Prelude
Autonomous red team and threat simulation platform, later backed by Sequoia
The Problem
Most organizations don't know if they're vulnerable to a specific attack until they've already been hit. Annual penetration tests are too infrequent to keep pace with an evolving threat landscape, and internal red teams are expensive, slow, and susceptible to the same organizational blind spots they're trying to expose. Prelude was built to change that: an autonomous red team platform that continuously simulates adversary behavior against your own infrastructure, turning the question "are we vulnerable to this?" from a multi-week engagement into something you can ask and answer on demand.
The founding team came out of MITRE's cybersecurity organization, where they'd led development of CALDERA, a pioneering automated adversary emulation framework. They knew how to build the attack infrastructure. They did not have a design function, and the product showed it.
The Work
I was brought in as sole designer to establish design from the ground up in a team that had built an operationally serious product with no UX layer on top of it. The interfaces worked for the founders. They did not work for anyone else.
The first challenge wasn't visual. It was epistemic: to design for red team operators, I had to understand how they thought about adversary emulation, attack chains, agent deployment, and infrastructure mapping. The MITRE ATT&CK framework, the taxonomy of tactics, techniques, and procedures, the distinction between a denatured attack and a live one. These weren't incidental details. They were the mental model the interface had to reflect. Getting that wrong would have produced interfaces that security engineers would reject immediately.
The design work centered on the Operator platform: a desktop application for planning, launching, and analyzing continuous attack simulations against an organization's infrastructure. The core interaction challenge was the attack chain builder: a workflow where operators select, sequence, and configure individual attack procedures against target agents. The complexity was real. The interface needed to expose that complexity without burying operators in it. The solution prioritized progressive disclosure: surface the attack chain structure clearly, let operators drill into procedure-level configuration when they needed to, and surface results in a way that connected back to the original plan.
Beyond the product itself, I introduced the basics of UX process into the team: documentation practices, design review cadence, and the infrastructure for tracking design decisions so they survived the pace of engineering velocity.
The Outcome
Prelude raised a $24M Series A led by Sequoia Capital. A polished, coherent interface contributed directly to investor confidence in the platform's readiness to scale beyond its founding team's context. The Operator platform moved from a tool that required insider knowledge to use, to one that a security engineer encountering it for the first time could navigate with intent.