Back to Crema Work

Secure Blueprint

Prototype & validation, followed by front-end design and technology build

32+ months

case study desktop

Security meets business

CISOs (Chief Information Security Officers) and security analysts are challenged daily to connect the maturity of their organization's cyber security program to the needs and investments of the business. Finding a way to collect the perspectives of each security leader in an organization can be an NIST Excel spreadsheet nightmare. There had to be a better way.

A Crema experience

The Secure Blueprint team from Kudelski started with a Strategy and Alignment Session and rapid prototyping to test early concepts of the Secure Blueprint surveys and dashboards. Our experimentation led us to a survey-based tool which collects data according to industry standards like NIST. We quickly learned that these surveys weren't complete with only one perspective, so recurring surveys were sent out to relevant stakeholders.

In collaboration with their growing development team, we built early versions of the UI and continued to support Kudelski's innovation team through additional design sprints, UX collaboration and testing.

Objectives & goals of the work

Phase 1

Product branding, prototyping, validating

When our two teams began working together in late 2016, the original focus was to further refine the Solarhood product concept and design unique product branding that is still being used to this day. By creating a high-fidelity mobile prototype and testing it with real users to glean feedback on the application, we were able to measure a response on the product in two solar markets – Kansas City and Portland.

The outcomes of this 5-week phase were:

  • A defined business model and unique value proposition.
  • Initial brand direction, including brand logo, iconography and brand guidelines.
  • A high-fidelity, clickable prototype that was tested with real users in two solar markets to ensure the mobile experience is intuitive, efficient, and enjoyable to use.
  • A high level product roadmap and budget for initial release of the application, leveraging a dedicated product team at Crema.
  • Recordings of all user testing sessions and access to all assets created.

At the end of this, the Solarhood team decided to shift their resources and allocate some of the development to an offshore team. We remained in touch & kicked off conversations for phase two almost 18 months later.

“Through several unique engagements, we have found Crema to be an outstanding partner in helping us bring our products to market. Their assistance has helped us deliver products that make complex cyber security data easily understood by non-technical business leaders.”

– Brian Moran, Director, Product Management at Kudelski Security

A platform that's positive, not fear based

One of the key concepts for the MSS portal was to create an experience that was bright, friendly, and easy to use. Rather than the industry standard that led with a visual of dark and fear-driven, Kudelski was a leader and thinking differently about what a "Portal" could be. These experiences traditionally were boring ways to just link off to other apps. Now, the experience is customized to the Kudelski brand. Having one place for clients to check incident tickets, run reports, and review the suite of apps that Kudelski used to provide their awesome security services made things easier for everyone.

Kudelski Security received its highest scores in the following criteria:

  • business and technical value
  • reporting capabilities (including dashboard and user interface)
  • artificial intelligence (AI), machine learning, automation
  • user experience road map and talent management.

Crema continues to support the product with a maintenance and design retainer.

Listening to the users to grow a great product

Kudelski took a bold step in creating a Design partner program with their early customers. They actively engaged these early customers for feedback, and have continued to iterated Secure Blueprint to be the valuable product it is today. As one of the only NIST standards SAAS tools for collection and reporting, Secure Blueprint is quickly hitting the radar of the top CISOs across the country.

Strategic process

Throughout the years, our process has evolved to support our clients and business and varies to fit the unique phases of an engagement. There were several key processes that we used to create meaningful outcomes together with the Solarhood team.

User testing

One of the hallmarks of Crema’s process is User Testing. With Phase 1 of Solarhood, we collaborated to recruit users to test the prototype with in two markets – Kansas City and Portland. We targeted 2 rounds of testing, with 3-5 testers per testing iteration. When user tests are conducted with individuals outside of Kansas City, software is used to connect the user to the prototype to interact with it.

Testing is typically facilitated by Crema staff, but the client is welcome to listen in throughout the process. All parties remain neutral during sessions to allow for honest and raw feedback to come from the person experiencing the prototype. Each user is walked through a series of prompts to unveil their assumptions about the platform, highlight key areas of refinement, and ultimately validate – or invalidate – the product experience.

In the instance of Solarhood, user tests informed many elements of the UI/UX in terms of what information was important to consumers & how they wanted to interact with that data. Later, user tests were conducted with B2B prospects to understand their solar wants and needs, which would greatly inform the product strategy.

This is all done in a series for 2-4 weeks, before a single line of code is written. After user testing sessions have been completed, our teams work to solidify the product experience, finalize all assets, and create a development plan of attack to bring the designs to fruition.

Prioritization & delivery

Through our extensive product development and launch experience, Crema has crafted a process to ensure we’re working in a partnership with our clients to achieve goals on a sprint-to-sprint basis. We understand that over time, priorities change, and our teams can quickly adapt to the demands that our clients are up against.

We do this by working from a central, prioritized backlog of items that range from development, testing, design, and discovery tasks that undergoes regular review between the Product Strategist, Product Manager, and client. The Crema team offers objective, expert input into how items should be prioritized, in line with the client’s desired direction. Best of all, it can be quickly reprioritized if need be.

Throughout our engagements, there is a regular meeting with the entire product development team to estimate the effort to each priority item in the backlog. These estimates inform how much work can be accomplished each sprint. Ultimately, this leads to a mutually-agreed upon scope of work that the team works on, frequently demoing and asking for feedback from the client team.

These processes – reminiscent of scrum rituals – require a high level of collaboration between our internal teams and the client stakeholders involved in the engagement. It produces a clear picture of exactly what is being worked on and what is to come. Crema maintains an open dialogue between all teams to effectively develop, maintain, and support our clients throughout the course of these engagements.

Technical planning

Crema’s technical team doesn’t start writing code on day 1 of the engagement. Oftentimes, we’re incorporating development team members into our project kickoffs, so they have a front row seat to the discussions and decisions being made. One of Crema’s core strengths is providing expert technical recommendations based on the needs of our clients.

During our engagements with Solarhood, there were several opportunities for our technical team to explore the best technical approach for the product builds – one of the major moments being moving from native mobile apps to React Native. This is done by uncovering any dependencies, architecture needs, and third party resources, and solidifying that recommendation against time, budget, and other requirements.

Based on what’s uncovered in the technical planning period, Crema’s recommendation is summarized and presented to the client – fueling them to make the decision that is best for their team and business.

Insights behind the solution

Navigating B2C and B2B markets creates a plethora of opportunities. Solarhood has relied on feedback from real users every step of the way, allowing them to build products that people really want. By asking questions like “What matters most?” and “How do we lay the data out to bring the most value?” they’ve benefitted from learning from the market early and often.

Most notably, the switch from native mobile apps to React Native was one of the biggest milestones during our multi-year engagement with Solarhood. Collectively, the decision was made to move this direction, and it eventually lead to a much more stable and scalable code base to build upon.


Today, Solarhood is available on the web and for download on all iOS and Android devices. With their robust tech stack and flexible design language, they’re positioned well to scale quickly consistently exploring new geographic regions, customer segments, and additional revenue models. The Solarhood team also continues producing engaging, informative solar information across many different channels, educating consumers on the benefits of going solar.

ProfessionalChats Desktop

Let's talk about your business and technology goals.

Get in Touch
More work by Crema