Designing the future of Threat Intelligence
ROLE
Sole Designer
PLATFORM
Web, Enterprise SaaS
TIMELINE
2025 - present
Threat Intelligence Security Center (TISC) is ServiceNow's workspace for the security analysts tracking threats aimed at the enterprise. As the sole product designer, I work across every surface of the product, from analyst research to workflow architecture to AI strategy.
Overview
Threat analysts are asked to track adversaries across dozens of feeds, separate real threats from noise, and move fast enough to matter - but most of the tools they use still expect them to manually stitch the picture together. TISC brings the full threat intelligence lifecycle into a single workspace: collection, enrichment, correlation, sharing, and operationalization.
One workspace for the entire intel lifecycle
From collection to correlation to action, TISC brings every stage of threat intelligence into a single place analysts can actually live in.
Built for the way analysts think
The investigation canvas lets analysts pivot across IOCs, actors, and cases on a single visual surface - connections stay visible, context never gets lost.
Every feed, every tool in one place
Native STIX/TAXII, MITRE ATT&CK, and plug-in support for commercial and open-source feeds. Intel flows in; enrichment happens automatically.
A workflow engine
TISC sits on the ServiceNow platform - so an indicator found in TISC flows straight into SIR, GRC, ITSM, and the rest of the security operations stack. No handoffs, no lost context.