KeelHub | KeelWorks

Creating a Security Bulwark for 400+ employees against digital threats.

Role

Research, Product Strategy, UI/UX Design, Visual Design, Interaction Design

Timeline

Sept 2024 - Oct 2024

Masthead image of KeelHub RBAC pages

Challenge

400+ Nonprofit employees are at risk of cyberattacks due to inadequate user authentication and access management. I initiated an over haul of the designs aimed at removing the danger posed by the previous designs.

Outcome

My solution delivered:

80% decrease in user error rates

85% reduction in phishing incidents

90% drop in unauthorized access attempts

100% elimination of admin-related incidents

The Approach

  • Security-First Design

    Grounded designs in real security logic, not just design thinking, ensuring both technical robustness and seamless user experience.

  • Cross-Team Alignment

    Partnered with cybersecurity engineers throughout the design process and used visual communication to validate technical feasibility, catch issues early, and secure stakeholder buy-in.

  • Streamlined Security Experience

    Redesigned authentication flows and implemented role-based access controls to minimize security risks around employee personal information.

image of UI

Security-First Design

I conducted extensive research into secure authentication practices, diving deep into industry standards. This foundation ensured my proposed solutions would be both robust and feasible. Some serious limitations shaped what was possible though:

  • Zero budget for SMS/email services

    Users couldn't receive secure verification codes or links via paid services, they needed to manage their own verification methods.

  • Global, varied user base

    Designs had to be intuitive for users in different regions and tech skill levels.

  • Stringent privacy requirements

    Privacy regulations required careful handling of all sensitive user data.

  • Compressed timeline with no user testing

    Relied on dev insights, visual heuristics, and security standards without testing with users.

SolutionCriteria ScoreKey Comments
SMS Verification40%High cost, not feasible globally without SMS service budget.
Email Verification52%Better global support than SMS, but still costly due to service needs.
Authenticator Apps88%Free, private, secure; ideal balance for global and budget constraints.
Hardware Keys52%Most secure, but too new and not backwards-compatible for users without smartphones.

Cross-Team Alignment

Worked closely with cybersecurity engineers from day one to make sure designs were both user-friendly and secure. Used mockups, diagrams, and prototypes to help everyone understand the technical requirements and get buy-in faster. Some key collabration strageries I used:

  • Embedded Security Reviews

    Integrated cybersecurity engineers into flow mapping and user journey sessions to identify vulnerabilities before designing.

  • Visual Communication & Early Validation

    Used mockups and diagrams to help stakeholders understand security requirements and demonstrate compliance upfront, accelerating approval and reducing costly late-stage revisions

Receive an Invite
Google OAuth Login
Verify Email
Set Up 2FA
Successfully Signed Up
A simplified version of a flow shown to stakeholders

Signup

I designed a login system that balanced security with ease of use. Google OAuth let users sign in instantly with their required Google Workspace emails. For added protection, I integrated two-factor authentication through authenticator apps, creating a solid defense against unauthorized access.

image of UI
Before | Users could choose their own role and permissions, creating opportunities for misuse.
image of UI
After | Users could Login with Google and choose their own 2FA authenticator

Streamlined Security Experience

Beyond improving security of the sign up and login, I introduced role-based access control to minimize exposure of sensitive employee data, ensuring users only see what they actually need for their job.

After researching permission systems and consulting with our security team, I proposed including a role-based access control (RBAC) system. This would provide robust protections for personal data while streamlining the admin experience.

Originally, designs included extensive customization capabilities, but stakeholder feedback revealed the need to prioritize speed-to-market, leading to a more streamlined, static approach that maintained core security benefits while reducing development complexity

Image of the old navigation in KeelHub
Final Design | Simplified permission structure with Role Levels
Image of the new navigation in KeelHub
Initial Design | Comprehensive RBAC system with granular permissions and custom role creation

I moved RBAC links into the navigation, rendered with conditional logic to ensure only authorized users can access them. If users tried to the pages directly through a URL, they would be redirected home

Image of the old navigation in KeelHub
Before | No dedicated space for RBAC features
Image of the new navigation in KeelHub
After | New navigation sections for role management

Here is What I learned

  • #1

    Start with Devs

    Partnering with developers early taught me the importance of aligning technical feasibility with design goals, which strengthened both the designs and stakeholder buy-in. Through this collaboration, I deepened my understanding of cybersecurity principles and how they directly impact user safety.

  • #2

    Design for Change

    Working on an MVP with ever-changing requirements taught me how to effectively prioritize features while aligning with stakeholder goals. I gained valuable experience in adapting to shifting needs by collaborating closely with cross-functional teams and refining my communication and decision-making skills.

  • #3

    Center the User, Even Without Them

    Even without direct testing, I used informal SME interviews, past research, and universal design principles to keep user needs front and center.

Take a look at some other work?