Team involved: Design Function, Threat Intelligence, Product Marketing
Duration: August 2025 - December 2025
Tools:Figma, TheyDo
At F-Secure, the UX Research team led by Priyam Sharda conducted the company’s first comprehensive and strategic qualitative research focused on understanding the Consumer Security Experience.
The research followed an iterative qualitative approach, starting from a high-level understanding of consumers’ perceptions of security and progressively drilling deeper into insights uncovered during the process.
This first phase focused on generating foundational insights to support F-Secure’s vision of becoming the No. 1 Security Experience Company in the world.
The research was conducted across three markets: the United States, the United Kingdom, and Japan, ensuring a diverse cultural and contextual perspective.
Foundational insights captured how consumers fundamentally experience security, including:
• Mental models around security
• needs, contextual needs, and emotional needs
• The perceived role of security products in daily life
• Expectations of an ideal security experience.
A snapshot of Security Experience Map
The Research objective
The objective of the research was to:
• Understand what security means to consumers
• Understand current practices and perceptions around security
• Identify emotional and functional needs related to feeling secure
• Explore what creates (or breaks) a sense of security
• Understand how consumers want to interact with security solutions
• Define emerging principles of protection to guide product, marketing, and experience development
The outcome was a rich and strategic body of insights — but not yet a clear way to operationalize them across F-Secure’s product ecosystem
How it started, and what the Security Experience Map is
After the research phase, I worked closely with Priyam to explore how these insights could meaningfully influence product strategy. F-Secure offers security to consumers through
Two standalone products, Feature-level solutions, and SDK-based integrations.
This raised a key question:
How might we turn foundational research insights into opportunities that are centered on experience — regardless of product, solution type, or technical implementation?
We needed a way to:
• Keep opportunities closely tied to research evidence
• Avoid locking insights too early into specific products
• Identify opportunity themes that made sense across the entire security experience
What was missing was an experience-level artifact, something that could sit between research insights and product solutions.
This led to the creation of the Security Experience Map.
It’s an evidence-based and experience-focused system that help us identify the gap in protection that F-Secure provides for its consumers in their day to day life and digital moments.
The map functions as a strategic lens to identify product opportunities associated with the existing protection gaps.
The Security Experience Map became the first experience-focused journey map at F-Secure, establishing a new way of connecting foundational research to product strategy through the lens of experience.
Structure of the map
Foundation
Because this was the first experience-focused journey map at F-Secure, there was no existing template or standard to follow. We first needed to decide what the security experience should be built around.
One insight from the research stood out clearly: People don’t experience security through product flows. They experience it in moments when something feels risky or uncertain. These are the moments when the need for security becomes real.
Based on this, we chose digital moments as the foundation of the Security Experience Map. This helped us move away from thinking in terms of products and features, and instead focus on how security shows up in people’s everyday digital lives. This choice also aligned directly with F-Secure’s mission: F-Secure exists to make every digital moment secure, for everyone.
For this purpose, we used an existing input from the Product Marketing team: an annual large-scale survey conducted in Europe and the United States. The survey identifies digital moments that consumers find both important and worrying from a security perspective. These moments are analyzed using a matrix that combines:
• How important and worrying the moment is for consumers
• A threat score based on impact, probability, and how many people are affected
The Foundation of the map
This meant digital moments alone were not enough. To make the map useful for identifying opportunities, we also needed to understand where people are actually at risk within each moment.This helped us extend the foundation to digital moments with potential vulnerabilities.
For each moment, we identified vulnerabilities that describe how consumers may be at risk — technically, emotionally, or through their behavior. In the first version of the map, we focused mainly on scam-related and malicious vulnerabilities, as these are among the most common and impactful risks in everyday digital life.
Coverage Layer
The Coverage Layer shows how well F-Secure currently protects consumers in each digital moment against the vulnerabilities identified in the foundation.
Its purpose is not only to check whether protection exists, but to understand how that protection is experienced by consumers.
The layer looks at coverage from two perspectives:
• F-Secure's Reaction: This examines whether F-Secure’s existing products, features, or capabilities address the identified vulnerabilities at all.
At this level, the question is simple: Is there any protection in place for this moment and its risks?
• Principle Connection: Having protection is not enough. This part evaluates how well the protection aligns with F-Secure’s seven Security Experience Principles.
These seven principles are one of the main outcome of the Security Experience research that has been conducted earlier which helps us assess the quality of the experience, not just technical effectiveness. For example
Is the protection understandable?, Does it feel supportive or intrusive? or Does it reduce anxiety or create new friction?
By combining these two views, the Coverage Layer makes it possible to see where protection is missing entirely and where protection exists but delivers a poor or inconsistent experience.
This clarity is essential for identifying meaningful gaps in protection and shaping experience-led product opportunities.
The coverage layer of the map
An example [The Security Experience Principle are confidential to the company]
Gap Layer
The Gap Layer shows where F-Secure is falling short in protecting consumers during specific digital moments. It highlights gaps that matter from a consumer perspective, either because protection is missing, or because the experience of that protection does not feel right.
This layer helps move the conversation from what exists to what is missing or not working well. Two types of gaps are identified:
• Capability/Product Gaps: A capability or product gap exists when a potential vulnerability in a digital moment is not covered, or only partially covered, by any current product, feature, or capability.
These gaps point to areas where F-Secure’s current offering does not fully address real consumer risk.
• Principle Gaps: A principle gap exists when technical protection is in place, but the overall security experience fails to reflect F-Secure’s Security Experience Principles.
Here, the issue is not the absence of protection, but how it is delivered. The experience may feel unclear, stressful, intrusive, or disconnected from the consumer’s needs in that moment.
These gaps affect how safe, supported, and in control the consumer feels — and can undermine trust even when the underlying protection works.
The Gap layer of the map
An example [The Security Experience Principle are confidential to the company]
Opportunity
The Opportunity Layer brings everything together by turning identified gaps into clear opportunity themes that can guide product discovery and roadmap planning.
Instead of treating gaps in isolation, this layer clusters related gaps across digital moments to reveal broader patterns and areas of opportunity. This makes it easier for Product teams to reason about where to invest, rather than reacting to individual issues.
The Opportunity Layer does not define specific solutions. Its role is to frame where meaningful value can be created, giving Product teams a strong, experience-led starting point for prioritization and planning.
The opportunity layer
Measuring the Security Experience
To make the Security Experience Map actionable, we needed a way to measure the security experience, not just describe it.
The way experience is measured depends on the tool used. In this project, we used TheyDo. In TheyDo, each insight includes an experience impact score , ranging from –2 to +2:
• –2 to 0 indicates a negative impact on the consumer’s experience (e.g. pain points, pressures, unresolved gaps)
• 0 to 2 indicates a positive impact on the experience (e.g. gains, effective protections, principle-aligned experiences)
Each digital moment in the map includes a mix of:
• Positive elements (for example, protections that work well or principles that are reflected in the experience)
• Negative elements (such as capability gaps or principle gaps)
The negative/positive experience elements
By accumulating the positive and negative experience impacts across all insights within a moment, we can understand the overall Security Experience score for that moment.
The Security Experience score makes experience comparable across moments. This score represents how safe, supported, and confident consumers are likely to feel in that specific context.
Moments with a lower score clearly signal higher experience risk and greater unmet consumer needs. This allows teams to:
• Identify which digital moments need the most attention
• Prioritize opportunity themes connected to those moments
• Focus product and discovery efforts where they can have the greatest experience impact
The Security Experience curve
Why the Security Experience Map matters
The Security Experience Map acts as an evidence-based reference that turns research insights into clear, experience-led product opportunities directly linked to gaps in the consumer experience. For Product Managers, it:
• Makes research findings actionable by framing them as opportunity themes, not raw insights
• Reduces the effort required to interpret and translate research into product decisions
• Provides clear consumer signals that support portfolio-level and product strategy framing
By grounding opportunities in real consumer needs, vulnerabilities, and experience gaps, the map supports both short-term prioritization and long-term strategic thinking.
For organizations aiming to move toward customer-centricity, these consumer signals are essential. They create a shared understanding of where value can be created, without relying on individual interpretation or intuition.
Most importantly, the Security Experience Map removes the burden from Product Managers to independently translate research findings into something meaningful for their products, enabling them to focus on decision-making, prioritization, and delivery.
