The Challenge: Users faced an overwhelming, undifferentiated list of 20+ security actions with no clear prioritization or starting point.

The Approach: Stakeholders initially suggested grouping tasks as "critical" vs "proactive." After auditing the actions, I found this wouldn't work—only a handful qualified as proactive, while most would be labeled critical, which wouldn't reduce overwhelm.

I consulted with a data scientist to understand how the algorithm worked:

• It identifies which breaches exposed the user
• Determines which personal information was exposed
• Maps exposures to specific identity crime risks (top risks)
• Prescribes actions to prevent those crimes
• Assigns an ID Safety Score based on composite risk

Since actions were already tied to specific top risks in the algorithm, I could organize them by risk category—giving users a conceptual framework rather than an arbitrary list.

The Solution: I grouped actions by risk type (Credit Card Fraud, Tax Fraud, Account Takeover, etc.) and provided context about each risk before showing recommended actions. This transformed an overwhelming list into a structured, understandable system.

The Challenge: Actions appeared without explanation of why users were at risk or how actions related to their specific threats.

The Approach: I needed to ensure the Action Plan was positioned alongside the context users needed to understand their risks—the ID Safety Score and exposure history. The question was how to structure this information so users could easily move between understanding their risk and taking action.

The Solution: I placed the Action Plan on the same page as the ID Safety Score and exposure data, allowing users to reference their risk level and breach history while reviewing recommended actions. Within each risk category, I provided risk descriptions and explanations of which exposed credentials created vulnerability.

"Am I at risk? How do you know? What should I do?" I structured each risk section to answer these questions in sequence—showing the score, exposure history, risk explanation, and then the action checklist all in one view.

This keeps critical context accessible while users review actions, making recommendations feel personally relevant rather than generic.

Why this mattered: This addressed the low motivation barrier by keeping threat relevance clear. Users could verify why they were at risk while reviewing actions.

The Challenge: Users needed to understand which risks were most urgent so they could prioritize their efforts.

The Approach: I explored multiple ways to communicate risk severity:

• Number of exposed data points (quantifiable but not intuitive)
• Visual progress bars showing risk percentage
• Color-coded severity labels (severe/moderate/low likelihood)

Through rapid iteration, I tested different visual treatments to find what was most clear and motivating.

Solution: I communicated risk in terms of ID Safety Score impact—showing users how many points each risk represented and how completing actions would improve their score. This made risk measurable, transparent, and directly tied to a metric users could improve.

The Challenge: Users needed to complete multiple tasks across different risk categories. How could we make this feel like a guided flow rather than isolated chores?

The Approach: I explored interaction patterns for:

• Task navigation (next/previous vs menu vs modal)
• Completion feedback (what happens when user marks a task complete?)
• Progress celebration (what happens when checklist is finished?)

The Solution: I designed a streamlined workflow where:

• Users can navigate tasks sequentially or jump to specific ones
• Completing a task shows immediate feedback and score impact
• Finishing a checklist provides celebration and shows updated risk status
• Users maintain flexibility in task order rather than forced linear progression

Tested two concepts:

Option A: Carousel-based grouping with top risks featured
Option B: Long scrolling list with no grouping but detailed score UI

Key findings:

• Testers preferred top-risk grouping (Option A) but found carousels clunky and obscured tasks
• Testers preferred more detailed score UI (Option B)
• Testers wanted autonomy in selecting actions rather than sequential navigation (Option B)
• No significant usability issues with either approach

Synthesis: I combined the risk-based grouping structure from Option A with the accordion interaction pattern and detailed scoring from Option B, creating a hybrid solution that addressed user preferences from both concepts.