Megan Miller

« Back to all Projects

Designing Security as a Service

March – April 2016

Context and Problem

In January I approached the Information Security Office (ISO) at Stanford about collaborating on redefining "Security" as a service. After a major incident two years ago, Stanford has had to drastically increase it's preventative security measures, which impact everyone across campus, adding encryption and minimum security requirements to each device used by faculty, students, and staff. This experience is less than ideal, and the current campus perception is that "Security" is a mandate, not a service provided to campus. I wanted to help the ISO team better empathize with the campus community, help them reframe "Security" as a service provided to campus, instead of a mandate, and lay the foundation for future projects aimed at improving specific security experiences.


I was able to secure three, 3-hour sessions with the entire ISO team over the course of two months, participating in their all-hands annual retreat. I designed a series of interactive workshops to lead the team through the following:

Stakeholder map

Stakeholder mapping



Value statement activity

Value statement activity

Value statements

Value statements

Scenario mapping

Scenario mapping

Architecture definition

Service architecture definition


After nine hours of workshops, the ISO team had an arsenal of tools to help reframe Security as a service. The primary outcomes were a new service portfolio architecture and strategy document. This will be used by ISO to continue to reframe their services and better design their service experience. The foundation laid in these workshops will hopefully lead to future projects where we can focus on assessing and improving key service experiences for the campus community.

Deliverables from this project:

Other indirect outcomes from this research include:

My Role

I initiated, designed, and led the three, 3-hour workshops with the ISO team. I had assistance from my two colleagues in leading the workshops and creating polished deliverables.