Type: Professional Project at KPMG
Team size: We started with a team of 3 and grew to 12 members 
Timeframe: May. 2017 – Feb. 2020 (~3 years)
My role: Product Design and Development
Awards: Solution of the year 2018&2019, KPMG India
(Awarded by the CEO for excellence in innovation)
Super Team, 2019
(Awarded to our team by the CEO for
team spirit and contribution to business growth) 

The problem

There are threats to organizations and individuals outside of their perimeter of control – the internet. Our clients grappled with problems like data and security breaches, GDPR compliance issues, negative sentiments on social media, phishing campaigns, fake websites and affiliations and threats to reputation to name a few. It was not only difficult, but also expensive for clients to manage these external risks that are of high volume and frequency. They required expertise, infrastructure and large man power to tame them.

The solution

KPMG Digital Signals Insights Platform, an intelligent solution which helps scan a organization’s digital footprint, assess, and identify cyber, social or third-party risks. We bootstrapped and launched an application where we can feed in details about the client, based on which bots crawl the internet gathering publicly available information about the client’s digital assets, affiliations, mentions etc. and form a digital footprint. Our analytics engine then processes and correlates all this information to identify potential threats. This information is then presented on a interactive dashboard that the clients can access on the web application or a report that they can download.

The impact

For Clients 
More than 20 clients (as of 2019) in industries spanning Ecommerce, Automobile, Telecom, IT/ITes, Banking, FMCG are using the platform to protect their digital assets and reputation online. Our biggest use case was helping one of India’s largest Ecommerce company to protect their customers from impostor websites that trick customers and re-direct them to make payments on these fake websites during a large festive sale. The platform was able to detect over 60 such sites and the client was able to take them down.  

For KPMG
We were not only able to expand business and bring additional revenue to the firm, but also drove innovation-centric culture in a service based company. It was used as a model of success, paving the way for more products and assets to be developed within the firm. 
The platform continues to grow in features and client base. 

My role

DSIP was one of those rare and unique opportunities where I stretched beyond my comfort zone and wore multiple hats. I helped design and develop a product from ideation to a fully functional product launched and sold to clients globally.
I got to explore and contribute to the realms of design, product, and engineering and everything in between:

Product Design: Led and managed end-to-end design and development of the Cyber-Insights module. I grew it to the most-subscribed module of the platform.

User Experience Design: Designed the information architecture for the Cyber-Insights module, right from how the client sees it at their end to how it is stored in the database. I designed interactive dashboards and detailed reports. I also was responsible for creating a quick and straightforward client onboarding experience.

Engineering: I modeled and implemented the Cyber Risk Score, providing real-time tracking for mitigation efforts. Was involved in scaling the platform’s data pipeline to a fully automated, multi-core, multi-process, configurable architecture. This reduced reporting ETA by ~12 hours. I wrote crawlers that used APIs and web scraping and designed the database schema to store the results.

Business Development: I was actively involved in giving demos and pitches to clients, internal stakeholders, and the firm’s leadership. I was also responsible for providing technical and design presentations to team leaders. I also mentored junior developers and interns. I was involved in conducting Python training workshops for my colleagues to get started with programming.

While working on this product, every other day presented a unique challenge and with it a chance gain new knowledge and broaden my skill set. Unfortunately, I cannot present the interface or implementation details here. I would however,
like to talk about the challenges I faced, individually and as a team, and the lessons I learned from being a part of this project.

CORPORATE START UP EXPERIENCE

Challenges and opportunities

Getting buy-in from leadership

In a firm whose business primarily serves clients, every resource not being billed to a client is a liability. On the one hand, we need resources to build the tool. On the other, we had to prove to leadership that there was a market for it that would justify the cost of building the tool.

We made the difficult decision to work on building a proof of concept (POC) outside of the hours stipulated for billable projects. It was an extremely stressful four months for me, but my faith in the idea and the freedom and ownership that our director gave us made it possible to pull through. The effort was worth it because the first version of the tool’s demo gained traction with clients and internal stakeholders, paving the way to take it forward. 

Bureaucracy & constraints

Operating like a start-up inside a large organization was very different from the advantages a traditional start-up has. There were more restrictions, rules, and approvals that made the development process slow. 


We learned that the best way to work around this is to get support from internal stakeholders like the firm’s Partners as early as possible. Showing tangible results (in our case, we developed a proof of concept to get market validation), no matter how small, is key to persuading them to get onboard. Having them prioritize our solution helped speed approvals. 


We also could not get creative with the visual elements of the user interface. We had to strictly follow brand design guidelines. It was actually a blessing in disguise. We were forced to make our features shine. Clients did not mind using a simple-looking interface; they only cared whether they could use it to meet their goals. 

Growing the team

As our codebase and client base started growing, we needed more developers to be part of our team. However, we had to increase profits before getting the budget to hire new resources. 

 
I learned how enormous visibility, both on the floor and at the top of the company, can make it possible to get permission to pull in resources from across the firm, freedom to defy conventional thinking, and the right to recruit own team.

The following activities helped us make the best out of opportunities within the firm- 

  • We told our corporate start-up story at a KEDx (The firm’s version of a TED talk). Intrigued and impressed, lots of colleagues reached out wanting to be part of the team. 
  • We engaged interns, garnered their interest, and trained them to contribute to our project. 
  • We conducted python and technical training workshops, which helped us identify resources within the firm for our team. 
  • We took every opportunity to participate/organize Hackathons in the firm.
  • Our managers and directors took every opportunity to showcase the platform and its progress at Executive meetings.
Presenting an entertaining story of our journey at KEDx
Teaching OOPs concepts by modelling the Pokemon world!
Winning the Cyber boot camp hackathon

Staying resilient

The path of entrepreneurship was not a comfortable one. We had to constantly hustle, take risks, navigate uncertainties, learn new things, and innovate to stay ahead of competitors. Launching a product was a first for all of us, and we were not perfect. We sometimes had to firefight due to system issues, face the consequences of a feature not doing as well as we anticipated, or witness sales figures falling.

Our director made it a point to organize workshops at least once every quarter where the team (sometimes including internal stakeholders) came together to reflect and re-affirm our motivations and goals. I found that these activities helped us stay positive and look at the bigger picture. 

Presenting my goals for the product
Visualizing personal highs and lows
Defining success
Defining our team

Finding the right SDLC

When it was just me and two other developers on the team, it was simple to coordinate among ourselves. Having a “process” only made things slower. However, as the team grew in size, organized chaos turned into chaos.

It took us a couple of months to find a software development process that worked well for a start-up like environment. We adopted a modified agile development process. Since we had to include many ad-hoc tasks, we decided to keep a 3 week long sprint where the first week was dedicated to design and research. It gave us enough time to manage time sensitive ad-hoc requirements and sprint tasks. We initially scheduled releases at the end of every sprint. As we took on more complex features that required more research and testing, we changed to release after two sprint cycles. I learned it is ok to tailor the SDLC process according to the dynamics of the environment. 

Advocating for UX

Taking the user-centered approach

Usability Issues

We faced a doomsday situation as clients started opting-out of using the platform. While looking for a solution, I stumbled upon UX design. I took the initiative and enrolled in a UX/UI boot camp. The techniques I learned here were invaluable to solving this issue.

Diagnosing the problem

While everyone was speculating on their versions of the problem, I started crunching the exit surveys and attending product demo meetings. I observed that client teams have people of diverse levels (analysts, managers, CXOs) who use the platform. The information one set of users found useful minutiae for a different set of users. The product was efficient and error-free but fell short when it came to representing the analytics on the dashboard.

Defining the problem

I realized that there was a simple solution to this problem – role-based dashboards. But before jumping in, I wanted to validate this assumption. We were a small team with no resources to conduct focused user studies. Therefore, I reached out to colleagues within the firm’s cybersecurity division who could be potential users instead. I set up some time with them. I prepared task scenarios for them to navigate our platform. I also discussed with them to understand their needs and frustrations if they were to use the tool. Affinity analysis and persona design helped me synthesize these conversations.
Key takeaway: Business users looked for an overview of risks and their business impact, while the analysts wanted technical details. 

Ideation

I created paper prototypes that represent two views of the dashboard in the first iteration. Once I got a go-ahead form, my team’s manager, I created a high fidelity mock-up using HTML, CSS, JS.

Business user/Manager view
I created a cyber risk matrix that correlated the identified vulnerabilities to risks and business impact and quantified with a scoring algorithm. I visualized it according to their logical line of questioning: What is the overall risk sore? How has this changed over time to reflect the mitigation efforts of my team? What is the impact? Which category of risk has the most vulnerabilities? Why?

Analyst view
I made the insights actionable by providing recommendations for mitigation and a vulnerability score (represented as Red/Amber/Green) to help prioritize efforts. I used interactive drill-downs in anticipation of an overload of information, showing the most critical data first followed by the meta-data.

Feedback 
I went back to my cybersecurity colleagues to take feedback for my high-fidelity prototype. They helped me perfect this representation over several quick iterations. 

Grouping vulnerabilities into risk categories
KPI brainstorming
Analyst dashboard layout wireframe

Implementation

Visualizing the Cyber Risk Score
Working on visually representing a quantitative metric was one of the most challenging problems I faced. The data in our database was not in the desired format. I had to create a view of the data in the form of the Cyber Risk Matrix I designed. I then had to create APIs to structure (JSON format) and retrieve the information to visualize it. I found that the Sunburst Chart is ideal for representing hierarchical information. Its interactive drill-downs was perfect for presenting the factors in line with the flow of questions while also handling information overload. I also displayed the change in score that reflected mitigation efforts, making it more trustworthy.   

Role-based personalization
I configured the platform’s access control to display the view that corresponded to the logged-in user’s role.

Sunburst chart early sketch
Drill down interaction
Tree map chart sketch

Impact & Learning

Impact 
After these changes, we saw a dramatic increase in customer satisfaction and pitches converted into deals. 

Learning   
The human interaction aspect of technology solutions is considered far too little and far too late in the race to capture the competitive market. I thought that UX design would be time-consuming and come in the way of deadlines and business goals. I realized that, in fact, it helps strike a balance between user and business goals. I realized that user-focused research is as critical or even more so than generic market research. At the end of the day, even if the product is sold, it is a loss for both the business and customers in the long term if the product is unable to cater to the end-user needs.  

Evangelizing UX

Looking at the colorful sticky notes on my desk and notebooks, curious colleagues would often stop by and show interest in learning about UX and the design thinking process. It would spark conversations and discussions about how they could use some of these techniques in their projects. As a result, colleagues would offer to be interviewed for user research and feedback sessions. I found that it was effective to show stakeholders insights and progress. Post this experience, I made it a point to follow a user-first approach to design and development. 

TECHNOLOGY STACK

Choosing the appropriate technology stack for solution

Mobile App Vs. Web App

Deciding to go with a web application was a no brainer. We knew that our clients would use the platform mostly at work on their office laptops or desktops. Moreover, the solution was information-heavy, and a larger screen would be required for optimal viewing. However, we ensured to use Bootstrap CSS framework to make the web app responsive so it would scale when viewed on a mobile phone browser.

Python Vs. Java

Ideally, Java would be the more efficient language to use when building medium to large-scale applications. However, Python has a smaller learning curve, and the team did not have experience with Java. Therefore it made sense to go with Python coupled with its web framework Django. It was challenging to learn a new language on the job, but I was shocked at how easy and fast web apps could be built with Django. It was perfect for Rapid Development. We could take advantage of the multitude of python data science libraries and all external APIs provided python-support.

MySQL Vs. Hadoop

Choosing the right data store was probably the toughest decision we had to take. We naturally went with MySQL for making the proof of concept because all of us in the team were familiar with it, and it was quick to set up. However, there was a push from management to use “Big Data” technologies in our stack despite our attempts to explain that we weren’t there yet. 

I created a cost-benefit analysis of procuring and configuring Hadoop clusters. I also pulled stats on our data size, query completion times, and memory usage to show that we are nowhere at maximum capacity or inefficient. Further, we showed that our tool requires constant user-interaction, and MySQL is faster to handle ad-hoc queries. It helped make our case and save the team and the company from wasting thousands of dollars and a maintenance nightmare.

REFLECTION

Biggest takeaways

I experienced tremendous growth in my technical and problem-solving capabilities. I learned to manage uncertainties and grew to become a confident professional.

This project took me on an exciting journey and exposed me to the different phases of designing, building, launching, and maintaining a product. Thanks to which, I was finally able to realize that my interest lies in User Experience Design. I thoroughly enjoyed applying the design thinking process to make our product hassle-free and easy to use. It instilled in me an unwavering desire to play a part in the efforts to bridge the gap between people and technology.

All | Vocabulary through music | Identifying digital risks | Voice assistants for cooking