ITDR Security Assessment
proof-of-value experience
ITDR Security Assessment
proof-of-value experience
Across Huntress trials, the clearest proof of value was still a live incident—but that created a value paradox. Only about 30% of trialists who installed a Huntress product received an incident report during trial, yet win rate jumped to over 50% when something was found and stayed under 15% when nothing was caught. Huntress’ Managed Identity Threat Detection & Response (ITDR) was especially promising because it was low-lift to set up, nearly 40% of newly connected tenants showed a finding during trial, and Huntress already had rich tenant data to work with. The challenge was designing a fast, credible way for users to understand what Huntress could see and why it was worth broader deployment, even when no threat was caught right away.
How do you help a brand-new tenant feel value quickly, before a major incident ever happens?
The ITDR Security Assessment — a report experience designed to give users a clear snapshot of their identity risk, show what Huntress was monitoring, and make the product’s value tangible right after onboarding.
Instead of asking users to trust that protection was working in the background, the assessment helped them see it. It gave them something they could review themselves, bring to a boss or client, and use to justify broader rollout even if no incident had been caught yet.
Show value without relying on a live incident to prove the product works.
Create a stronger first impression during the onboarding and trial experience.
Make identity risk understandable in plain language, not just visible to security experts.
Give partners and prospects something polished they could share internally or with clients.
I was the designer for ITDR and saw the assessment from concept through delivery. I worked with the PLG team, a small team dedicated to experiments like this, to shape the assessment into an intentional proof-of-value moment inside the trial journey.
My work went beyond the assessment artifact itself. I designed the full UX around it—from the first impression in the product, to the onboarding updates that introduced it, to the dashboard and Trial Manager touchpoints that helped explain its value, to the experience of getting it into the user’s inbox. I also shaped the report structure and storytelling so the entire journey felt useful, credible, and cohesive.
The clearest insight was that the product could not stay silent until something bad happened. Huntress already knew how to create trust when it caught something real, but we needed a parallel path for the far more common case where nothing dramatic surfaced during a trial.
That led to a bigger shift in thinking: what if incidents were not the only engagement driver? What if a prospect could still walk away saying, “I trust this. This is working. I’m protected,” even when no threat had been caught?
This also fit the way the PLG team approached experiments: start with the outcome we wanted to create, pull out the most important insight, form a hypothesis, run the experiment, and learn from the result.
It needed to help people understand what Huntress had found, why it mattered, and what that said about the health of their environment. The report needed to feel substantial enough to be worth sharing, but simple enough that someone outside the product could understand it quickly.
To shape that experience, I mapped the end-to-end journey from campaign entry point through setup, report delivery, and follow-on product engagement. That helped the team align on where the assessment fit, what it needed to unlock, and how it could connect a lightweight trial to a stronger next step.
Many prospects evaluate several tools at once, install lightly, and never deploy widely enough to experience the full value on their own. The assessment gave Huntress a way to meet that reality instead of depending on ideal usage patterns.
That made the experience strategically important. It helped bridge the gap between limited trial engagement and broader confidence in the product.
The assessment was built and launched as a PLG experiment, with the team planning to measure whether it improved outcomes like activation, sales conversations, and conversion speed.
That framing mattered to the design work because we were not creating a static deliverable for its own sake. We were designing a new value moment inside the customer journey and learning whether it could change behavior.
We framed the assessment as a grounded, educational snapshot of the tenant, not a broad audit or a marketing piece. That kept the experience credible and helped users understand Huntress’ real ITDR value.
Because many tenants would not have suspicious activity, the report could not rely on a dramatic reveal. I designed it to still teach, reassure, and show what Huntress was capable of finding even when nothing was flagged yet.
The assessment had to be easy to notice in the trial journey, simple to share, and strong enough to support follow-up conversations. That meant clear surfacing, a polished artifact, and a human CTA that could help tee up the next sales conversation.