runZero

Exposure Management Platform

As the sole and head product designer, I led the platform through its entire evolution from Asset Management, to CAASM, and finally to Exposure Management. I crafted our design system from scratch, architecting a robust design token system to handle the complex data and scaling needs. I owned the entire process across the whole application, from discovery and information architecture, to visual design. Because I understand frontend technicalities like an engineer, I helped shipped code directly to production and cut our handoff time by 30%.

Years
2021–Present
Role
Head Product Designer
Scope
Product Strategy, UI/UX/IxD, Prototyping, Design system
Platform dashboard01 · Platform dashboard
The space

Cybersecurity is a uniquely unforgiving design domain. The users, including security engineers, analysts, and pentesters, are deeply technical and have zero tolerance for abstraction that gets in their way. Every workflow, every data model, and every interaction has to reflect how they actually think about risk, not how a product team imagines they do. You can't fake it. You have to learn the domain.

The journey

When I joined, runZero was a network scanner that was powerful, narrow, and beloved by ops teams. Over five years it shifted, first to a full asset management platform, then to CAASM as the category emerged, and finally to Exposure Management as the market matured. Each shift wasn't just a rebrand. It meant new information architectures, new mental models, and new user workflows, all while moving fast without breaking the trust of our existing and new user base.

02 · Asset inventory02 · Asset inventory

Research that went deep

Every major product shift started with actual research, talking to security engineers, reviewing user sessions, and mapping out real workflows. The domain is too technical to rely on assumptions. I built our research practice from scratch, setting up weekly usability testing, paired sessions with engineering, and feedback loops that kept our product decisions grounded in how practitioners actually work.

Information architecture from scratch

Three product pivots meant three complete information architecture restructures. Each one required rethinking how users navigate between asset context, risk data, and remediation workflows, without losing the mental models they had already built. I led every IA decision, using card sorts, tree testing, and prototype validation, while handling the hard conversations about what had to change versus what had to stay.

Research practice03 · Research practice
IA system04 · IA system
The system underneath

While the product was shifting at the surface, the foundation was falling apart. The whole application had no shared design language, no token system, and design and engineering operating on completely different assumptions. I rebuilt it from the ground up, creating a three-tier semantic token system that gave design and code a shared vocabulary. I built 3 themes with WCAG 2.1 AA compliance baked in from day one, not retrofitted after the fact. The new system made every future shift faster.

A token system built to scale

With multiple themes to support, hardcoded values just weren't going to scale. I built a three-tier token system, mapping primitives to semantic aliases, and down to component-scoped variables. This gave design and engineering a shared language that made updating components painless and kept our dark and light themes consistent by default.

Component library at production quality

Every component was built to work properly, not just look good. I made sure interaction states, WCAG 2.1 AA contrast, keyboard navigation, and dark mode support were baked in from day one. The library became the single source of truth for both Figma and Vue, which cut our engineering handoff time by 30% and stopped design debt from building up.

Design tokens05 · Design tokens
Component library06 · Component library

Outcome

−30%
Developer handoff time
−20%
Attack surface audit time
100%
Visual consistency
WCAG AA
Across the whole application