SOC.OS Cyber Security Acquired by Sophos - Learn More
SOC.OS Cyber Security Acquired by Sophos - Learn More

Why human-centred design is central to the success of SOC.OS

AUGUST 24, 2021


SOC.OS was born out of the Futures team at BAE Systems Applied Intelligence. Our mission: to make life easier for SOC and security analyst teams in mid-sized organisations who are overwhelmed with threat alerts in their day-to-day roles.

It goes without saying that a major part of this effort revolves around making these teams more comfortable and productive in front of their screens—which is why we built the product from the ground-up with human-centred design principles in mind.

Starting out

When we started out as part of BAE Systems, the attitude to product development was different. They were approaching the problem from a logical, technology perspective—“this is how it should work.” But that didn’t take into account the human side of tech, and the psychology behind our interactions with technology.

The way humans do things sometimes isn’t logical. So we wanted to involve the user a lot more in the design process. Before we even put pen to paper, we were sitting with test users simply to understand the way they used technology, the problems they had, and how we could better accelerate their workflow. The result is that we have the user at the centre of every single feature of SOC.OS.

Making things flow

SOC.OS acts like an extra analyst on your team, collecting data from across all of your security products, contextualising it and then presenting prioritised alerts in clusters. Given that one of its USPs is the ability to make your SOC teams more productive and effective, the UI is an essential component. It’s all about presenting that prioritised information for further investigation and reporting in a highly intuitive manner.

There were a few key things we paid attention to in developing the product from a human-centred design perspective:

Colour palette: We discovered that our users are typically working on multiple screens in artificially lit offices for long periods of time, and suffer with eye fatigue (constricted pupil) as a result. To reduce stress on each of the three cones in the eye we adopted an accessible dark theme palette. This also reduces the brightness of the interface so that the user’s pupil is less constricted, and more commonly it allows the interface to fade into the background and let the data and visualisation pop.

Intuitive out of-the-box: Some vendors almost expect users to read the manual before being let loose on their products. Of course, modern corporate IT users—especially those working in cybersecurity—don’t have time for this. So we focused on making the whole experience as intuitive as possible—handholding the user where necessary to mitigate the need for them to go to the help centre. It’s just little things, like labelling icons. They add a visual anchor to find something and provide richer information scents if combined with meaningful language that matches the users goals. You can’t have your users wasting time figuring out what they mean, as that will defeat the point.

Recognition over recall: This is key to reducing the mental resources of our users. Implementing designs that allow our users to focus on the task they are completing rather than having to spend mental resources remembering what a button does enables us to make the whole workflow more efficient.

Information hierarchy: This saves mental resources. It also directs the user to what they should be focusing on in the interface and provides a visual order for information consumption, mitigating the need to look at every single item on the screen to find what they need to complete a task. In short, we try to ensure the most important things are also the most noticeable in the UI.

SOC.OS is already supporting security analysts and their organisations across the country. Take a look at SOC.OS for yourself and see what you think. To find out more…

About the author


For more information about SOC.OS, contact