Skip to main content

User Personas

This page shows our current user personas. Currently, we're keeping the following personas in mind:

  • SRE Panda ― SRE with engineering mindset and responsibilities
  • CCoE Panda ― CCoE with engineering mindset and responsibilities
  • Security Engineering Panda ― Security engineers with engineering mindset and responsibilities
  • Product Engineering Panda ― Product engineers with security mindset and responsibilities

🐼 SRE Panda

A SRE panda is working for a company that has in-house product team(s). The panda is responsible for the reliability of the product(s). The panda is not a security expert, but its responsibilities include their product security. In detail, the list of responsibilities is like:

  • Keep the security of the product(s) assessed enough
  • Keep the security risk of the product(s) controlled enough
  • Keep the security risk of the product(s) explainable enough

The panda needs to explain to their boss and business stakeholders (auditors and the panda's customers) why they need to spend time on security, and the current risk level of their product(s). In addition to that, the panda needs to motivate their product team(s) to make the risk controlled with their closer relationships with them. For achieving these goals, the panda needs to assess the security of their product(s) by themselves, or with the help of security experts and toolings.

🐼 CCoE Panda

Almost same as SRE Panda!

🐼 Security Engineering Panda

A security engineering panda is working for a company that has in-house product team(s). The panda is responsible for the security of the product(s). The panda is a security expert, and its responsibilities include:

  • Keep the security of the product(s) and wider range of their IT systems assessed enough
  • Keep the security risk of the product(s) and wider range of their IT systems controlled enough
  • Keep the security risk of the product(s) and wider range of their IT systems explanable enough

The panda needs to explain to their boss and bussiness stakeholders (auditors and the panda's customers) why they need to spend time on security, and the current risk level of their product(s). In addition to that, the panda needs to motivate their product team(s) to make the risk controlled.

However, their resources are really limited and security teams tend to be far from product teams compared to other positions. They need good means to enhance the security team productivity by better automation and communication.

🐼 Product Engineering Panda

A product engineering panda is working for a company that has in-house product team(s). The panda is responsible for delivering awesome customer values with their PdM. The panda is not a security expert, and its responsibility does not include security explicitly, but the panda is still motivated to work on that.

The panda is not aware of where to start and what is worth working on given their limited resources and situation. The panda needs to know what is the most important thing to work on, and how to work on that. The panda needs to know how to work with security experts and toolings. Once the panda knows what to do, the panda will start communication with their PdM and other stakeholders to think about how reasonable it is to work on that.