CS04: Streamline Security Testing

Case Study 04 · PlexTrac · 2022–2023

Streamline Security Testing: Exercises, Emulation & Efficient Execution

PlexTracCybersecurityRunbooksDesign Systems

TL;DR

Led the 0-to-1 redesign of PlexTrac's Runbooks module, building a structured exercise workflow with MITRE ATT&CK integration and adversary emulation support. Reduced engagement setup time by 45%, grew new engagements run by 18%, and established design patterns carried forward into the broader PlexTrac design system.

Business Problem

Security teams needed a way to test their defenses — not just document their findings.

PlexTrac's existing runbooks experience was built for documentation, not execution. Red teams running tabletop exercises, adversary emulation, or purple teaming had no structured way to plan, run, and track an engagement from start to finish inside a single tool.

No exercise workflow

Teams couldn't structure and run tabletop or purple teaming exercises end-to-end inside PlexTrac

Manual adversary mapping

Emulating real threat actors required manually sourcing MITRE ATT&CK procedures outside the platform

Findings fell through the cracks

Progress tracking happened in spreadsheets — no iterative testing loop tied to remediation

My Role

Principal Designer, Product Manager & Design Leadership

Product & design lead

Owned the end-to-end design and product management for the Runbooks refactor — from problem framing and user research through to shipped features.

User research

Conducted initial user research and customer pain point discovery. Identified that users needed exercise workflows, not just runbook storage.

Journey mapping

Built a platform-agnostic journey map covering the full testing lifecycle — from initial assessment through findings, triage, report, validation, and closing the loop.

Design system leadership

Maintained design consistency across the growing team while scaling the feature set — establishing patterns reused across Runbooks and adjacent modules.

Design Approach

Three principles shaped the solution

Build for the full exercise lifecycle

Don't just store runbooks — enable teams to plan, execute, track, and retest within a single connected workflow. Each phase should hand off naturally to the next.

Make ATT&CK accessible, not intimidating

500+ MITRE procedures are only useful if teams can find, filter, and apply them quickly. The library needed to feel like a tool, not a reference document.

Support a growing team without breaking consistency

As the design team scaled, the Runbooks module needed shared patterns that multiple designers could build on without diverging from the broader PlexTrac system.

The Solution

Key Screens & Features

The refactored Runbooks module introduced a structured exercise workflow with MITRE ATT&CK integration, adversary emulation support, and iterative progress tracking.

Exercise Setup Wizard

A guided setup flow allowing teams to scope an exercise, select a methodology, and pull in relevant ATT&CK procedures — reducing time-to-start for new engagements.

Runbook Coverage & Heatmap

Visual ATT&CK coverage mapping showing which tactics and techniques had been tested, in progress, or not yet covered.

Runbook: Procedures

Browsable, filterable library of 500+ MITRE ATT&CK procedures with the ability to add custom procedures and group them into reusable runbook templates.

PlexTrac Content Library

Curated library of pre-built test plans from MITRE Engenuity, BlindSPOT, and SCYTHE — enabling adversary emulation without starting from scratch.

Runbooks: Engagements List

Central dashboard showing all active and completed exercises with status, coverage percentage, and team assignments at a glance.

Engagement Details

Deep-dive view per engagement showing procedure execution status, linked findings, assigned team members, and progress toward completion.

Indexing & Tracklist

Structured index of all procedures run within an engagement, with pass/fail status and direct links to findings — enabling iterative retest tracking.

View Runbooks 2.0 prototype in Figma

Product Demo

PlexTrac Runbooks Module Watch on YouTube →

Outcomes

What this work delivered

45%

Reduction in time spent setting up an engagement

18%

Growth in new engagements run post-launch

↑ ARR

Retention & adoption metrics improving

Delivered a structured exercise workflow connecting planning, execution, findings, and retest for the first time in a single platform experience

Enabled adversary emulation through integration with MITRE Engenuity, BlindSPOT, and SCYTHE — giving red teams credible, repeatable threat scenarios

Design patterns established in this module were carried forward into the broader PlexTrac design system, reducing future ramp-up time across the team

Reflection

What I'd do differently

If I were doing it again, I'd push to instrument baseline metrics earlier — specifically, engagement setup time and retest completion rates. Having those benchmarks before launch would have made the post-launch story much sharper and easier to attribute directly to design decisions.