This document discusses best practices for creating effective dashboards. It begins with an introduction of the author and overview of topics to be covered. It then discusses the "pretty picture fallacy" where dashboards focus too much on aesthetics without a clear call to action. The document outlines the C.U.R.B. framework for choosing dashboard elements that are comparative, understandable, use ratios/rates, and are behavior-changing. It emphasizes that dashboards should drive action and change user behavior. Examples are provided and the author encourages examining existing dashboards and making them a daily habit to stay informed.

1. ThreatConnect.com
Copyright © 2020 ThreatConnect, Inc.
Creating
Dashboards that
Don’t Suck
Dan Cole
Senior Director of Product Management
Dan Cole
Senior Director of Product Management |
@dancole42

2. ThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
2
About Me
● 15 Years a Product Manager
● 5 Years at ThreatConnect
● Loves:
○ Star Wars
○ His dog
○ Threat intelligence
○ Explaining dashboards
to people
This is
Rigby

3. ThreatConnect.comThreatConnect.com Copyright © 2019 ThreatConnect, Inc.
What We’ll Cover
3
Why Dashboards Fail
Choosing the Right Elements
Putting Dashboards to Work

4. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
The Problem The Pretty
Picture Fallacy
4

5. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
The Problem The Pretty
Picture Fallacy
5
?
?

6. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
6
Back to 1996

7. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
7
Download Netscape
Navigator 3.0.1! Frame toggles!
Animated fire GIFs!
WAV files!
My First Website!

8. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
8
Clear Call to Action
Amidst the Chaos: ACTION!

9. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
9
The “Pretty Picture” Fallacy - No Call to Action

10. ThreatConnect.com Copyright © 2020 ThreatConnect, Inc. 1
0
What Is a Dashboard?
A visual display of the most important
information needed to achieve one or
more objectives; consolidated and
arranged on a single screen so the
information can be monitored at
a glance
-Stephen Few
Information Dashboard Design
It’s what you need to
see to focus on
taking action to
achieve your
objectives.

11. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
11
Choosing the Right Elements
...that anyone can create a
good dashboard

12. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
12
C.U.R.B.

13. Copyright © 2019 ThreatConnect, Inc.
Comparative
U.
R.
B.
13

14. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
14
Comparative - Put Things in Context
This Week Last Week

15. Copyright © 2019 ThreatConnect, Inc.
Comparative
Understandable
R.
B.
15

16. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
16
Understandable - Know Your Audience
“FPs”
False Positives
Reported per Day
(Past 30 Days)
X

17. Copyright © 2019 ThreatConnect, Inc.
Comparative
Understandable
Ratio / Rate
B.
17

18. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
18
Ratio or Rate - Find Patterns, Avoid “Vanity” Metrics
Total
Observations
Observations
per Day
X

19. Copyright © 2019 ThreatConnect, Inc.
Comparative
Understandable
Ratio / Rate
Behavior-Changing
19

20. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
20
Behavior-Changing - Orient Around Informing Action
% of Indicators
by Type
New Indicators Associated w/
Finance Sector (Observed
Locally Past 24 Hours)
X

21. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
21
Creating Habits
Feed your dashboard every
day or it will die

22. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
22
A Rule of Thumb
Dashboards Should Drive Action
Should I speed up
or slow down?

23. ThreatConnect.com Copyright © 2020 ThreatConnect, Inc. 2
3
The World’s Greatest
Dashboard
Do I need to do anything?
No.

24. ThreatConnect.com Copyright © 2020 ThreatConnect, Inc. 2
4
The World’s Greatest
Dashboard
Do I need to do anything?
Yes.
Do the
thing

25. ThreatConnect.com Copyright © 2020 ThreatConnect, Inc. 2
5
The World’s Greatest
Dashboard
Do I need to
do anything?

26. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
26
Daily Habits
Create Dashboards that Change Your Day
If I’m sitting down
for my morning coffee
and only have five
minutes, what might I
see that would alter
my destiny?

27. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
27
A Rule of Thumb
Dashboards Should Drive Action
Incidents
Needing
Attention
Shifting Trends
or Topics
Tasks Assigned
to Me
Financial
Savings
Integration
Issues
My Deep
Focus Areas

28. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
28
Your Dashboard Might Look Like This...

29. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
29
But This Is Okay, Too!

30. ThreatConnect.comThreatConnect.com Copyright © 2020 ThreatConnect, Inc.
30
What Next?
Comparative
Understandable
a Rate/Ratio
Behavior-Changing
Examine the
dashboards you use
today… is the data:
Make your
dashboard your
morning’s first stop

31. ThreatConnect.com Copyright © 2020 ThreatConnect, Inc. 3
1
Other Resources
● Edward Tufte
○ The Visual Display of Quantitative Information
● Stephen Few
○ Now Your See It
○ Information Dashboard Design
● Me
○ Best Practices for Dashboards in Cybersecurity and Threat Intelligence
■ https://threatconnect.com/blog/threatconnect-dashboards-best-practices/
○ Building Daily Habits to Stay Ahead of Security Fires
■ https://threatconnect.com/blog/threatconnect-new-osint-dashboard-2/
○ Operationalizing Threat Intel: On the Importance of “Boring” Dashboards
■ https://threatconnect.com/blog/operationalizing-threat-intel-importance-of-
dashboards/
○ Twitter - @dancole42

32. Copyright © 2020 ThreatConnect, Inc.
Thank You!
dcole@threatconnect.com
TWITTER: @dancole42