Two Six Technologies
Explaining Incident Report Severity Through Visual Insight
Overview
Two Six Technologies builds, deploys, and implements innovative products to solve complex challenges. They do so through. private R&D, deep technical expertise in cyber, information operations, data science, electronic systems, mobility, and user experience. They serve customers such as DARPA, the Department of State, U.S. Cyber Command, the Department of Homeland Security, and beyond. I was tasked to develop an intuitive interface for security operations analysts looking to determine the level of threat of certain cyber attacks.
![]()
01 Background ![]()
02 Development ![]()
03 Interface ![]()
04 Conclusion
01 Background 
02 Development 01 Background
Insight
My team at Two Six focused on detecting Distributed Denial-of-Service attacks (DDoS). They can cause huge financial loss and disrupt critical infrastructure. My task was to be able to automatically score and prioritize incident reports so that analysts can immediately understand the level of threat they pose. Not only that, they needed to understand why an alert or incident was reported as high or low severity.
Solution
I developed an interface that pulled data from the incident report database and showed visually the level of severity and threat an attack posed. I determined the most necessary fields, the best way to visualize them, and the hierarchy of importance as well. Analysts should be able to look at this tool and instantly understand it.
02 Development
Tech Stack + Process
On the back-end, I used Python to sort and relay information to the front-end, where I used Svelte and D3. Svelte works particularly well with D3 for data visualizations. Once the site architecture was established and data was being moved through API calls, I spent time working in the front-end on displaying data, sorting colors and fonts, formatting the layout, adjusting for screen sizes, and testing.
03 Interface
Design
The design of the page focused on readability, simplicity, and efficiency. This page was meant for analysts to scan over. I established priority of cards by hierarchy. The top left card has the most important information regarding a cyber attack: severity, severity confidence, and confidence explanation. The supplementary cards help explain what gave these severity outputs. When it came to using bar charts, I ensured that each chart can be understood easily and that the colors weren't taking overwhelming precedent.
04 Conclusion
Going Forward
Cyber attacks are considered to be one of the biggest threats to people in the modern age. Having as much information as possible when looking at existing incident reports enables analysts to address current attacks and mitigate attacks going forward. Having an easy to use interface to supplement them helps provide the context to do just that.
If you want to read the full case study, Click here.
If you want to read the full case study, Click here.
