Foundational Research to Identify Business Opportunities.

At Cisco, I informed 3-5 years of business roadmap by leading a deep dive foundational research study.

Impact includes identifying four areas for further research, informing survey instruments, and defining market study parameters.

*Under NDA - Rich on story, limited on data*

Role

Design Strategy & Research Intern

Organization

Cisco Secure

Duration

8 Weeks

Key Activities

Discussion guide
Participant recruitment
Interviews - moderation to synthesis
Insight socialization
Actionable recommendations

Tools

Dovetail, Miro, Figma

Collaborators

Design Researchers & Strategists
Business Innovation Teams
Data Analytics Team
Design Ops

Business Context

Overarching Project Goal

To identify 3-5 year business development opportunities for Cisco Secure which can help them grow their business and keep them competitive

Research Breadth and Depth

This strategic research project was planned over three quarters. Where each quarter would deep-dive into the findings from the previous quarter. Quarter one goals were to identify broad opportunity spaces. Quarter two goals to further deep-dive into the broad opportunities to uncover nested opportunities. Quarter three goal was to weigh the nested opportunities against each other and provide Cisco recommendations on what findings can be built, bought and partnered with.

The current case study focuses on Quarter two goal viz. To deep dive into the previous broad opportunity spaces and uncover nested opportunities.

Collaborators

This strategic research study was driven by the CFO’s Business Strategy and Innovation team who also were the closest partners and were responsible for bringing qualitative and quantitative findings together. Other partners included Market Research who were quantitative research for market sizing and Data Science to dig up internal data and Network Engineer for demystifying security technology.

Previous Research from Q1

Business Strategy and Innovation along with its collaborators had identified 5 unmet opportunities via qualitative and quantitative research from quarter one of this research project. Those being:

Shift Left – Bringing security earlier into the development cycle
Business Value of Security – Moving security from a cost center to a revenue driver
Data Compliance & Regulations – Navigating global compliance challenges
Fragmented Cloud Transition – The messy reality of organizations moving to the cloud
Decentralized Data & Access – Security implications of distributed systems

As an expert in qualitative research I chose to deep-dive into these 5 opportunities and uncover nested opportunities for the second phase of this research project (Q2). My qualitative efforts were going to be supported by Quantitative research (TAM,SAM, CAGR determination and Market sizing activities) by the Market Research team and the Data Science team.

Stakeholder Alignment & Primary Research Goals

To onboard on this multi-quarter project and to understand the specific goals of the Q2 qualitative research activity, I had meetings with cross-functional stakeholders and captured their point of view to come up with concrete research goals. Alignment meetings involved Data Scientist, Market Research, Product Designers and business Strategy team.

Based on conversations, the Q2 Research were defined as;

Understand the degree of pain and friction (or lack thereof) for customers in the 5 identified unmet need areas.

Explore customers’ perceptions of solution providers who are meeting these needs, even partially.

Understand personas currently trying to address these needs in businesses. This will help us create new Cisco Secure personas if required.

Change in the scope

During one of the alignment meetings, the team realized that Shift left the topic highly politicized internally as Cisco itself was a security product development company. Handling this topic and delivering actionable insight was going to be highly political. There we decided that this is something which is going to be taken care of by someone who is close with the Network engineering and internal security team as well as the CFO team. Essentially rendering 4 deep-dive topics for me.

Underpinned Internal Research

Need:

While the research goals for Q2 activity were clear. What was not clear were the engineering aspects of the topic. To understand unmet customer needs from fragmented cloud transition, the team needed to understand how cloud transition happened. Or in the case of decentralized data, to understand the possibilities of where the data could be stored. Therefore to uncover this, I proposed internal research with Network engineer team with the research goals of:

Audience:

Network engineers

Methodology:

Internal literature and five semi-structured interviews

Research Goal:

To understand the could transition process

To understand multi cloud/multi platform storage and it’s needs

To understand where security is considered in development process

How is compliance taken care of in organizations?

Outcome:

Diagrams and user journey maps, qualitative research discussion guides

Audience from Research

4 distinct areas, expert in 4 distinct topics

Since we were targeting 4 different areas, it was imperative to recruit expert(s) from each area to get nuanced insights.

North America, the main market for Cisco Secure and the main area for recruitment

Cybersecurity is a sensitive topic. Although a global input would have been great, getting it from a global audience is challenging. Therefore, we decided to recruit from the North Americas region. The additional logic behind this was that Cisco’s main market is North America and therefore recruitment here would make much more sense.

Sample Size:

The goal was to reach thematic saturation. Therefore around 6 participants from each of the groups.

Responsibilities according to each topic

Business Value of Security;

Someone who has to pitch the convenience the C-Suite exe’s about the need to upgrade the system etc

Fragmented Cloud transition:

Someone who manages the company's data storage and makes decisions related to it.

Decentralized Data & Distributed access

IT Professionals who work closely with the security team to ensure the infrastructure is configured as per the org’s data security and access needs.

Data Compliance & Regulations

Someone who handles compliance and regulations related to data for different geographies etc.

So to understand the study and the domain..

I seeked mentorship from my manger.

I had 1:1 with diverse teams within Cisco to develop my own perspective.

And it helped me prepare the interview guide & Project timeline.

Let me give you an example of Decentralized Data & Distributed Access.

1st draft By myself

With people and data being in multiple places, how do you identify that the appropriate person is accessing the data they are entitled to?

2nd draft With manager

What are some security complexities due to the introduction of hybrid working?
What are some of the challenges of having data stores in multiple places?
What are some challenges in having multiple data storage platforms?

3rd draft With cross-functional teams

What are some of the security measures which are implemented at the data end? ( Imagine a line. On the left, you have the user; the line indicates the access, and on the right is the data)

However, recruiting participants was a different ballgame.

At first, I was targeting specific roles for each study topic. But, soon, I realize that roles & titles keep changing across companies.

Therefore, I focused on job responsibilities and shared them with the recruiting agency & they got back with the appropriate candidate.

Decentralized Data & Distributed Access

Security professionals who define and managers access to data and identity across multiple systems (cloud-native applications)
IT Professionals who work closely with the security team to ensure the infrastructure is configured as per the org’s data security and access needs.
People responsible for demonstrating the maturity of their data security to potential clients so that it drives business.

Paraphrasing of responses by participants.

And the reason I failed were

Sticking too tightly to the interview guide.

I knew I could have done better because

Soon came the first interview & I could have done better

Change in tone of the participant

Trying to cover too many touch points.

I changed my interviewing technique.

I started following the thread by identifying participants’ excitement towards specific questions.

I leaned my interviewing scale towards unstructured interviews.

But then, I adapted.

When I could not understand, I told the subject matter expert that I was new to the field.

“I am curious to know what the study is about'!”

Participant 7

“This is an interesting question.”

Participant 5

And the following interviews were a breeze.

“It has been fun talking to you!”

Participant 8

I presented my findings to different stakeholders after each topic on a weekly cadence.

The teams were curious to know what I learned, and so was I to share.

But discovering nuanced insights was totally different.

Interview A

Interview B

Interview C

I followed a thread in each of the interviews. And by following a thread, the data I got from each interview felt disjointed. Therefore, I was unable to discover insights.