CASE STUDY
Network Intelligence: Visualizing Bad Actor Patterns
OpSec’s Network Intelligence module was developed to enhance analysts' ability to link bad actors using graph database visualization. The tool enables the identification of patterns across multiple data sources, merging enforcement data with security indicators. This new approach improves predictive capabilities by surfacing previously unseen behaviors. With two product tiers, the tool provides initial visualization of enforcement data and more advanced features like Threat Level Analysis (TLA) and Pattern Recognition (PR) for deeper insights. By combining visual clustering with data analytics, OpSec gives analysts a powerful tool to proactively address threats.
Client: OpSec
Position: Dir. od UX
Duration: 6 Months
Problem:
OpSec needed to visualize global enforcement patterns and merge them with other data feeds. A key challenge was enabling analysts to identify and predict patterns of bad actors through a unified user experience (UX). Current software lacked the ability to predict infringements or surface unknown patterns.
Solution:
The discovery phase introduced tools like ArangoDB and Neo4j to digest historical enforcement data and visualize it through clustering technology. Analysts could now link bad actors across global marketplaces, identifying connections through shared data like IP addresses or telephone numbers. The system evolved to include Threat Level Analysis (TLA) and Pattern Recognition (PR) scores, which enhanced analysts' ability to spot potential threats and make data-backed decisions.
Proto Persona:
A new proto-persona emerged: the senior analyst, who acts as both a detective and reporting specialist. These analysts utilize clustering views to track global patterns and report findings, enabling data-driven decision-making across law enforcement and brand protection.
To gain stakeholder buy-in for the MVP, I created hand-drawn sketches based on critical findings from persona interviews. These drawings illustrated how analysts could interact with clustered data, linking patterns across global markets. The visual representations helped leadership understand the power of pattern recognition and the potential for predictive enforcement. These sketches effectively communicated the product's value, convincing stakeholders that developing the idea into an MVP could significantly improve analyst efficiency and customer satisfaction, ultimately securing approval for the project.
Tiered Product Offering:
The solution introduced a two-tiered system. The first tier allowed customers to view and interpret existing data clusters. The second tier, behind a paywall, offered advanced features such as TLA and PR scoring, allowing analysts to dive deeper into predictive enforcement.
Results:
The ability to visualize clustering patterns gave analysts actionable insights into bad actor behavior, improving both internal efficiency and customer advisory capabilities. The system's predictive capabilities also opened doors for future innovation, such as monitoring potential bad actors before infringement occurs. This proactive approach helped OpSec stay ahead in the ever-evolving landscape of IT security.
Image: Old system shown below
Building the MVP was a significant leap, driven by the realization that analysts needed a way to visualize connections between bad actors in real-time. By bridging historical enforcement data with real-time clustering, we empowered analysts to make quicker, more informed decisions.
This visual-first approach, paired with advanced data feeds, offered actionable insights beyond traditional data tables, reinforcing the product’s value proposition and helping secure long-term client trust and engagement.
