Sybil Hoang

Senior Enterprise Product Designer

Incorrect password

Sybil
Hoang

Senior Enterprise Product Designer

About me

Designing where clarity meets complexity

Having worked with complex products throughout my career, I've found that these skills consistently make the difference:

  • Asking the right questions
  • Working comfortably within ambiguity
  • Knowing when there's enough clarity to move forward
  • Knowing when there is enough value to stop
  • Not taking yourself too seriously

I'm a Senior Product Designer with 15+ years of industry experience, including 7+ years designing technical and enterprise products.

I like collaborating on complex technical workflows and connecting dots. I like learning about new concepts and using them to inform design decisions. I'm curious, high performing with a calm, structured approach to solving difficult problems.

Thanks for taking the time to look through my work,

Sybil Hoang

Skills & methods

My design toolkit

I work with a toolkit rather than a design process.

This flexibility allows me to adapt to specific team dynamics, environments, and organisational constraints.

Understanding the problem
  • User research
  • Conducting interviews
  • Writing surveys
  • Product co-creation with customers
  • Data analysis
  • User journey mapping
  • Value props
Designing the solution
  • Claude
  • Figma
  • Mural
  • Team-based ideation
  • Sharpies & post-its
Testing the prototype
  • Prototyping
  • Wire-framing
  • Usability testing
  • Lean development
  • R & D development
Designing in teams
  • Facilitating
  • Working under pressure
  • Designing workshops
  • Creating collaborative environments
  • Mentoring
  • Leading teams

Case Studies

Three problems, one flexible toolkit

Redgate Software

SQL Census

Business goal
Redgate wanted to expand their security offerings within its product portfolio.
Team goal
Identify user needs and problems pertaining to databases. Create a solution to help solve those problems.
Chosen valuable problem
To solve the hard problem of allowing the user to understand SQL Permissions on their servers and databases. Show who has access to what and how the access was given.

The challenge

Database permission management is a deeply complex space. Large organisations often have thousands of permissions spread across many servers. Making this landscape understandable and actionable was the core design challenge.

Database Level Permissions complexity map

The existing database permissions landscape: thousands of interconnected nodes

My role

Product Leadership Team: Product Designer

My toolkit

Continuous discovery research Surveys Data analysis Regular team workshops Value Prop Canvas Personas Research reports & readouts Balsamiq wireframes Sketch prototypes Usability testing

The calls and interviews

Continuous discovery calls were made, keeping in contact with participants almost every week.

We created a co-creation Early Access Program for users who were particularly keen on solving this problem with us.

11
Early Access Program participants
2
discovery calls per week on average

The surveys

We used surveys to understand what, rather than why. We surveyed to find out:

  • The value of the problem
  • The profile of our users
  • What they were trying to solve
  • The extent of the problem
  • The regularity of the problem
SQL Census survey data

The async research

In order to keep in close contact with our participants, we opened several avenues for them to give feedback async. This included in-application feedback via Intercom and also we invited them to join a private Slack channel so feedback could be done in a conversational format.

Research analysis

Research analysis: synthesising discovery findings

Usability testing

We ran usability testing sessions throughout the project to validate designs and surface friction in the flow.

Usability testing data

Usability testing: validating designs with participants

The personas and JTBD

We identified 3 core personas and JTBD in our research. The consultant, the DBA and the IT Manager, each with their own set of core pains, JTBD and organisational constraints.

"I need to understand, manage and prove the security of my SQL Server permissions"

Which was defined by sub-jobs such as:

JTBD 1: Prove compliance of data access and permissions against internal and external audits
JTBD 2: Manage day to day permissions
JTBD 3: Professional desire to make systems more secure

Example persona

User persona

User persona: core pains, JTBD and organisational constraints

Value props

We broke down all the Value Props for each persona type. We used these to gain an understanding of the user types. We discovered that not all Value Props are created equal and each had a business value more significant than another.

Value Proposition Canvas

Value Proposition Canvas: mapping gains, pains and jobs-to-be-done

The feedback loop

Throughout the entire life cycle of the project, the continuous feedback through all our mechanisms allowed us to keep on track on what we were building. It made sure we were going in the right direction and added problems onto the roadmap. We would quickly solve issues and pivot if needed.

Workshopping

We ran multiple workshops from How Might We's to Sketching sessions to Crazy 8's. Each with the intention of going wide with our chosen problem.

User flows and architecture

By mapping decision trees for the user and breaking down UI flows and architecture we built a few prototypes. These early flows and designs were tested with users during our regular research sessions.

Early wireframe sketches

Early wireframe sketches from workshopping sessions

Workshopping session

Workshopping session

Core problem 1: Understand

Feature: "Trace user access"
Users could understand their permissions landscape. Given 1000's of permissions, we allowed them to understand what was given, how it was given and surface the most dangerous.

SQL Census Inspect Server UI

Inspect Server: tracing permissions at a glance

Core problem 2: Remediate

Feature: "Extract database role"
The user could create manageable groups from the current state. Merge many common permissions to ease the pain.

SQL Census Extract Database Role UI

Extract Database Role: grouping permissions for easier management

What we built

We created a product called SQL Census.


Let us imagine you are in charge of security of physical building. You have to give keys to several workers who need access. And now imagine these keys also need access to other rooms in other buildings. You can lose track easily.


We built a product to help people secure their "buildings" by figuring out who had keys, who has master keys, how they obtained those keys. It also helps you understand if you can combine certain keys so your management task is easier.

The results

0
EAP signups in 64 days
0
new downloads/week

Project still had people interested in it 1 year after we closed the research project, with no real marketing effort.

User feedback

Redgate Software

REST API

Business goal
Redgate wanted to focus on solving Enterprise shaped problems. A pivot away from solving the wider problems which face 99% of orgs.
Team goal
Given Redgate Monitor's problem space, our team needed to identify user needs and problems pertaining to DBA teams in enterprise orgs.
Chosen valuable problem
To solve the problem of upward reporting for disparate applications. Monitor is only 1 application of several a DBA will need to report RAG status on an estate. We need to make this integration easier.

The context

Large enterprise organisations typically need a "single pane of glass" to understand several sources of application data. Redgate Monitor only provided part of that story.

Redgate Monitor dashboard

Redgate Monitor: the starting point, one tool in a larger enterprise stack

My role

Product Leadership Team: Product Designer

My toolkit

Continuous discovery research Surveys Data analysis Regular team workshops Personas Research reports & readouts Balsamiq wireframes Figma prototypes Claude

The calls and interviews

Enterprise customers are sometimes tricky to engage with. Their time is expensive and their problems are bigger and more complex. Feedback cycles are longer. So we had a handful that worked with us privately to understand their core problems.

Key enterprise partners

DeloitteDeloitte
JPMorgan ChaseJPMorgan Chase
CitadelCitadel
Costco WholesaleCostco Wholesale
KPMGKPMG

We also leaned on the expertise of an internal ex-DBA who had worked extensively in enterprise orgs.

The surveys

Aside from qualitative data we also ran surveys to gain quant. We knew that users wanted to use Redgate Monitor data in other places but still wanted to learn:

  • The profile of our users
  • What they were trying to do with the data
  • The cadence and level of pain
  • Where the data would be utilized
REST API survey data

The JTBD

"I need to use Redgate Monitor data to make informed decisions alongside other application data"

Which was defined by sub-jobs such as:

Create a dashboard which allows product owners to see if their application is healthy and meeting its KPIs and SLAs.
Extract data into a performance lakehouse repository for trend analysis. This is for capacity planning and understanding future needs.

The workflow

Redgate Monitor only provides part of the database devops and monitoring story. Large orgs need a single pane of glass to understand several sources of application data.

Not real-time data
Regular on-schedule endpoint calls
Analysis time period from every month to 2yrs of trend analysis
API reporting workflow

Workshopping and ideating

We ran several workshops such as HMWs and assumption mapping to letting users expose their underlying data was not only a question of usability. It was a matter of how to do this is a secure manner which worked with the users workflows.

Internal usability workshop

Internal usability workshop with the team

The solution

We shipped a read-only REST API. This allowed us to maintain control of the flow of the data for stability, yet also stay flexible in how we change our internal data structures.

Redgate Monitor API documentation

The REST API documentation, designed for clarity and ease of integration

Design value opportunities

Unlike traditional UX, the opportunities for design value for developer experiences are a little hidden but still plentiful. Some identified where we could bring design value were:

More in-depth documentation and good working examples
To help users get started quickly and confidently.
Good error messaging
Clear, actionable errors that guide users to resolution.
Usable endpoint formatting
Formatting that works with the real-world use cases.
Optimising the shape of the data
Considering nesting and aggregation against the use-case.

Feedback so far

We keep in close contact with our co-creation cohort and have been gathering feedback to see design opportunities. Although uptake has been slow, which is might be expected in Enterprise orgs, we are now beginning see more interesting problems to solve.

Further opportunities

Additional secure authentication methods (e.g. OAuth 2.0)
Enterprise orgs are very concerned about security and it is no longer a second thought. This is to put limits on who accesses the data, how the data is accessed, for what purpose and also for limited windows.
Improving the shape of the data by flattening the structure
In our attempt to be helpful, we nested too much. This needs to be corrected. Too many API calls were being done when they weren't needed.
Using Open Telemetry to understand how our API is being used
We put very basic telemetry data on our API for the first release but there is opportunity to understand real-world usage: which endpoints are used most, what payloads look like, and where the bottlenecks are.

Redgate Software

Compliance and Policy Audit

Business goal
Redgate recognised that security issues were deeply important to enterprise orgs and so the security feature set needed to grow significantly.
Team goal
Previous to our team being created, a research team had been made to prove the value. We were handed this MVP to improve and serve more JTBDs.

The starting point

The team inherited an MVP from a research team. Our mandate was to identify its gaps, understand what users truly needed, and design a scalable solution that could serve multiple compliance frameworks and database engines.

Configuration compliance MVP

The inherited MVP: functional but inflexible and not solving the core JTBD

My role

Product Leadership Team: Product Designer

My toolkit

Continuous discovery research Surveys Data analysis Regular team workshops Sketch prototypes Claude

Research participants

Cook MedicalCook Medical
City of ScottsdaleCity of Scottsdale
The Hong Kong Jockey ClubThe Hong Kong Jockey Club

We also leaned on the expertise of internally hired subject matter experts, specifically Ex-DBAs who specialised in the financial sector who needed to maintain and prove secure database estates.

Additional feedback

I also did a deep dive into support tickets and ad-hoc feedback from customers regarding the MVP. It became apparent that the product had a number of pain points. The MVP was:

  • Inflexible
  • Not scalable to support other database engines
  • Not providing accurate scoring
  • Not solving for "Reporting" as a core JTBD
  • Not scalable to support more benchmarks

The JTBD

"I need to know and prove that my data estate is compliant"

Which is defined by sub-jobs such as:

Define what "compliant" means for my organisation
Report on compliance to other external and internal bodies
Allow for configuration and exceptions
Easily understand what is failing and passing

The workflow

A lot of enterprise companies are given external benchmarks to adhere to: CIS benchmarks, NIST, HIPAA, STIG etc. The workflow needed to support many benchmarks and be scalable enough to support many types of database engine: SQL Server, Postgres, Oracle.

Key roles in the workflow

Infosec
In charge of compliance and security of entire infrastructure
DBA
In charge of compliance and security of database estate

Ideating with Claude

After fully understanding the JTBD, I paired with Claude to build a prototype to show to users and internal experts.

Compliance server remediation

What we designed

  • See a live compliance score across the entire SQL Server estate
  • Apply industry-standard CIS benchmark policies out of the box
  • Build custom policies tailored to the org's own controls and obligations
  • Scope policies to specific servers by SQL Server version and tag
  • Browse and select from a library of predefined security checks
  • Write custom T-SQL checks when the library doesn't cover the need
  • Edit existing policies without starting from scratch
  • Drill into failing checks to see which assets are affected and why
ComplianceIQ Policies overview

Policies overview: built-in and custom compliance policies at a glance

Custom T-SQL Checks editor

Custom T-SQL Checks: write your own security rules when the library doesn't cover it

What we're building

I have created a clickable prototype representing the first-stage design vision for the product, intended for user testing and starting discussions.

This prototype acts as a valuable communication tool across internal and external stakeholders, helping us identify the highest-value features and make informed prioritisation decisions, irrespective of what is ultimately built.

User feedback so far

Further opportunities

Drift from compliance
Once a data estate is deemed compliant, there is a maintenance job to ensure it continues that way. Alerting or increasing observability on drift is a way to do this.
Built-in compliance
Enabling developers to spin up compliant servers and databases and build those checks in from the beginning.
Automated reporting
Enabling InfoSec to self-serve the compliance reporting means a step is taken away from requesting reports.

Other Successes

Beyond the case studies

Measuring User Success in Monitor Enterprise

The first slice of enterprise features had been built, but tooling to measure customer success and usage had not been considered or prioritised.

As a side project, I pushed an initiative to build out a dashboard. The purpose was to understand our customers' profiles and measure our product success. It could help guide decisions at a product and engineering level and surfaced metrics on subjects such as licenses, API calls, and average size of their permissions estate.

The project connected JTBD → Customer profiles → Quantitative metrics, giving the whole team a clearer view of who was using the product and how.

Dashboard mockup

Dashboard mockup

Dashboard live

Dashboard live

Public Speaking

Sybil Hoang speaking at an event, Imposter Syndrome: The Secret Superpower

I've spoken at events like Agile in the City (Bristol), Women in Tech Scotland, ToDo, and Redgate's LevelUp conference, including a talk on Imposter Syndrome as a secret superpower.

I enjoy sharing what I've learnt during my career and I like being open with my design knowledge. As a result, I have also given several lightning talks internally.

I feel it is important to help to demystify design practices to colleagues and show where design can help create better products, no matter how technical.