Case management

Overview | Stakeholders | Discovery | Define | Ideate | Prototype | Results

My role:
I led the end-to-end UX for Case Management, managing two designers and owning the experience vision and strategic design direction. I partnered closely with product, engineering, UX research, and content design to drive early ideation, define the product direction, and ensure customer needs were reflected throughout the work. I was responsible for shaping the research direction, synthesizing insights, guiding design execution from concept through roadmap thinking, and aligning stakeholders around a cohesive, long-term experience strategy. 

The final case management experience

The team

• Product – PMs and partner director driving vision, roadmap, and cross-team alignment 

• Design – Myself as design lead with two designers, supported by design leadership/director 

• Engineering – Responsible for system architecture, feasibility, and platform integration 

• UX Research – Partnered closely to define research goals, validate concepts, and ground decisions in customer workflows 

• Content Design – Ensured clarity in terminology, workflows, and communication across complex SecOps scenarios 

We began by grounding the work in customer reality. Through research studies, workshops, and stakeholder conversations, we focused on understanding how SOC teams currently manage investigations across incidents, tickets, and tools. Key questions included: 

• How do analysts track work and maintain context across investigations? 

• Where do current tools break down or create friction? 

• How do teams collaborate across roles, shifts, and systems? 

Research revealed heavy reliance on external ticketing systems, frequent loss of context, duplicated effort, and unclear ownership—especially when investigations spanned multiple incidents or teams. 

Who is Martin Garrix?
Martin Garrix is a DJ and music producer from the Netherlands. He released his first hit, Animals, in 2013 when he was 17 years old. He produces electronic music with a focus on dance. He was ranked Number 1 on DJ Mag’s Top 100 DJs list for three consecutive years, from 2016–2018. Between 2013 and 2018, Martin received 48 DJ and music award nominations, with 18 wins.

What is in the LIFE = CRAZY book?
It’s a 300-photo collection of Garrix’s up-close and personal moments with friends, family, other artists, and team members. The book allows fans a closer look at the life of the artist.

What to expect in the book launch?
The LIFE = CRAZY the book launch took place at X Bank in Amsterdam. It featured a live Q&A with Martin Garrix and his photographer, Louis van Baar, who shot all the photos for the book.

Who are the end-users in this project?
SOC Analyst (Investigator / Operator) 
Primary day-to-day user managing incidents, performing investigations, creating tasks, and coordinating work. Needs fast access to context, clear task ownership, and seamless workflows to resolve incidents efficiently. [240828 Cas...- External | PowerPoint] 

• SOC Manager / Incident Lead 
  Oversees cases and team workload, focusing on prioritization, visibility, and coordination across incidents. Needs a high-level view of case status, progress tracking, and reporting to ensure effective operations and timely resolution. [240828 Cas...- External | PowerPoint] 

• Security / Threat Intelligence Analyst (Specialist role) 
  Contributes domain expertise (e.g., threat intel, hunting, vulnerability management) within cases. Needs the ability to attach insights, collaborate across teams, and integrate findings into broader case workflows. 

Based on research and stakeholder alignment, we defined the core problem: 
SOC teams lack a centralized, security-native way to manage investigations, resulting in fragmented workflows, inefficient collaboration, and slower response times. 

The opportunity was to create a unified case management experience that could scale across workflows while remaining flexible enough to support different investigation types. 

I led early ideation with the design team, working closely with PM, engineering, and research to explore multiple directions for how case management could function across the platform. We explored different models for: 

• Case vs. incident relationships 

• Task and ownership management 

• Collaboration patterns across roles 

• Entry points and discoverability within existing workflows 

These explorations helped us converge on a direction that balanced customer mental models, system constraints, and long-term platform goals. 

After discussions and brainstorm sessions with the partner teams, we opted for the knowledge graph paired with a life-size kaleidoscope. A few factors that influenced our decision:

· We had access to the artist’s unpublished photo archive
· We could use AI to tag and analyze photos and showcase Microsoft technologies
· An exclusive fan experience allowed fans to explore the photo archive
· Time and technological constraints
· Physical location and venue constraints
· Installation and equipment availability

Refining the ideas

Once we confirmed the physical installation and AI technologies, I worked closely with our internal teams and collaborated with stakeholders and partners to create a few different proposals.

Users line up at the entrance and take a photo at the photo booth. The vision API tags different elements found in the user’s photo. Then the AI looks for matching tags in Martin Garrix’s photo archive and sends the selected photos to the Kaleidoscope.

We considered several options for the setup at the entrance. For instance, we originally included props at a photo booth so the AI could pick up different graphic elements, but there was concern regarding the physical space. In the end, we decided to keep it simple and set up a Microsoft Surface Studio device at the entrance.

As concepts solidified, we moved into prototyping and iterative validation. I guided the team in translating research insights into concrete workflows, interaction models, and information architecture. Throughout this phase, I worked closely with content design to ensure terminology and messaging were clear and consistent, and with engineering to validate feasibility and scalability. 

The visual design was produced by the Plain Concepts team. I was responsible for ensuring we had all the assets and branding guidelines from the artist’s team, and communicating expectations across both internal and external teams. During the design process, I had daily meetings with the designer to oversee the design and provide UX/creative direction.

After exiting the Kaleidoscope, fans get to explore the AI and Martin's photo archive.

Users see a Microsoft Surface Studio with their entry photo. Users can use that computer to start exploring.

We wanted the user to have enough time to play with the connection diagram. To avoid a backup, we provided three computer stations at the exit.

The work resulted in a clear, aligned experience vision for Case Management, supported by validated concepts, design direction for MVP and beyond, and a roadmap that balanced immediate customer needs with long-term strategy. The project established a strong foundation for unifying SecOps workflows, reducing dependency on third-party tools, and delivering a more cohesive, efficient investigation experience for customers.