nightfall ai
End-to-End Security Journey
What if connecting to Slack or Google Drive automatically surfaces your most risky data exposures within 30 minutes, with a guided policy you can tweak and lets you resolve via across platforms?
who?
I led the end-to-end redesign as the Senior Product Designer, partnering with PMs, Engs, and GTM.
when?
2022 + 2023 → ongoing enhancements.
what?
Built a scalable policy framework, guided onboarding flow, and real-time dashboard alerts.
why?
Simplified setup to accelerate adoption and reduce configuration errors across all SaaS integrations.
stakeholders
Security Admin, Compliance, C-levels
impact
Streamlined the end-to-end journey so customers could see value in minutes.
Improved product adoption and trust with enterprise clients, while giving engineering a reusable foundation for future integrations.
Contributed to $40 M Series B and faster enterprise onboarding velocity.
As Nightfall scaled its footprint across more SaaS integrations, we observed two recurring barriers in customer onboarding:
Onboarding friction: Even after customers provision their integration (e.g. Slack, Google Drive, GitHub), the first policy creation experience was too complex, lengthy, and intimidating. Many users would stall before configuring even basic rules.
Disconnect between policy and action: Originally, Nightfall only surfaced violations through Slack and email notifications. Once an alert was dismissed, it disappeared — leaving customers without a single source of truth or history for investigation.
Because policy creation is core (every integration needs it), any onboarding friction cascades into lower adoption, higher support load, and slower ROI for customers.
goals
As Lead Product Designer, I led the unified redesign across the onboarding, policy setup, and alert management experiences.
My goal was to help customers:
Get to their first real alert within 30 minutes
Configure policies with confidence (fewer errors, fewer support tickets)
Transition from distributed alerts to a centralized Violation Page for long-term remediation and reporting
Maintain legacy policy compatibility for existing enterprise users
Through 3–5 user interviews and shadowing sessions, I found that onboarding took around 20–30 minutes, while policy setup alone averaged 15+ minutes. Users often felt unsure about what to do next, leading to about 1 in 5 setups ending in errors. What I often heard:
"It took almost an hour just to see our first alert."
"Which section do I configured first?"
"I don't know if this is safe to publish."
on boarding approach
I reworked the onboarding experience into a guided wizard:
Redesigned onboarding into a guided setup with better instructions
Vertical multi-step wizard with real-time validation + preview but still fits the legacy
This flow reduced setup anxiety and helped customers see their first detection within minutes — not hours.
“It feels like Nightfall configures itself for you.” — Customer Feedback
violation alerts approach
Meanwhile, I also created a Violation Dashboard to store all the violation alerts that includes:
Contextual details (source, user, timestamp, detection type)
Inline remediation actions (Resolve, Redact, Mark as False Positive, Add Note)
Search & filtering by severity, source, or integration
Audit trail for compliance and reporting
This created a single source of truth for all security incidents across Slack, Drive, and GitHub — bridging the gap between detection and resolution.
Onboarding, policy creation, and alert delivery helps define customer perception of product value.
1) onboarding
Introduced a lightweight, scalable modal that lets users link any SaaS integration with minimal steps.
This pattern later evolved into a foundational framework used across Nightfall’s setup and configuration experiences, like Slack or Google Drive.
2) POLICY CREATION
I redesigned the builder into a guided, multi-step experience—moving away from a dense one-page form.
Each step now features breadcrumbs, progress indicators, inline validation, and dependency warnings, with a final review screen ensuring accuracy before publishing.
3) violations page
Expanded alerts beyond Slack and email by introducing an in-product Violations Dashboard — a central hub that drives user retention. Each alert card includes a short summary and snippet preview, with all activity syncing seamlessly back to the main system.
What Went Well
Accelerated onboarding → improved trial-to-paid conversion (Nova Credit Case)
Reduced support cost through fewer misconfigurations
Increased customer trust by giving visibility into every violation
Laid the foundation for scalable alert management across all SaaS integrations
trade-offs & constraints
Speed vs. scope: We shipped MVP focusing on resolution and filtering first; analytics and trend reporting followed later.
Design debt vs. migration safety: Modernized visuals but preserved underlying logic schemas to avoid breaking existing integrations.
Performance trade-off: Real-time updates introduced slight latency, balanced against the need for reliable record keeping.
Designing this journey wasn’t just about improving UX — it was about creating visibility, accountability, and trust for every customer touchpoint.
