Rebuilding a security product through acquisition

CONNECTWISE

Security was a key driver in ConnectWise's acquisition of SkyKick. I'd been leading design on SaaS Security — Microsoft 365 security reporting — and now had to scope it down, rebuild it on a new platform, and ship in 9 months.

SecurityStrategy
RolePrincipal Product Designer
Timeframe2025–2026
Team1 PM, 1 Lead Engineer, 2 Engineering teams
Rebuilding a security product through acquisition
The SaaS Security overview — rebuilt on a new platform, focused on what partners need most.

Context

Security is a growing accountability for IT providers

Security services had become one of the fastest-growing revenue categories in managed services. Microsoft provides the frameworks and data; the challenge is accessing it across dozens of client tenants and turning it into something actionable. SaaS Security gave providers the tools to do that at scale.
Multiple Microsoft admin portals open across client tenants
One IT service provider securing all Microsoft 365 services across many customers.

Problem

The legacy product was too wide to move intact

Built around a PowerShell-centric feature set, the product assumed a power user with technical proficiency and domain knowledge — and had built deep features to match. Usage metrics showed stagnant adoption across several of them. We scoped deliberately to reporting and left the rest behind.
Cloud Security legacy product
Navigator reporting moved forward. Manager's command-and-workflow feature set didn't.

Approach

Simplify the product. Invest in the platform

I pushed beyond a rebuild — fixing onboarding friction and UX debt that had accumulated across multiple releases, without adding scope. Before any security feature could ship, partners needed their Microsoft 365 tenants connected. I designed the Microsoft integration and made the case to build it as shared platform infrastructure — a live, syncing data source with value beyond our product scope. I worked across platform and product teams to build agreement on the approach. Another team had it on their roadmap before we finished shipping.
A code-based prototype — interactions and edge cases validated before development started.

Solution

We didn't rebuild everything — we rebuilt the right things

Moving into ConnectWise meant a broader, less technical partner base. Each capability was scoped to deliver clear value fast — a manageable journey for partners, a simple story for sales. The product needed to drive its own adoption.

1

Engagement cards

I brought in a pattern I'd proven at SkyKick — engagement cards on the overview page, each reflecting how far a partner has gotten with a key feature — starting empty, prompting the next step. ConnectWise had no equivalent; partners depended on the service team to get set up and discover features. I defined the components in the design system so other teams could build on the approach.

Overview page showing engagement cards in active state with live metrics
Engagement cards in active state — live metrics across connections, reporting, configuration, and monitoring.
2

Automated reporting

For an IT service provider, getting a multi-customer security report delivered to your inbox Monday morning was dreamy. A scheduled task got them there — every run logged, past reports accessible for client reviews.

Add a task step of Monitor and Schedule wizard
Scheduled tasks setup wizard for automated reporting with options to deliver via email.
3

Security posture

IT service providers are accountable for their clients’ security posture. I designed it so users could assign a custom baseline or use any framework-based standard (e.g., Microsoft, CIS, HIPAA). At the individual control level, users can review historical activity — seeing what changed, remediating issues, and demonstrating ongoing stewardship to clients.

Security posture baseline control activity view
Activity log of a security baseline control, allowing a user to track drift and remediate.

Outcomes

Beyond scope

We shipped the Microsoft integration first, SaaS Security close behind. Other product teams picked it up immediately — roadmaps were forming around it before we'd finished building it. Leadership elevated SaaS Security above legacy products in the navigation before we launched. We delivered on time, with all-new product UX, raising the profile of the team and the security domain within the company.

Now our ops team is able to validate and report on all our client's security posture in a single pane … allows us to manage more clients with the same resources.

Cloud Solutions Architect

With more time

There was no shared vision for the security suite. The product owner and I set out to build one — I started mapping the partner journey. A partner-first experience across the Security org: multiple products, one journey from activation to full adoption. That's the work I'd have pushed for.