SAGE is a decision-support platform for CISOs managing multi-million dollar security programs. I transformed a reactive, data-heavy dashboard into a safe, simulation-based planning environment.
It wasn't a lack of data.
It was decision anxiety.
Research with CISOs revealed that the real friction wasn't missing information. It was Impact Blindness. Security leaders were afraid to commit to budget changes without seeing how those changes would affect their overall risk score in real time. The result: paralysis disguised as caution.
CISOs couldn't predict how changes to mitigation plans would affect overall risk posture.
Even when improvements were made, translating them into clear business value was difficult.
Plan comparisons required switching between spreadsheets, presentations, and security tools.
Sitting with the people under pressure
I conducted scenario-based walkthroughs with 5 CISOs around real budget adjustment decisions. We simulated live budget discussions and observed what happened when changes affected the overall risk score.
The key insight: the friction wasn't the complexity of the data. It was the fear of committing to visible changes without clear impact validation. CISOs needed a safe space to explore before they could decide.
Separate Exploration from Commitment.
A unified decision surface
I created a high-level Cyber Directory that connects budget, mitigation plans, and risk posture in one view. Functional color logic (Red, Yellow, Green) makes severity immediately readable. Leaders can prioritize threats in seconds, without parsing tables.
From tactical editing to strategic simulation
The first version of the platform had a critical flaw: every change updated the live plan immediately. Users avoided high-impact decisions entirely. Watching this happen in sessions made the solution clear: strategic planning needs a safe exploration layer before commitment.
All changes updated the live plan directly. Users saw the consequences immediately and froze. High-impact decisions were avoided entirely.
Isolated sandbox environment. Explicit "Confirm" step. Clear separation between exploration and execution. Users could finally think freely.
The What-if Sandbox
The simulator lets CISOs toggle initiatives on and off, see the projected risk reduction in real time, and understand the cost per risk point, before touching anything live. The "Confirm adjustment" button is the only moment a decision becomes real.
This explicit commit step wasn't just a UX pattern. It was psychological safety by design, removing the fear of breaking active plans that had been paralyzing decisions for years.
The Optimization Graph gave executives a single metric, Cost per Risk Point, creating a shared language between security and finance. CISOs shifted from "Technical Manager" to "Business Partner." Plan comparisons that took days now take minutes.
"Cyber platforms aren't just dashboards. They are decision environments. The goal wasn't to show more data. It was to provide the clarity and psychological safety needed to act under pressure."