Designing for Crisis ResPonse
Alert configuration for 100,000+ security analysts monitoring active threats
Role
Senior Product Designer
/
Company
Dataminr
/
Industry
Real-time Security Intelligence
/
Duration
3 Months
/
Year
2022
Overview
(00)
When security analysts monitor critical infrastructure, misconfigured alert monitoring can mean missed warnings. People can get hurt.
Dataminr's configuration tools couldn't be trusted to behave predictably. Individual analysts monitoring a single headquarters couldn't configure alerts for different threat types. Enterprise managers configuring thousands of accounts couldn't verify analysts would receive the right intelligence during crises.
Analysts duplicated assets to hack flexibility, risking coverage gaps during active threats.
Enterprise managers maintained external spreadsheets to track what the interface couldn't show, risking catastrophic misconfigurations deployed to thousands of accounts.
My research revealed all users prioritized predictability over speed or flexibility. When lives are at stake, trust is the design constraint.
Security analysts use Dataminr to monitor for emerging risks. When a threat arises, security teams need to act fast.
A critical missed alert endangered lives and threatened key customer relationships. Rigid radius settings forced all alert types to use the same geographic coverage—creating noise and missed threats.
My research defined the problem: customers assess risk by proximity to assets, not radius circles. This insight shaped product direction during a post-acquisition debate.
My solution delivers critical information when security teams need it most.
Understanding the Problem
(01)
A single radius applied to all alert topics like weather, crime, and infrastructure, caused alert noise and missed threats
A single radius applied to all alert topics like weather, crime, and infrastructure caused alert noise and missed threats
Individual analysts:
Same physical location needed different radius settings for different threats (headquarters: tight radius for crime, wide for weather)
Workaround: Duplicated locations into multiple folders (HQ-Traffic, HQ-Weather, HQ-Crime)
Risk: 50% of locations were duplicates. During an active shooter event or natural disaster, analysts can't afford to sift through hundreds of irrelevant alerts or miss the critical warning because it was filtered out.
Enterprise Managers
Configuring 300-20,000 accounts took 3-4 hours weekly
Couldn't predict how alert rules would filter content
Workaround: 30% maintained external spreadsheets, forced quarterly account resets
Risk: One misconfigured monitoring configuration deployed across thousands of analysts means entire security teams could miss critical warnings during active crises.
Business impact: Contract renewals stalled, competitors highlighted flexible configuration in RFPs
Design Process
(02)
Research revealed a single radius oversimplifies threat assessment—urgency is contextual, driven by asset type, event type, and proximity
I interviewed analysts across tech, shipping, and sporting event industries to understand their Critical Event Management strategies. All emphasized that limited radius options were the primary cause of alerting noise.
Acquisition Integration
Mid-project, Dataminr acquired a third party mapping platform. Their product lead argued we adopt an event-centric radius, since that was validated with banking users.
My response:
Presented to Director of Product with research evidence and engineering spike showing 18-24 months of migration with no clear benefit. Leadership agreed to build on our existing paradigm.
Solution
(04)
Analysts configure alerts the way they think about threats, not the way the system was built
Per-list customization for specific event types
Per-list customization for specific event types
Expanded from cramped modal to full-screen design based on user feedback
Smart defaults: step one filters step two, changes save automatically
Advanced settings accessible for power users, optional for standard workflows
85% of analysts rely on the recommended values, while power users can access advanced controls when needed.
Expanded configuration to a full screen design based on user feedback
Smart defaults: The system surfaces recommended topics for the selected assets.
Advanced settings for power users, optional for standard workflows
85% of analysts rely on the recommended values, while power users access advanced controls when needed.
Defaults set during onboarding using industry and monitoring needs
Defaults set during onboarding using industry and monitoring needs
Default radius values defined during customer onboarding are the foundation to improved alerting scope.
Default settings address the company monitoring needs, opening the door to a scalable settings solution.
The system monitors radius changes across alert lists to train recommendation models.
Impact & Outcomes
(05)
I designed a solution that provides quick setup and customization to address risk assessment needs and varying experience levels.
250K+ security analysts gained contextual alert configuration
Initiated alerts-vs-rejected-signals analysis with data team—support tickets decreased, user feedback improved
Initiated alerts-vs-rejected-signals analysis with data team: support tickets decreased, user feedback improved
Key at-risk customers renewed after launch
Avoided 18-24 month migration and disruption to existing configurations by building the case against the acquired paradigm
Advocated for platform-wide adoption—product team applied contextual settings framework to wind speeds, water levels, earthquake magnitudes
Advocated for platform-wide adoption: product team applied contextual settings framework to wind speeds, water levels, earthquake magnitudes
more Projects.
© patrick cartelli
Designing for Crisis ResPonse
Alert configuration for 100,000+ security analysts monitoring active threats
Role
Senior Product Designer
/
Company
Dataminr
/
Industry
Real-time Security Intelligence
/
Duration
3 Months
/
Year
2022
Designing for Crisis ResPonse
Alert configuration for 100,000+ security analysts monitoring active threats
Role
Senior Product Designer
/
Company
Dataminr
/
Industry
Real-time Security Intelligence
/
Duration
3 Months
/
Year
2022
Precision Alert Monitoring
How Smart Defaults Reduced Alert Noise by 20%
Role
Product Design
/
Company
Dataminr
/
Industry
Real-time Security Intelligence
/
Duration
3 Months
/
Year
2022
Precision Alert Monitoring
How Smart Defaults Reduced Alert Noise by 20%
Role
Product Design
Company
Dataminr
Industry
Real-time Security Intelligence
Duration
3 Months
Year
2022
Overview
(00)
Security analysts use Dataminr to monitor for emerging risks. When a threat arises, security teams need to act fast.
A critical missed alert endangered lives and threatened key customer relationships. Rigid radius settings forced all alert types to use the same geographic coverage—creating noise and missed threats.
My research defined the problem: customers assess risk by proximity to assets, not radius circles. This insight shaped product direction during a post-acquisition debate.
My solution delivers critical information when security teams need it most.
Understanding the Problem
(01)
Too wide = overwhelming noise. Too narrow = missed threats.
Customers duplicated location groups as workarounds
Result: Critical missed alert, churn threats from key accounts
A single radius applied to all alert topics like weather, crime, and infrastructure, caused alert noise and missed threats
Design Process
(02)
Research revealed a single radius oversimplifies threat assessment—urgency is contextual, driven by asset type, event type, and proximity
I interviewed analysts across tech, shipping, and sporting event industries to understand their Critical Event Management strategies. All emphasized that limited radius options were the primary cause of alerting noise.
Acquisition Integration
Mid-project, Dataminr acquired a third party mapping platform. Their product lead argued we adopt an event-centric radius, since that was validated with banking users.
My response:
Presented to Director of Product with research evidence and engineering spike showing 18-24 months of migration with no clear benefit. Leadership agreed to build on our existing paradigm.
Solution
(04)
Per-list customization for specific event types
Expanded from cramped modal to full-screen design based on user feedback
Smart defaults: step one filters step two, changes save automatically
Advanced settings accessible for power users, optional for standard workflows
85% of analysts rely on the recommended values, while power users can access advanced controls when needed.
Defaults set during onboarding using industry and monitoring needs
Default radius values defined during customer onboarding are the foundation to improved alerting scope.
Default settings address the company monitoring needs, opening the door to a scalable settings solution.
The system monitors radius changes across alert lists to train recommendation models.
Analysts configure alerts the way they think about threats—not the way the system was built
Impact & Outcomes
(05)
I designed a solution that provides quick setup and customization to address risk assessment needs and varying experience levels.
250K+ security analysts gained contextual alert configuration
Initiated alerts-vs-rejected-signals analysis with data team—support tickets decreased, user feedback improved
Key at-risk customers renewed after launch
Avoided 18-24 month migration and disruption to existing configurations by building the case against the acquired paradigm
Advocated for platform-wide adoption—product team applied contextual settings framework to wind speeds, water levels, earthquake magnitudes
more Projects.
© patrick cartelli
Overview
(00)
Security analysts use Dataminr to monitor for emerging risks. When a threat arises, security teams need to act fast.
A critical missed alert endangered lives and threatened key customer relationships. Rigid radius settings forced all alert types to use the same geographic coverage—creating noise and missed threats.
My research defined the problem: customers assess risk by proximity to assets, not radius circles. This insight shaped product direction during a post-acquisition debate.
My solution delivers critical information when security teams need it most.
Understanding the Problem
(01)
A single radius applied to all alert topics like weather, crime, and infrastructure caused alert noise and missed threats
Too wide = overwhelming noise. Too narrow = missed threats.
Customers duplicated location groups as workarounds
Result: Critical missed alert, churn threats from key accounts
Design Process
(02)
Research revealed a single radius oversimplifies threat assessment—urgency is contextual, driven by asset type, event type, and proximity
I interviewed analysts across tech, shipping, and sporting event industries to understand their Critical Event Management strategies. All emphasized that limited radius options were the primary cause of alerting noise.
Acquisition Integration
Mid-project, Dataminr acquired a third party mapping platform. Their product lead argued we adopt an event-centric radius, since that was validated with banking users.
My response:
Presented to Director of Product with research evidence and engineering spike showing 18-24 months of migration with no clear benefit. Leadership agreed to build on our existing paradigm.
Solution
(04)
Per-list customization for specific event types
Expanded from cramped modal to full-screen design based on user feedback
Smart defaults: step one filters step two, changes save automatically
Advanced settings accessible for power users, optional for standard workflows
85% of analysts rely on the recommended values, while power users can access advanced controls when needed.
Defaults set during onboarding using industry and monitoring needs
Default radius values defined during customer onboarding are the foundation to improved alerting scope.
Default settings address the company monitoring needs, opening the door to a scalable settings solution.
The system monitors radius changes across alert lists to train recommendation models.
Analysts configure alerts the way they think about threats—not the way the system was built
Impact & Outcomes
(05)
I designed a solution that provides quick setup and customization to address risk assessment needs and varying experience levels.
250K+ security analysts gained contextual alert configuration
Initiated alerts-vs-rejected-signals analysis with data team—support tickets decreased, user feedback improved
Key at-risk customers renewed after launch
Avoided 18-24 month migration and disruption to existing configurations by building the case against the acquired paradigm
Advocated for platform-wide adoption—product team applied contextual settings framework to wind speeds, water levels, earthquake magnitudes