I revamped the Cybersecurity Assessment module by scaling it to multiple frameworks (NIST, CRI, FFIEC, ACET, InTREx), improving information architecture, and introducing a freemium model with premium features like insight visualization and lifecycle problem tracking—boosting adoption and driving an 11% freemium-to-paid conversion uplift.
Impact
95% task success rate.
17% increase of overall NPS score.
11% freemium-to-paid conversion uplift.
Role
UI UX Designer - Interaction design, User flow, Information Architecture
Stakeholder
Developers, Project Owner, and Content and Security consultants.
Timeline
Sept 2024 to April 2024
Background
What is a cybersecurity assessment?
A cybersecurity assessment is a structured self-evaluation that organizations use to measure how secure they are. It asks questions about controls, processes, and preparedness, then scores the organization’s maturity.
For banks and credit unions, passing these assessments isn’t optional — regulators require them, and results influence trust with auditors, partners, and customers.
Context
Regulatory Shift: FFIEC Sunset
In 2023, the FFIEC cybersecurity self-assessment — widely adopted by U.S. financial institutions — was claimed its sunset at 2024 august. This regulatory shift left thousands of organizations in urgent need of alternatives.
FFIEC Alternatives
Problem
Compliance managers found the assessment module hard to use, unclear to interpret, and lacking guidance on alternatives — leaving them unprepared for FFIEC’s retirement.
Goal
Provide a scalable multi-framework solution
Support 5 frameworks (NIST, CRI, ACET, InTREx, as FFIEC replacement) in one consistent, user-friendly module design that could grow with future regulatory changes.
Introduce a freemium growth strategy
Lower adoption barriers with a free tier while implementing premium, high-value features that users are willing to pay for — driving both retention of current customers and acquisition of new ones.
Solution-scalable
Scalable Assessment Management
Restructured the system to support multiple assessment types (like NIST CSF, InTREx, CRI), making it easy for users to start, resume, and manage all assessments in one place—without confusion.
Solution-scalable
Clearer and scalable Question page
Redesigned the question experience to reduce overwhelm, adaptive to multiple framework, and delivers future-proof value.
Solution-freemium growth
Clearer Insight and Interpretation
Implement risk mitigation standard and a variety of data visualization diagram so user can easily gain perspective into their assessment results by comparing their goals and spot key gaps.
Solution-freemium growth
Full-life cycle problem tracking
Designed a post-assessment problem-tracking module that keeps remediation in the same platform all year, then seamlessly rolls progress into the next year’s assessment—driving follow-through, loyalty, and retention.
95%
Task Success Rate
11%
Increase Premium Upgrad
17%
Increase NPS Score
Takeaway
I gained valuable experience in collaborating with cross-functional teams and adapting to feedback, which helped refine the design and ensure the successful delivery of the project.
I learned to prioritize user needs in every design decision, ensuring that the final product effectively balances user demands with business goals for a more user-centric experience.
