π₯ User Personas
Board Director (NED) - Non-Executive Director
Who They Are
- Role: Board member with fiduciary duty
- Pain: Personal liability for cyber breaches
- Goal: Oversight without micromanagement
MVP Journey (5 steps max)
- Receives quarterly report link via email
- Reviews one-page cyber posture summary
- Asks clarifying questions in board meeting
- Approves risk acceptance items
- Downloads report for board pack
Not Doing in MVP
- Real-time dashboards (quarterly is enough)
- Detailed technical metrics (summary only)
- Direct system access (reports via email)
Executive (CEO/CFO) - Chief Executive/Financial Officer
Who They Are
- Role: Company leadership, accountable to board
- Pain: Balancing cyber spend with business needs
- Goal: Demonstrate due diligence efficiently
MVP Journey
- Logs in monthly to review status
- Assigns tasks to IT manager
- Reviews compliance gaps
- Approves budget items
- Presents summary to board
Not Doing in MVP
- Complex ROI calculations
- Automated budget forecasting
- Multi-year planning tools
IT Manager/CISO - Implementation Lead
Who They Are
- Role: Hands-on cyber implementation
- Pain: Too many frameworks, not enough time
- Goal: Clear priorities and evidence tracking
MVP Journey
- Completes initial questionnaire (20 questions)
- Uploads existing policies
- Works through task list
- Uploads evidence files
- Tracks progress weekly
Not Doing in MVP
- Automated vulnerability scanning
- Technical control validation
- API integrations
Admin Staff - Support Role
Who They Are
- Role: Administrative support
- Pain: Chasing people for compliance docs
- Goal: Simple tracking and reminders
MVP Journey
- Invited by IT Manager
- Uploads policies and evidence
- Sends reminder emails
- Updates task status
- Generates reports for meetings
Not Doing in MVP
- Complex permissions (basic roles only)
- Workflow automation
- Custom email templates