Industry
Cybersecurity / Enterprise
Client
AT&T Cybersecurity
Designing for Multi-Tenant Security Operations
Overview
"Tarica's knowledge of design thinking sets her apart from less experienced designers; while her clear presentation of reasoning inspires teammates and elevates those around her.”
— Matthew Oddo, Head of Design, AT&T
My Role
How might we design a unified system that allows analysts to manage complex, multi-tenant environments while making critical information clear and actionable for users at different levels of expertise?
The Problem
Security analysts operate in a high-pressure environment, often handling between 900 and 2000 alarms per shift across multiple customer accounts. These workflows are non-linear and require constant movement between investigation, filtering, escalation, and resolution. The existing system fragmented this process across multiple tools, logins, and views, creating friction and increasing the risk of missed signals. At the same time, the platform needed to support multiple user types, from highly technical SOC analysts to non-technical stakeholders, including customers and support teams. Each requiring different levels of access and visibility. This introduced an additional challenge: designing a system that could scale across expertise levels, presenting the same underlying data in ways that were both actionable for analysts and accessible to non-experts.
Key Constraints
Approach
I began with a comprehensive audit of the existing platform, identifying redundancies in navigation, filtering, and system structure. This revealed that much of the friction came not from the data itself, but from how it was organized and accessed. From there, I restructured the information architecture to support multi-tenant workflows under a single system. Instead of organizing around legacy structures, the experience was aligned to key workflows and information types, such as environment and threat source, making it easier for analysts to move between accounts and investigations without losing context. In parallel, I focused on how to present complex security information to non-technical users without overwhelming them. This involved prioritizing key signals, simplifying language, and designing role-based dashboards that surfaced only the most relevant information for each audience. Instead of exposing raw data, the experience emphasized clarity — helping users quickly understand what was happening, what required attention, and how to interpret system activity without needing deep domain expertise. To support scale, I introduced interaction patterns that allowed actions to be applied across multiple accounts at once. One of the most impactful features was the ability to bulk apply rules across hundreds of customer environments, significantly improving efficiency and reducing the risk of user error. Throughout the process, I used a mix of rapid, low-fidelity, and high-fidelity prototypes and detailed interaction documentation to communicate system behavior clearly to engineering, ensuring that complex workflows could be implemented accurately.
The Outcome
The redesigned platform provided a unified system where analysts could manage multiple customer environments from a single login, reducing the need for context switching and improving overall workflow efficiency. The introduction of role-based dashboards made it easier for non-technical users to understand system activity at a glance, improving accessibility while maintaining depth for expert users. This created a more inclusive system that supported both detailed investigation and high-level awareness across different audiences.
