nightfall ai
policy creation
From clutter to clarity: a multi-step policy wizard that made setup feel
enterprise-grade and demo-ready.
who?
I led the end-to-end redesign as the Senior Product Designer, partnering with PM, Eng, and GTM.
when?
2022 → ongoing enhancements.
what?
Redesigned the Policy Creation experience from a dense, single page into a guided multi-step flow
why?
The single page buried dependencies, overwhelmed admins, and dragged out setup. The new flow reduces cognitive load, clarifies sequence, and improves time-to-value.
stakeholders
Security Admin, Compliance, C-levels
impact
Featured in enterprise demos that helped close multiple six-figure deals.
Contributed to Series B $40M funds raising.
Post-launch we saw higher completion rates for policy setup by 30%.
The original experience was a long, text-heavy form. Admins didn’t know what to do first, which settings depended on which, or where alerts would go. Onboarding dragged, and the first impression during sales calls suffered. No sense of progress.
What we heard after a user research round with 3-5 customers:
"If I change scope, do I have to redo detectors?"
"Which section do I configured first?"
"I don't know if this is safe to publish."
Mapping the journey
Constraints: security domain jargon, multiple integrations, varied admin maturity.
Goals: clarity, speed, and demonstrability in a live demo.
Requirements: predictable steps that mirror Nightfall’s policy model across integrations: scope, detection rules, advanced settings, risk, review.
customer requirements
Choose where to scan, and what to exclude
Pick what to find and how sensitive it should be
Publish with confidence
starting point
Conducted UX audits and usability testing with enterprise clients to pinpoint friction points.
As the Twilight Design System was being developed in parallel, I proactively designed the new Policy Creation flow to align with its evolving components and principles, ensuring a seamless fit from day one.
collaboration and delivery
Partnered with engineering to land interaction details and empty states, and to align telemetry for drop-off and completion.
Tracked to a ~2-month MVP, then layered refinements as the Twilight Design System matured
I designed a wizard-style multi-step policy creation flow that broke the process into clear stages. The exact labels vary by integration, but the spine is consistent and mirrors Nightfall’s official policy model:
Integration Selection – Select the right type of monitor and app.
Scope Definition – Define the spaces you'd like to monitor.
Detection Rules – Configure the rules and detectors to identify sensitive data relevant to the policy.
Advanced Settings – Optionally enable advanced features such as admin alerts or automated remediation actions.
Name & Description – To label and describe the policy; placed last to keep focus on configuration first.
Review – Final step to double check everything.
These principles directly came from audits, enterprise customer feedback, and iterative prototyping.
1) progressive disclosure
Split the form into stepwise decisions with persistent orientation: where am I, what’s next, and what changes if I tweak X.
Result: fewer choices per screen, clearer mental model, better completion.
2) context at hand
Admins should not need docs at every turn. I added inline examples, helper text, and unobtrusive tooltips around detectors, thresholds, and automations.
This aligns with Nightfall’s official concepts for policies and detectors, but shortens the distance between decision and understanding.
3) Design for the platform, not just a page
The pattern had to work across current and future integrations. The wizard’s spine mirrors Nightfall’s help-center stages, which made it portable to Slack, Google Drive, and others without redesigning the core flow.
This marks the beginning of the new Policy Creation flow. All future integrations supported by Nightfall will follow this same format, with minor adjustments to specific steps as needed.
Policy creation design demo
A happy path to create a policy that helps scanning your sensitive data.
What Went Well
Time-to-value: Nightfall integrations are designed to connect in minutes. A clearer policy flow preserves that promise and helps customers see value rapidly.
Business Alignment: The redesign not only improved usability but directly supported enterprise sales and funding pitches
Cross-Functional Impact: Improved collaboration between design, engineering, and sales by creating a shared vision of the product experience
next steps
Deeper analytics in-flow: expose predicted alert volume and historical false-positive context as admins change detectors or thresholds.
Section-level UX: exclusion section grew too complex over time, requiring a later revamp in Scope. I’d design it more scalable upfront if I have time.
We delivered the baseline Policy Creation wizard in just two months. Since launch, we’ve continuously refined and expanded the flow, ensuring it evolves with user needs, compliance requirements, and new product integrations.
