AutoDesigner

AutoDesigner (part of DevSecOps) is an AI-powered tool, automatically generates detailed Threat Analysis & Risk Assessment reports to secure vehicles and ECUs while ensuring regulatory compliance.

My Role: UX Lead for a newly built cybersecurity product, responsible for end-to-end design from concept to launch.

PROBLEM

Security and safety teams struggled with scattered, disconnected data — from damage scenarios to attack paths - managed across spreadsheets, cloud tools, and manual workflows.

System diagrams and asset identification (DFD) were created by hand or using drawing apps, making the process slow and inconsistent.
Reviewing threats and risks often led to context switching and errors.
Complying with regulations like ISO/SAE 21434 added even more complexity and overhead.

TEAM

Product Managers, Cybersecurity Engineers, Developers and Myself.

PROCESS

We kicked off with discovery day where we conducted user observations and interview sessions with current users - cybersecurity engineers to deeply understand their workflows, pain points, and what was missing. Few insights stood out:

“I’d like to see all TARA data in one place.”

“I need to see the connection between threats, assets, and damages without jumping between tabs.”

“I want to edit everything quickly and easily.”

"I'd like to manage versions history"

After understanding user needs, we defined the key actions users should be able to perform and set clear goals for the MVP.
We mapped the core user journeys based on the features we planned to develop — starting with the TARA flow (our highest priority), followed by the DFD and its editing capabilities.

I created early prototypes for each section and tested them with real users to observe behavior and gather feedback. Their input directly shaped the product and validated key design decisions.

SOLUTION
From Excel to automated TARA

The system enables users to either upload an architecture image or create one manually on a canvas.
It automatically generates a Data Flow Diagram (DFD), identifies relevant assets, and builds a pre-filled TARA report.

The entire flow - from system design to risk analysis - is editable, guided, and aligned with ISO/SAE 21434.
At the end, users can export a full Cybersecurity Concept Report, reducing time, effort, and improving assessment quality.

IMPACT & LEARNINGS

We launched an early trial version before the product was fully ready - and got honest feedback from potential customers that the product felt "too immature".
This was a critical turning point.

As a result, we organized a full-day quality sprint with R&D, QA and Cyber teams, and uncovered over 50 usability and stability issues.
We also shifted from monthly releases to a bi-weekly deployment cadence - dramatically improving product maturity.

Once the product was more complete and stable, we signed key design partners like SureSoft, Tier IV, and Aurora.
Today, the platform is used by dozens of active users across multiple organizations.