipped, and functional.

Strategist Builder Shipper
Check this out

Five case studies from Spec, a B2B SaaS security infrastructure startup. Research-driven 0→1 builds spanning investigative tooling, information architecture, data visualization, and self-service features. 2023–2026.

Open to roles across product, design & research Get in touch →
About

I came to product design by a winding route: years of construction project management and running small businesses. That mix left me fluent in stakeholder alignment, quick to read how a business actually works, and permanently allergic to solutions that ignore it. Today I'm the sole designer and PM Lead at Spec, a B2B security infrastructure startup, owning UX end to end from problem definition through shipped feature.

For all that business pragmatism, what I really believe is simpler: UX isn't fundamentally a digital problem. It's a human one. That's what growing up in the performing arts taught me.

Digital products should exist to give us more time back in the real world.

As for my real world: I'm a New Orleans native who enjoys good music, good company, and good cooking. When I'm offline, you can find me teaching Ballet, learning about photography, and coaxing the garden through a zone 9 summer.

Meghan Thomas
What I bring
Background
Construction PM → Design Small Business Management Arts & Visual Foundation Solo IC + PM Lead (0→1)
Context
B2B SaaS Security Infrastructure Early-stage Startups Technical Products
Design
Visual Design & Systems Data Visualization Information Architecture Figma & Prototyping
Product
User Research & Discovery Product Strategy Roadmap & Prioritization Cross-functional Leadership
Say hello

Drop me a line. I like knowing what people are working on, even when the timing isn't right.

meghan.m.thomas@gmail.com
Open to roles across product, design & research Get in touch →
2026 Spec B2B SaaS / Security Infrastructure Investigative Experience

Reducing time to access, understand, and take action on identifiers

Entity Linking for Investigations

EBL — entity profile overview
Overview

Rebuilding the entity profile — a fraud analyst's view of a single identifier like an email, IP, or merchant ID — into one hub where they investigate and act without leaving the page.

My role
PRD User Research UX Design Product Tickets Roadmap Prioritization
Impact
Minutes → secondsEntity lookup time
In-productBehavior analysis, no CSV exports
3 of 4Milestones shipped
Discovery

Discovery had one job: find where the real friction actually was, in analysts' own words. With no direct line to fraud analysts, I had to be creative.

I reviewed Gong call recordings for verbatim client pain points and spoke with the Product Success team who field analyst questions daily. They were the closest proxy to the end user. Finally, I used affinity mapping to turn scattered quotes into themes, and those themes pointed to one surface as the highest-leverage place to start: the Entity Behavior and Linking experience.

Affinity mapping exercise in Excel

Affinity mapping exercise in Excel

"Where can I see all the orders for this user?"

"How many devices are associated with this email?"

Fraud analysts, surfaced in discovery
The problem

The profile is where investigations happen, but it fought analysts at every step: slow to navigate, hard to act in, incomplete by default.

Entity profile — before redesign
Where it broke down
Too many clicks to reach the right entity
List status buried
Taking action required navigating away, losing investigation context
Events missing from the stream completely
Entity relationships required manual digging
Profile activity restricted to 90 days, an incomplete behavioral picture
The approach

Working from each how-might-we question, I roughed out and stress tested executions with Figma MCP and Claude Code, then converged on a single idea: any entity reachable from anywhere, with every action happening in place.

01 Diverge: exploring executions
Ideating with AI

Ideating with AI

Designing with AI: worth the hype?

AI takes the tedium out of ideation, but it doesn't replace the designer: you trade managing yourself for managing an IC only as good as your direction. Used with intention it's a genuine additive; left unchecked, you spend your time fixing its output instead of sharpening your own.

02 Converge: the profile as a hub
New information architecture layout for the entity profile

New information architecture layout for the entity profile

How we shipped it

Rather than wait for the full redesign, I shipped in milestones, each unlocking a capability while the next was still in build.

M1Extended entity profile history beyond the default 90-day window
M2Inline list status: editable in place from the profile and visible across every surface (tables, search, flyouts)
M3Direct entity lookup from the global nav bar
M4Full profile buildout: linked entities, event tables, failure explanations, list history
Shipped In progress
What I built

A UX to reach any entity, act on it, and see its full story, without leaving the page.

M1Shipped
Extended profile history

The 90-day activity cap wasn't arbitrary: it kept ClickHouse query costs down given Spec's event volume. But 90 days often wasn't long enough to establish behavioral patterns.

Rather than lift the cap, I kept the cost-conscious default and gave users an optional window up to 365 days. Most analysts rarely needed past two or three quarters, so 365 was a deliberate test boundary: enough to validate real demand before expanding further.

A 90-day window isn't an investigation tool. It's a gap in the record.
Date picker — before

Before

Extended date range picker — after

After

M2Shipped
Inline list status

Every entity shows a status chip (Allowlist, Blocklist, or No List), editable in place and synced both ways with Lists. The same treatment carries through every table, search result, and flyout in the product.

Taking corrective action used to mean leaving the investigation entirely. Now it's one click in place.
Allow/Block — before

Before

Allow/Block — new inline

After

M3Shipped
Global entity search

A search bar in the side nav lets analysts look up any identifier without leaving context. Live suggestions surface as they type; one click lands in the right profile.

It's arguably the highest-leverage unlock, so why M3 and not M1? Dependencies. A true global search would have been prohibitively expensive at Spec's data volume, so I scoped it with PS to a semi-global lookup on key entities. That still needed a new search table from the platform team first, so I sequenced lighter milestones ahead of it and landed it as early as the release chain allowed.

Analysts know their destination. The product's job is to get out of the way.
Entity lookup — before

Before

Direct lookup — final

After

M4aIn progress
Differentiated event tables

Events split into four tables (Payments, Refunds, Logins, Signups), each with tailored columns and breakdowns. A new event_context field lets PS add plain-language explanations to failed events.

Why was this blocked? The table should answer that before the analyst has to ask.
Event tables — before

Before

Event tables — final

After

M4bIn progress
Entity relationship graph

A node graph surfaces first-degree connections grouped by identifier type, node size scaled to volume. Selecting a node filters the linked entities table and updates the event volume chart live.

This wasn't the first attempt. An earlier graph had been scrapped for good reason: nodes drifted when selected, and color noise buried any pattern. The rebuild was a series of corrections: scope links to first degree, strip the palette, lock the nodes static, and scale each by its event count so volume reads at a glance. From there it hands off to the real analytical work: aggregates, timelines, and click-throughs into event search.

Investigations rarely stop at one profile. The graph makes thread-pulling visual, not manual.
Linked entities — before

Before

Linkages — final

After

Scoping decisions

Scoping is a design decision, not just a dev one: I cut two features not for lack of value, but because the conditions to build them right didn't exist yet.

Active attack banner

Cut on engineering scope and flagged for revisit after launch, recalibrated to whichever clients were actually onboarded by then.

Bot / agent / human classification

This had to be solved at the session level first. Surfacing it in the profile before that upstream work landed would have shown clients false confidence.

Final designs
Final design — entity profile

Entity profile

Final design — entity linking

Entity linking

Impact

The initiative wound down before the full build-out. The highest-leverage pieces shipped anyway.

"Awesome!! We have made so much positive progress in such a short amount of time across the board. It's been crazy!!"

Product Success team member
Expected impact
Any entity reachable from anywhere in the product in seconds
List status visible and actionable without navigating away
Entity relationships surfaced visually, not pieced together manually
Behavioral patterns analyzed in the profile, replacing manual CSV exports
Reduced volume of client Slack questions routed to PS team
Reflection

Sequencing by leverage is insurance.

Dependencies always shape the order: some work can't ship until its prerequisites exist. Within those constraints, I front-loaded the highest-leverage, lowest-lift pieces, so when the initiative wound down early, the work that mattered was already in users' hands.

Open to roles across product, design & research Get in touch →
2024 Spec B2B SaaS / Security Infrastructure 0 → 1 Product Experience

Removing setup guesswork with a front-end interface for a back-end process

Site Sentry

Site Sentry — route table overview
Overview

A 0→1 product that maps customer traffic into a visual route table, cutting onboarding from weeks to hours.

My role
PRD User Research UX Design Product Tickets Roadmap Prioritization
Impact
2 wks → 12 hrsCustomer onboarding time
Auto-mappedStandard route configurations
0 → 1Net new product surface
Discovery

Every new deployment started from a guess. Before building a fix, I had to learn why.

I mapped how customer deployments actually worked. PS team interviews exposed a manual, speculative routine: push catch-all specs to see what existed, then reconfigure once the data came back. Sales conversations revealed a parallel gap, Spec was pitched as "proactive," but that proactiveness lived in the process, not the product. Mapping the deployment steps made the root cause plain: with no way to see what routes a customer actually had, every setup started from zero.

"Guess and check. Every time."

Product Success, on the old workflow

You can't configure what you can't see. PS was deploying blind just to learn what was there, so the first thing to build wasn't the config tool, it was the ability to see at all.

The problem

Guess and check.
Every time.

Configuring Spec's event catalog meant mapping URIs, headers, query parameters, and body criteria for every route worth monitoring. The problem: there was no way to know what routes actually existed in a customer's environment, or what data was present in any given request or response.

Site Sentry — before
Where it broke down
No visibility into routes existing in customer environments
No way to see what data was in any request or response
Configuration done through guess-and-check with catch-all specs
Inconsistent, error-prone deployments with no coverage confidence
PS couldn't verify a site was adequately spec'd without manual testing
"Seamless and proactive" existed only in process, not in the product
How we shipped it

Visibility first.
Then control.

The project was structured around a clear priority order: surface everything first, then give users the tools to act on what they see. Route discovery had to work reliably before route management could mean anything.

M1Route table: all routes automatically sampled, compressed, and displayed with velocity and spec association
M2Route details: velocity history, spec name and event type, route key breakdown, sample request/response
M3Route management: wildcard merging, split routes, export match JSON, full-text search
M4Advanced configuration: PS-controlled resample scheduling and batch processor refinements
Shipped In progress
What I built

Four decisions.
One surface.

M1Shipped
Route table

The Site Sentry home view is a route table: one row per route key, automatically populated by sampling the proxy. Each row surfaces the route key, sampled call rate, a 7-day velocity visualization, and the associated spec name and event type if one has been deployed. ID-heavy paths are algorithmically compressed into wildcard routes, and irrelevant routes are filtered by MIME type and HTTP verb before they ever reach the table.

Routes that aren't spec'd should be immediately distinguishable from ones that are. The table is the answer to "have we covered this?"
M2Shipped
Route details

Clicking into any route opens a detail view with the full picture: velocity history, spec name and event type, a breakdown of the route key (URI, query parameters, headers, body), and a sample request and response from the actual customer environment. This was the answer to the question PS had been asking manually for every deployment: what data is available on this route?

The information existed in the proxy. The product's job was to surface it, automatically, without catch-all specs and without guessing.
M3Shipped
Route management

Site Sentry isn't a read-only view. It's a working surface. PS can full-text search across all routes to check for specific cookies, headers, or form data keys. Routes can be split by adding match criteria that distinguish one variant from another, or merged via wildcards when ID segments clutter the table. When a route is ready to become a spec, match criteria can be exported as JSON and fed directly into the spec catalog. No transcription, no translation.

Merged wildcard routes are remembered in future re-samples. The work done once shouldn't have to be redone.
M4In progress
Event insertion estimate

The sampled call rate for any route doubles as an insertion rate estimate: telling PS teams roughly how many events a new spec will generate before they commit to it. This closed a key gap in the configuration workflow: teams could now validate the scale of new coverage before deployment, rather than discovering it after the fact.

Knowing the volume impact of a new spec before shipping it changes how confidently teams can act. Estimates aren't perfect, but they're far better than nothing.
Final designs
Scoping decisions

Held back,
on purpose.

Two capabilities were explicitly held back from this release, not because they weren't wanted, but because they would have created fragility or set the wrong expectations at launch. Visibility and trust had to come first.

— Manual UI refresh trigger
— Promoting Route Key Specs into native Specs

Promoting Route Key Specs into native Specs would have blurred a meaningful distinction in the data model. Keeping them separate at launch meant users understood what they were working with, and the upgrade path could be designed deliberately rather than bolted on.

Impact

Onboarding-time range per the Product Success team's lived experience.

Day one value.
Every deployment.

Site Sentry replaced a manual, error-prone onboarding process with an automated, visual one. Customers get immediate visibility into what's happening across their environment on day one. PS teams get a surface they can trust, and for the first time, the product could demonstrate its own proactiveness rather than have someone explain it.

Product impact
All routes automatically surfaced, no catch-all specs or manual testing
Spec'd vs. unspec'd routes visible at a glance
Sample request/response data available without any configuration
Emerging routes surfaced automatically as environments change
Team impact
Customer onboarding cut from roughly 2 weeks to 12 hours
Consistent, repeatable path to trusted deployment coverage
No more misconfigured routes from guessing at what's there
Sales can point to a product experience, not just a process
Event insertion rate estimates before committing to new specs
Reflection

What this project
reinforced.

Configuration tooling is UX
Internal and PS-facing tools shape customer outcomes just as directly as the end-user surface. Designing them with the same rigor, and the same empathy, matters.
Guess and check is a design failure
When users resort to trial and error, it usually means the product isn't surfacing what it already knows. The information existed in the proxy. The interface just wasn't showing it.
Prove it, don't just say it
A feature that makes the product's value visible is worth as much as one that delivers it. Site Sentry did both, but the visibility part was new, and it mattered to sales as much as to PS.
Automation earns trust slowly
Wildcards and compression are powerful, but users need to be able to override them. Remembering manual decisions in future re-samples wasn't a nice-to-have. It was the thing that made automation feel safe to rely on.
Open to roles across product, design & research Get in touch →
2024 Spec B2B SaaS / Security Infrastructure Self-Service Feature

Saving internal resources with a self-service list manager

Allow / Block Lists

Allow/Block Lists — hub overview
Overview

A self-service hub that hands clients all 20 allow and block lists, making time-sensitive blocks instant.

My role
User Research UX Design Product Tickets Stakeholder Alignment
Impact
20Lists now client-managed
Self-serveRoutine list updates
Real timeTime-sensitive blocks actioned
Discovery

To find the bottleneck, I looked at what clients kept asking PS for. The request queue told the story.

PS team interviews surfaced a constant stream of inbound Slack messages that had nothing to do with their actual expertise. Request pattern analysis showed how lopsided it was: a disproportionate share were simple, repeatable updates clients could easily make themselves. And urgency mapping made the cost concrete, fraud moves fast, but a block only happened when PS was free to action the request.

"Can you add this email to the block list?"

Recurring client request, via Product Success

Clients knew exactly what they wanted to block. The product just wasn't letting them do it themselves.

The problem

Every change needs
a middleman.

Clients who needed to update their allow or block lists had one option: submit a request to Spec's Product Success team and wait. For routine list hygiene, that was an inconvenience. For time-sensitive fraud operations, a known bad actor appearing in real time, it was a genuine operational gap.

Lists — before redesign
Where it broke down
Every list update routed through PS team
Time-sensitive blocks delayed by team availability
No bulk import: single values only via request
No visibility into change history
PS team bottlenecked on routine, repeatable work
20 element types with no unified management surface

Information architecture: from config to interface

The core of the work was structural. All twenty list types lived only in a backend JSON config. There was no client-facing UI at all; consolidating them into a single, filterable hub under Model Settings was the decision the entire feature hung on. Close work with the PS team, who fielded these requests daily, informed how the lists were grouped and surfaced in the new structure.

How we shipped it

One release.
Four decisions.

The feature was scoped as a single release targeting the core self-service loop: find the right list, make the change, confirm it happened. Each capability built on the last: the hub made the lists visible, entry made them editable, validation made editing safe, and the log made it trustworthy.

M1Hub view: all 20 allow and block lists displayed simultaneously with filter
M2Entry management: single value or comma-separated bulk paste, press Enter to confirm
M3Validation: duplicate detection across lists and format checking where applicable
M4Change log: full history of every save event, grouped by session
Shipped
What I built

Four decisions.
One hub.

M1Shipped
The Lists Hub

The lists manager now lives in a Model Settings tab (the start to a self-service UX which will eventually hold other self-service actions) and opens to all 20 allow and block lists displayed simultaneously. A filter panel on the left lets users search by list name or by values within lists, so finding a specific entry across all lists takes seconds. No toggling between tabs. No hunting through menus.

One hub for everything, because no one should have to remember which tab their block list lives in.
M2Shipped
Single & bulk entry

Adding entries was designed to support both the single-value case (one email to block right now) and the batch case (a report of 200 suspicious IPs). Users type a single value or paste a comma-separated list directly into the input field and press Enter. Both paths feel the same: no separate import modal, no file upload flow required.

The fastest path to adding one value and the fastest path to adding two hundred should feel like the same action.
M3Shipped
Honest validation

Validation catches duplicates across lists and format errors where the element type has a consistent format to check against. Entries are not case-sensitive. But the system is transparent about its limits: some element types, like zip codes, vary enough by country that format validation would produce false negatives. For those, the product doesn't attempt validation it can't do reliably.

A validation system that claims to catch everything it doesn't is worse than one that's clear about its scope.
M4Shipped
Change log

The Change Log sub-tab gives clients a full history of every modification. Each line item represents a save event, so if a user updated three lists in one session and hit save once, those changes appear grouped together, reflecting how the action actually happened. Especially valuable in multi-user environments where multiple team members have access.

Confidence to move fast comes from knowing you can see exactly what happened and when.
Final designs
Scoping decisions

Knowing what
not to build.

Nothing here was a hard cut. The discipline was the opposite: holding a tight scope so v1 could ship fast and prove the core loop (find the list, make the change, confirm it) before anything else got layered on. These were the lines drawn deliberately, to be revisited once real usage showed which ones actually mattered.

— Granular per-user permissions per list
— Time-limited or expiring entries

Paste-and-go covered bulk entry well enough to ship. A file uploader sounds obvious, but "obvious" is just an assumption until someone actually hits the wall. Let real usage ask for it.

Impact

Control returned.
Bottleneck removed.

The PS team had been fielding list management requests as a matter of course: a low-complexity, recurring task that took up availability they needed for actual client work. Handing that control to clients didn't just unblock them. It freed the team to focus on the work only they could do.

Client impact
List updates no longer require a PS team request
Time-sensitive blocks can happen in real time
Bulk imports and single entries handled in the same flow
Full audit trail for every change made across all 20 lists
Team impact
PS team freed from routine list management requests
Change Log gives PS a shared source of truth for client conversations
Reflection

What this project
reinforced.

Self-service features are trust features
Giving clients direct control over something that affects their product behavior means the design has to make them feel confident, not just capable. The interface isn't just functional. It has to feel safe.
Transparency about limits builds trust
A validation system that claims to catch everything it doesn't is worse than one that's honest about its scope. Knowing the edges of a tool is part of knowing how to use it well.
The audit trail is the feature
The Change Log isn't just for compliance. It's what makes acting quickly feel safe. Clients needed to move fast on fraud operations, and confidence to do that required knowing they could always see what happened.
One input, two use cases
The same field that handles a single email handles two hundred IPs. Designing for the range upfront, rather than building a separate bulk flow, was the right call. Simplicity that scales is harder to build, and more valuable when it works.
Open to roles across product, design & research Get in touch →
2025 Spec B2B SaaS / Security Infrastructure Visual Design / Data Visualization

Improving recall and accessibility with a unified color palette

Color Palette 101

Color Palette 101 — final palette
Overview

Spec's first color system: a 12-color chart palette and five semantic states, replacing 50+ scattered hex values.

My role
Visual Design Data Visualization Systems Design
Impact
50+ → 12Disconnected values unified
0 → 1Shared color library, reusable across projects
5Semantic status states defined
Discovery

The color problem surfaced inside a broader product audit. I'm not a color theorist, so I had to find another way in.

Color was one layer of a wider audit spanning IA, interaction, styling, and type, and it was impossible to ignore: 50+ disconnected hex values, no shared language, no rationale for any single choice. I don't come from a deep color theory background, so I leaned on outside help. Paul Tol's color research gave me a framework to reason about it; Viz Palette tested color sets in real chart contexts and flagged where shades collapsed or failed accessibility. Then I did all my testing in context, inside real data visualizations rather than swatches, since that's the only way to know whether "distinct" values stay distinct at the sizes and densities they'd actually appear in.

What's mathematically distinct isn't always visually distinct. The eye doesn't read hex codes. Twelve "unique" colors can still collapse into a blur of blues, so the real job was optimizing for perception, not math.

The problem

Color as noise,
not signal.

The product had accumulated over 50 disconnected hex values across charts and UI elements without systematic organization. As the charting surface expanded, the inconsistency compounded: each new visualization made its own color choices, with no shared language to tie them together.

Where it broke down
50+ disconnected hex values with no shared system
No semantic meaning: colors carried no consistent signal
Mathematically distinct values that read as similar in context
No brand anchor: chart colors untethered from identity
No status layer: risk and state communicated inconsistently
How we shipped it

Eight months.
Three phases.

The work unfolded over eight months in three distinct phases: each one building on the last, and one of them responding to a surprise mid-project rebrand. What started as a color audit became a full system, and then had to be rebuilt around a new brand anchor before it could ship.

Phase 1Full product audit including color: deep research phase, landed on a 12-color chart palette
Phase 2Risk and informational color layer: five semantic states, including a carefully calibrated yellow
Phase 3Surprise rebrand: rebuilt the palette around new brand blue and purple, added 4 accent colors
Phase 4Chart/data vis overhaul: paused when client POC request took precedence
Shipped Paused
What I built

Three phases.
One system.

Phase 1Shipped
Audit & research

Color was one piece of a broader product audit covering IA, interaction design, styling, and typography. On the color side: every value in the product was catalogued, the inconsistency documented, and then a real research phase began.

I initially thought I needed 15 colors. After testing with Viz Palette and working through Paul Tol's color theory research, I landed on 12, including Spec's brand blue as the anchor. The research phase was extensive and essential. This wasn't territory I had deep color theory experience in, so I built the foundation before making decisions. Accessibility was a core part of that exploration: Viz Palette simulates how color sets read across different types of color blindness (deuteranopia, protanopia, tritanopia) and flags pairs that become indistinguishable. Several early candidates that looked strong in isolation failed those checks entirely. That feedback loop was what made the tool so valuable; it caught issues no swatch review would surface.

You can't design a system without understanding what you're replacing. The audit came first, and the research shaped every decision that followed.
Phase 2Shipped
Risk & informational colors

With the chart palette established, the next layer was semantic: a set of colors that would communicate risk and informational states consistently across the product. Five states: red (malicious), yellow (suspicious), green (good), grey (neutral), blue (secondary informational). Yellow was the hardest. It had to read clearly as "suspicious" without veering into orange or washing out into something too bright to be taken seriously. Getting it right took significant iteration, but landing on a yellow that was unambiguously moderate risk, not too orange, not too light, was one of the most important decisions in the whole system.

I tried and tried and tried again. The palettes that came close to being greenlit kept running into the same wall: too similar to a competitor, or too close to another well-known product. Which raised a harder question: how do you differentiate without diverging for its own sake? Being different just to be different isn't design. It's noise. And noise, in a data product, is the last thing you want. At the same time, if a palette works, if it's accessible and legible and users already understand its language, is replicating it actually wrong? That was the quandary. There's no clean answer to it, which made it one of the most genuinely difficult parts of this project.

Where we landed: anchor to meaning. The risk and status colors didn't need to be original. They needed to be correct. Green means good. Red means bad. Yellow means watch out. Those associations are too deep to fight, and fighting them in the name of differentiation would have made the product harder to trust. The distinctiveness came from how the system was built around those anchors, not from the anchors themselves.

The right yellow took the longest to find. A color that communicates "suspicious" can't be confused with warning orange or decorative gold. It has to sit in its own lane.
Phase 3aShipped
The rebrand

Midway through the project, a surprise: Spec rebranded with a new brand blue and purple. The palette had to go back to the drawing board. The goal expanded: not just update the chart colors, but build a full color system: 8 main color families (red, orange, yellow, green, blue, purple, pink, grey) with stops up and down from each main to support future dark mode. Brand blue and purple were subbed in directly. Grey was edged toward Spec's blue tones to keep blacks away from true black. Red and green carried over from the risk color work in Phase 2. The one exception: the risk yellow stayed protected. It had taken too long to find and was too precisely calibrated to risk touching. A distinct orange and yellow were drilled into separately for the chart palette. Four accent colors (for chips, icons, categories, future product features) were also defined as part of this phase.

With the expanded palette defined, the same validation process from Phase 1 ran again: every color put through Viz Palette to check for distinguishability and accessibility issues. The rebrand had introduced new values that hadn't been tested in data visualization contexts before, so this wasn't a formality. New blue, new purple, adjusted neutrals, all of it needed to hold up at small sizes, in overlapping series, and across the range of visual impairments the tool flags. Some colors needed nudging. Some passed cleanly. The color report became the documentation of what was intentional and what was a known tradeoff, so future decisions could be made with context rather than from scratch.

The risk yellow was too right to touch. When rebuilding the full system around new brand colors, protecting that one decision was non-negotiable.
Phase 3bShipped
Usage & application

A color system without usage guidance is just a swatch set. The output of Phase 3 included how each color category applied across UI contexts (backgrounds, borders, icons, text) with clear rules for where each role belonged. This layer also laid the groundwork for a future dark mode: the color stop structure across each family was designed with that in mind, so it wouldn't require starting from scratch when the time came.

Documentation is part of the design. The decisions embedded in the system only survive if they're written down clearly enough for the next person to follow without guessing.
Final designs
Scoping decisions

What didn't
ship yet.

Two pieces were deliberately deferred, not for lack of value, but because the timing wasn't right. The system itself shipped complete; these were the extensions left for the moment they could land with full impact.

Paused
Chart / data-vis overhaul (Phase 4)

The existing chart palette was good enough to hold, so the overhaul was deliberately paused: better to fold it into the eventual redesign of the Insights experience and its core charting aids than to rebuild the chart colors in isolation.

Deferred
Design tokens in code

A matter of time, not priority. The system was fully defined in Figma; codifying it as tokens in code was slated to build with the front-end team during the next innovation week.

Impact

One system.
Every chart.

Before this work, every chart made its own color choices. After, every chart pulled from the same intentional framework: built around brand, tested for legibility, and documented for future contributors to build on without having to reinvent decisions that had already been made.

System impact
Replaced 50+ disconnected values with one intentional framework
Reduced visual noise across all chart and data surfaces
Five semantic states give status colors one consistent meaning everywhere
Design system impact
A shared library, reusable across projects, lets new charts skip one-off color decisions
Accent color system handles edge cases without fracturing the core palette
Foundation for design tokens when the codebase is ready
Reflection

What this project
reinforced.

Math isn't perception
Colors that are maximally distinct by perceptual distance metrics can still read as similar in a dense chart. The only reliable test is the context the colors will actually appear in, not a color picker.
Systems design is tradeoff management
There's no perfect palette. Every decision involves tradeoffs between usability, accessibility, scalability, and brand cohesion. The goal is the best achievable balance, not the perfect answer to any single axis.
Semantic colors earn trust by being predictable
A status color that means one thing in one place and something else in another stops functioning as a signal. Consistency is the feature, not just an aesthetic preference.
Open to roles across product, design & research Get in touch →
2023 → 2025 Spec B2B SaaS / Security Infrastructure Product Experience / Data Visualization

Creating a legitimate starting point and a path into data analysis

Insights Experience

Insights experience — final design
Overview

Turning a passive analytics Hub into one that surfaces what changed, before users even know to ask.

My role
UX Design Research Redesign PRD (Chart Click-Through)
Impact
3Phases shipped, 2023 → 2025
Custom ChartsPer customer at onboarding
Chart click-throughTo filtered Advanced Event Search experience
Discovery

The knowledge of what mattered lived in the PS team's heads. My job was to get it into the product.

The PS team knew the sessions worth watching, the trends, the patterns that mattered per customer, but none of it lived in the product. A new-user audit showed the cost: people arriving at the Hub had no way to see what was happening without already knowing what to ask, so the product rewarded expertise it couldn't assume. A second chart-interaction audit surfaced a related gap: nearly every chart was a dead end. Only the Session Volume Timeline let you click through to search; everything else forced users to rebuild the query by hand.

"They are great examples of why we need to make the product clean for clients. They will actually be using it."

Product Success team member
The problem

Powerful search.
No starting point.

The product could answer almost any question a fraud analyst or security team wanted to ask, but only if you arrived with the question. That core gap, a powerful tool with no guidance, surfaced in three different ways over three years, and each became its own phase of work.

The original Insights experience — powerful but passive

The original Insights experience: powerful, but it required you to arrive with a question.

2023 · Phase 1
No starting point
New users had no way to see what was happening without already knowing what to ask. Trends meant manual CSV exports and pivot tables, critical changes went undiscovered until they became incidents, and the PS team's knowledge of what mattered never made it into the product.
2024 · Phase 2
The wrong unit of analysis
As adoption grew, a deeper mismatch surfaced. The data was session-centric, but customers thought in events and entities: "what was the IP with the most event velocity that visited our site last week?" couldn't be answered at all.
2025 · Phase 3
Dead-end charts
One gap remained: charts surfaced patterns but couldn't be clicked into for query analysis. Every visual was a dead end, especially costly for Security teams with low tolerance for friction.
How we shipped it

Three phases.
One connected experience.

The Insights experience launched in 2023 as a standard surface giving new users immediate context on their properties. A second phase expanded beyond session-centric data into custom, PS-configured, per-customer dashboards built around events and entities, speaking in the language customers actually used. A third phase closed the biggest remaining gap: charts that couldn't be clicked into for query analysis.

Phase 1 · 2023Insights experience: insight list and detail shipped together as one release
Phase 2 · 2024Custom Dashboards: per-customer event and entity visualizations built by PS
Phase 3 · 2025Chart click-through: every chart connected to its relevant search experience
Shipped
Phase 1 · 2023

Designing a
starting point.

The foundation. Before Custom Dashboards (2024) and chart click-through (2025) could build on it, the core experience had to exist: a starting point assembled from the PS team's knowledge of what mattered to each customer. What follows is that founding effort, end to end: explore, converge, ship.

01 Diverge: exploring the layout

With the PRD in hand, I moved into the design space to make sense of it: roughly translating requirements into Figma, pulling screen inspiration from products solving adjacent problems, and pressure-testing how the insight cards and overall layout could come together. The goal was to explore widely before committing: how insights should be grouped, what belonged on the first screen, and how each metric should read at a glance.

02 Converge: information architecture

The exploration converged on a deliberate narrative arc: the broadest view at the top, narrowing down to the most granular. At this time, the product was communicating user journeys at the session and lightly at the event level. Every chart became a doorway into the underlying data for each use case that was sold to the customer in the form of 'modules'.

Information architecture — progressive drill-down from insight list through overview and detail, out into search

From there the structure resolved into concrete wireframes, then got checked against the original experience to make sure nothing in the PRD was lost.

Lo-fi user flow across the Insights experience

Lo-fi user flow: the full path from insight list through overview and detail, out into search.

03 Ship: the Insights experience

The experience shipped as a single progressive drill-down. The Insight List grouped session and event trends, each showing its week-over-week change and a 7-day trend, color-coded so problems read red and wins read green. Clicking an insight filtered the Session Volume Timeline to the relevant sessions and events in that use case.

The shipped Insights experience Component states across the Insights experience

States: the loading, empty, and populated states behind each surface.

Curated beats flexible. Most users don't want to build their own dashboards — they want someone to have already decided what's worth watching.

What came next

Building on
the foundation.

Phase 2Shipped
Custom Dashboards

The original Insights page was session-centric, but customers thought in events and entities, and PS was regularly fielding questions session-based reporting couldn't answer. Custom Dashboards handed that flexibility to the Product Success team: with a JSON config and a ClickHouse SQL query against the underlying event and entity data, PS could spin up any visualization a customer needed (refund reasons, top cities, high-velocity IPs) and white-glove each customer's experience without an eng ticket or a redesign. Three chart types (bar, line, pie); an internal-only flag let PS build and vet privately before exposing a dashboard to the client. Just as useful, it doubled as a low-cost testing ground for which visualizations customers actually reached for: signal to de-risk a future overhaul of the core Insights experience. This phase didn't call for new design: the charts reused the existing chart library and color system, so my role was to be available to test as engineering built it out.

Information architecture — custom event and entity charts added to the Insights structure
The fastest way to learn what Insights should show next was to let the people closest to customers build it themselves. PS's dashboards became both a white-glove service and a roadmap for the eventual overhaul.
Phase 3Shipped
Chart click-through

By 2025 the architecture had grown: the original drill-down plus Phase 2's custom event and entity charts (shown here). One gap remained: most of it was a dead end. Only the Session Volume Timeline could be clicked into; every other chart left analysts to rebuild the query by hand in search. The V2 release made the whole structure navigable: clicking any chart opened a filtered Event Search in a new tab, with each insight defining which columns the drill-down surfaced. There wasn't much to design here; the interaction reused existing patterns. My role was stewardship, making sure engineering reused the existing chart library and color scales so it stayed visually consistent, and testing in staging before it shipped.

Information architecture — every chart linking out to its relevant search: Session Search, Event Search, and Entity Profile

"[The flow is] cumbersome… Don't always have 45 minutes to analyze something."

Client, during a POC
A chart that shows you something interesting but can't take you there is a promise the product doesn't keep. Not every phase needs a redesign. Sometimes the design contribution is protecting the consistency of the system you already built.
A chart click-through lands in a filtered Event Search, with the chart's filter shown as a pill
Scoping decisions

The most value,
in the shortest window.

At an early-stage startup, delivery is a resource problem before it's a design problem. Every release started as a wishlist, the theme-park version of what Insights could be, and the real work was getting it down to something shippable without losing what actually mattered to customers. Each idea had to clear three filters, in order:

01 · Technical
Can it be built?
On top of what already exists, or does it need infrastructure we don't have yet?
02 · People
Are there hands to build it?
Enough engineering capacity to actually deliver, and what doesn't get built if this does?
03 · Time
Is it worth the window?
How long until a customer feels the value, and is there a faster path to most of it?

What cleared all three was rarely the biggest release — it was the next increment. The phases in this case study weren't a roadmap set in advance; they were these decisions, made one constraint at a time: ship fast, ship often, listen, pivot.

You rarely get to throw the whole pot of pasta at the wall and see what sticks. You pick the strand most likely to land, ship it fast, and let what you learn point to the next one.

Still on the wishlist
User-defined insight groups
Insights generated from saved searches
A chart-library upgrade for more sophisticated analysis and visualization
Impact

Context on
day one.

Before Insights, new users arrived at an empty starting point and had to already know what to search for. After, the product did the work of surfacing what had changed, and the chart click-through phase closed the last gap between seeing something interesting and being able to act on it.

User impact
New users arrive at pre-built insight charts, and a custom dashboard if PS configured one for them
Every chart connects directly to the relevant search experience
Investigation path from Insights → Search fully navigable in one flow
Product impact
PS team can configure per-customer custom charts, codifying institutional knowledge into the product
Designed to reduce dependency on PS for routine "what should I look at" guidance
Reflection

What this project
reinforced.

A chart that can't be clicked is a dead end
The click-through work made something obvious: showing users something interesting and then leaving them there is worse than not showing them at all. Every visual surface that reveals a pattern needs a path to explore it.
Let the product do the work
The goal was never to give users more analytical tools. It was to lift the analytical burden off them entirely, so that arriving at the product without a question was still a productive experience, not a blank page.
Constraints are a design tool
You rarely get to build the whole vision at once, and that's not a compromise, it's the method. The work is picking the increment that delivers the most value in the shortest window, shipping it, and letting what you learn decide what comes next. The phasing here wasn't a fallback plan; it was the strategy.