The Situation

BlueCat had spent a decade establishing itself in enterprise DNS and IP address management. DNS Edge (now rebranded to Edge) was its first move into real-time network threat detection: a new product category that required a fundamentally different kind of UX, and one that had never existed inside the company before.

I was brought in as the first design hire to lead Edge from zero, while simultaneously establishing BlueCat's design function across its existing product suite.

The Problem

Edge had to serve two audiences at once, in two completely different contexts.

Network operations centers (NOCs) run large-format screens that display threat data continuously, visible to everyone in the room, read at a glance, no active interaction required. At the same time, individual analysts needed to move fast: identify suspicious activity in a stream of real-time data, drill down to what mattered, and take action (block, escalate, investigate) before the window closed.

These two needs pulled against each other. Designing for both, in a single interface, was the problem we had to solve.

The Work

Two decisions defined how we resolved the tension.

A large-format map view with floating UI elements made network threats visible at room scale. Threat markers appeared on the map in real time, readable from across a room without any interaction required. It gave NOC teams continuous situational awareness without demanding their active attention.

Command Builder gave individual analysts the speed they needed to act. Modeled on the command-line tools that network security engineers already used fluently, it let analysts drill down to a specific threat and take action in seconds. It met users in their existing mental model rather than asking them to learn a new one.

To get there, we conducted customer visits and calls, including a site visit to the Natural History Museum of New York, observing analysts in their actual operational environment. Understanding how they assessed threats, what information they needed and how fast they needed to move shaped both decisions directly.

We tested both decisions with a pilot release across 4 customer accounts: 15 usability sessions, an average satisfaction score of 4.2 out of 5, and customers actively requesting a broader rollout, and a more feature-rich version of the product. For a company that had established itself as a serious player in network security, DNS Edge signaled something a willingness to move the needle and innovate in its domain, not just defend existing ground.

Beyond the product itself, I managed a third-party vendor team of one UI designer and two UI developers, hired a full-time UX designer, and established the BlueCat Design System, which rolled out across products in the years that followed. I also spent time actively building design culture in an engineering-led organization, giving talks at company events and writing a column called BadUX in the monthly Tech and Product newsletter, because shipping great work and advocating for how it gets done are different jobs, and both needed doing.

This was the second time I'd worked on the problem of making network threat data legible to expert users under pressure; the first was at Blue Coat Systems, where I contributed to a new network visibility product for enterprise security analysts before the company was acquired by Symantec for $4.65B. The map view and Command Builder reflect something I'd been learning across both engagements: expert users in high-stakes environments don't need their complexity simplified; they need it organized. The interface that earns their trust is the one that respects what they already know and gives them what they need to act.

Looking back, what stays with me about this project is the NOC context specifically, designing for a room full of people watching the same screen, and one person who needs to move in seconds. That tension between collective awareness and individual action is one of the more interesting design problems I've worked on.