Automatic Vendor Detection
Continuously monitor the cyber hygiene of an organization’s entire digital supply chain with the industry's most complete and automated view of 3rd and 4th party vendor risk.
My Role
Senior Product Design Lead
As Senior Product Design Lead I ensured a full understanding of the customer problem and its potential consequences, creating a narrative on why and how customers would engage with a vendor detection product.
Conceptual design, partnership with user research and formal presentation to executive and senior leadership are key points of my ownership across the product team.
Customer
Vendor Risk Managers
Area of business
Vendor Risk Management
The team
Product Owner
User Researcher
Engineers
BACKGROUND
It's a time consuming process making the unknown, known.
The customer problem: Vendor Risk Managers are overwhelmed by not knowing where their organization's real risks are to their entire vendor ecosystem, their 3rd and 4th party vendors.
-
Time consuming to reach out to vendors asking if they use a product/service or validating the usage.
-
Not knowing if you have vendors that are a risk to your organization.
The opportunity
Outside-in scanning from an organization's internet facing infrastructure allowed for the ability to identify the connections between an organization and its vendors (3rd party), and its vendor’s vendors (4th party).
​
Using this data to address the customer problem, I lead the design of a new VRM product: a centralized experience which captures an organization's 3rd and 4th party vendor connections, provides valuable insight for customers into their level of supply chain risk across their vendor ecosystem.
​
“As a user, show my F-grade vendors and how they connect to me through my direct vendors, so that I can then manage my direct vendors to address the problem of indirect vendors that could cause me increased risk.”
A data visualization offered flexible and impactful ways for displaying different views of vendor connections. This is an early sketch illustrating this concept.
DESIGN EXPLORATION
The driver of this VRM experience is data visualization acting as a filter, which allows for customers to narrow down their 3rd or 4th party connections, complimented by a data table that would display the list of vendors based on the filters selected.
A variety of data visualization concepts were thought through and designed to ensure that, when user research began, our customers would have an abundance of options to examine and compare.
This would also help effectively measure the level of confidence I had in the option selected.
​
The following are examples of just a few of the concepts created:
Example concept 1.
Example concept 2.
Example concept 3 with visual design.
Example concept 4 with visual design.
The winner!
FINAL UI
The data visualization illustrates 3rd and 4th party by SecurityScorecard grade, while concurrently acting as a filter allowing customers to quickly reduce their view down to what is most important to their needs.
Customer action includes:
Identify
Find unknown vendors and/or products used and validate their existence.
Classify and Assess
Prioritize which vendors to address first. For example, based on security grade.
Collaborate
Manage and remediate fourth party risk through collaboration with third party vendors.
3rd party connections display the number of 3rd party vendors a 4th party shares with an organization. The example screen displays the company Akamai sharing 24 3rd party vendors with their 4th party Oracle.
The benefits of Automatic Vendor Detection:
-
VRM managers stay informed which in turn would make them look better within their organization.
-
Save costs by preventing and staying ahead of potential catastrophic events or fines for not reporting an event.
-
Stay compliant.
-
​Time to report. With a quick turnaround time VRM managers reduce the amount of time threat actors have to conduct more malicious activities. This lessons the window of opportunity.
BUSINESS OUTCOMES
$10+MM
in pipeline (as of 10/2023)
3+MM
in ARR (as of 10/2023)
