Rapid Validations - Designs for Security Concepts

Rapid Validation Research for Security Concepts - FY26Q3-Q4

This is the validation step in the Sec UX Teams team's strategic and user-centered design process of design concept development for the FY26 Product Roadmap. The steps are:

1. Journey Mapping 1, Journey mapping 2
2. Developing experience vision stories
3. Creating vision design concepts
4. Concept testing <---WE ARE HERE

What Designers Can Expect in the Rapid Validations

Rapid Research is a research-led process designed to help teams quickly validate design decisions with real users.

In 18.6 and 18.7, we will run a series of bi-weekly research cycles, each dedicated to a particular design theme. The first week is focused on planning and preparation, and the second week is for execution and reporting.

These streamlined cycles answer focused questions within two weeks through structured testing: Should we build this? Does our approach make sense? Will users find value?

Research Goals

• Validate concept clarity
• Evaluate workflow integration
• Assess overall user sentiment
• Quantify satisfaction, perceived efficiency gains, and perceived usefulness
• Identify usability issues and friction points
• Identify potential adoption barriers and key strengths
• [If A/B testing alternatives] Determine optimal concept direction across alternatives

Designer’s Role

• Prototype that will be used in testing
• Review testing script for user sessions
• Attend and take notes at user sessions, moderated by UXR
• Review report draft and contribute to actionable insights

Recruitment Criteria for Security Concept Validation

Basic Requirements (Security Concept Validation - Screener)

Note: Additional requirements may be applied as needed to a given study

• Role includes performance of application security tasks
• Uses GitLab for application security
• Can specify security JTBD performed in GitLab
• Can specify GitLab security features used in everyday work
• If possible, confirmed account in GitLab

Instructions for Designers: Research Launch To-Do's

These are both due 2 Fridays before the start of your Test Week:

• Provide the Context Comment for your concepts. This was already one of the deliverables in step 3. To initiate the process, create a comment BELOW using the "Rapid Validation for Security - Context Gathering" comment template (see example with instructions).
• Review and confirm the dates on your Test Week Issue. The link will be provided here. Please review these dates and confirm the timeline with @nshechtmann. This will be the central tracking issue for your Test Week.

Weekly Schedule ( @nshechtmann to update)

Test Week	Designer(s)	Topic(s)	Research Launch To-Do's
10-27 to 10-31 (tentative)	@mfangman @tparker1	Week 1: Onboarding + Policy Governance	[Due 10-10] Complete context comments [Due 10-10] Review dates on Test Week Issue and confirm with @nshechtmann
11-3 to 11-8 (tentative)	@acummins9	Week 2: Vulnerability Management + Agentic Bulk Resolution (Vuln Report)	[Due 10-17] Complete context comment [Due 10-17] Review dates on [Test Week Issue] and confirm with @nshechtmann
11-10 to 11-15 (tentative)	@beckalippert @acummins9	Week 3: Developer Experience + Agentic Bulk Resolution (MR)	[Due 10-17] Complete context comment [Due 10-17] Review dates on [Test Week Issue] and confirm with @nshechtmann
11-3 to 11-8 (tentative)	@sayobittencourt	Week 2: Authentication (Unmoderated)	[Due 10-17] Complete context comment [Due 10-17] Review dates on [Test Week Issue] and confirm with @nshechtmann
11-3 to 11-8 (tentative)	@ipelaez1	Week 2: Authorization (Unmoderated)	[Due 10-17] Complete context comment [Due 10-17] Review dates on [Test Week Issue] and confirm with @nshechtmann