A certification program with a 20-click signup and no clear path forward. We turned it into an experience people actually wanted to complete.
MITRE Engenuity is the tech foundation arm of MITRE Corporation — one of the most respected names in U.S. cybersecurity. Their ATT&CK program is an industry-standard framework for understanding adversary tactics used by security teams worldwide.
The problem: the program's digital experience didn't match its reputation. Getting into the system was painful, and once inside, users had no clear direction on what to do, where to go, or how to progress. The result was drop-off, disengagement, and a certification journey that felt more like a chore than an achievement.
Find new and innovative ways to bring the ATT&CK program to the masses — reducing friction, creating a clear path, and using gamification to make users actually want to earn that certification.
The onboarding flow required over 20 clicks before a user was inside the system. First impressions matter — this one said "turn back."
Once inside, users faced a wall of content with no guided path, no progression system, and no obvious "right" way to complete the course.
Without direction or motivation loops, users abandoned mid-journey. A premium certification program was leaking its most valuable users.
MITRE's ATT&CK framework has genuine authority in the cybersecurity world. Security teams reference it daily. The brand didn't need to be built — it needed to be matched by the experience.
The irony: a program designed to help security professionals navigate complex threat landscapes couldn't guide its own users through a certification flow. The UX was actively working against one of the most credible names in the industry.
20+ clicks to get started. Each additional step was another chance to lose a user permanently.
Content existed but had no sequence, priority, or guidance. Users didn't know what they were supposed to do first.
Without checkpoints or milestones, users couldn't gauge how far they'd come or how far was left.
Nothing rewarded participation, encouraged return visits, or celebrated completion. The experience was purely transactional.
We didn't assume we knew what security professionals wanted. We asked them — and then we built around what they told us.
📎 Artifact Placeholder
Insert research plan, affinity map, or journey map hereEngaged both active users of the ATT&CK program and cybersecurity industry experts. We asked them what experiences they valued in other platforms and what was missing here.
Documented every step of the existing onboarding and course journey. Every click, every decision point, every moment of ambiguity was catalogued and scored by effort and drop-off risk.
Applied Octalysis framework principles to design motivation into the core experience — not as decoration, but as structural scaffolding that guided users forward naturally.
Designed a streamlined flow from landing to certification with clear wayfinding and a gamified progression layer. Tested against the existing experience with target users.
📎 Artifact Placeholder
Insert wireframes or side-by-side before/after screens hereSignup flow redesigned from 20+ clicks to a streamlined, guided onboarding. Users reached the core content faster and with higher confidence.
Clear progression, milestone rewards, and structured paths led to measurably higher engagement and course completion in post-launch tracking.
A reusable certification UX pattern — gamified journey framing that can be applied to future MITRE programs without reinventing the wheel.
Security professionals are sophisticated — but that doesn't mean they have patience for a 20-click onboarding. Expertise and friction tolerance are not correlated.
This audience would reject cosmetic gamification instantly. Tying rewards to real certification milestones gave the system legitimacy.
Security professionals think in terms of missions, threats, and objectives. Framing certification as a quest resonated because it matched their mental models.
Working within a gov-adjacent organization meant every design decision needed a rationale. That discipline improved the quality of our documentation significantly.
Open to senior/lead UX roles and director-level engagements.