Introduction

This project offers a new approach to cybersecurity training through the creation and implementation of a mobile application rooted in a User Experience Methodology and Human-Centered Design. The mobile app offers role-specific training to address obscure issues in each distinct role.

Through the engagement of a focus group of real world doctors, nurses, IT staff, students and administrators participating in an active design lifecycle, ensuring a final product that is user-centered, relevant and effective in raising awareness on cyber threats.

This project plans to bridge the gap between cybersecurity and human factors involved in safeguarding health systems and the data of patients.

Problem

The sector has become an attractive target for cyber-criminals as health data contains sensitive personal and financial information. Studies have shown that 95% of cyber breaches within healthcare are caused by human factor.

As we explored deeper into the issue, specifically the connection between cyber breaches and human factors (healthcare employees) it became apparent that current modern day training methods for cyber security are lacking.

During research and feedback from one of the focus group participants (Nurse), these methods are outdated, redundant and boring- employees would even go as far as skipping through the modules instead of engaging with it, as a means to seemingly end their boredom.

Solution

To address this issue, it was clear that employees are not adequately taken into consideration when these training methods are employed, healthcare professionals are under constant stressful environments, threats of cognitive overload and frankly, burnt-out.

The solution offered was to create a mobile training application that was built on a User-Centered-Design approach. In doing so, end users (healthcare professionals) would engage in a final product that was tailored towards their needs, concerns and wants within a healthcare professional- translating to better engagement, learning outcomes and higher retention rates.

• Understanding how the user experiences the product: Two online surveys were distributed (Google Forms) the focus group consisted of a doctor, nurse, admin, student and IT specialist. The first survey titled ‘Designing a Cyber Security Awareness App: Your Insights on UI/UX Preferences Survey’ helped understand what features the end-users would like the application, how it would look like (colours, design themes, font styles) and overall insights as to what appeals to healthcare professionals.

  
  

• Specify User Needs: Insight from the research methods were synthesized to define user requirements and actionable archetypes (User Personas) based on the user and market research conducted. After the first step of identifying the context of use, applying that knowledge to address the gaps in healthcare through preferred learning, and usability needs.

  
  

• Design Solutions: Guided by the specified requirements, low-fidelity wireframes and prototypes were developed using Balsamiq and Figma to explore initial design concepts featured in the main pages, before the final programming and development stage of project.

  
  

• Evaluate solutions against user needs: A final survey was conducted to the focus group, to assess the features of the application, how it functions, whether their needs and wants were addressed to gain positive and constructive feedback on the final product.

User-Centered Design Approach

1. Survey (User Research)

Two surveys were given to the focus group at the first stage of the project:

• Designing a Cyber Security Awareness App: Your Insights on UI/UX Preferences Survey - to understand UI and UX preferences such as themes, colour schemes, transitions and animations paired with external research.

• Cyber Security Awareness and App Design Survey for Healthcare Professionals (Doctor) - a one-size fits all training application may prove ineffective as roles within healthcare have distinct workflows and responsibilities therefore role-specific surveys were handed out to gain insight on what features would be preferred in the application, respective to their roles.

Survey Results

This survey aimed to garner UX insights; the focus group gave feedback that helped establish a foundation for the mobile app:

The survey aimed to develop more insight on the end-users cybersecurity knowledge and their preferences akin to the application; the focus group gave feedback that helped establish a foundation for the mobile app:

2. User Personas

Rationale for User Personas

For our next step, User Personas were developed to translate quantitative and quantitative survey insights to relevant, evidence and research-based archetypes, ensuring that the application design addresses the distinct needs, goals and pain-points pertaining to different roles within the healthcare industry.

Four User Personas were created deriving from the survey results and external research:

(User Personas for Doctor, Admin, Medical Student and IT Specialist)

Creation Process for User Personas

The user personas were adopted with a holistic approach, it was important to understand that although focus group are a pivotal method in a user-centered approach- we cannot make informed generalised decisions from a small end-user size pool, hence why external research into studies, papers, blogs and articles were taken into consideration when creating the user personas.

Method of Establishing Goals and Frustrations

For example Catherine’s (Doctor) goals were a combination of external research and survey results:

(Doctor User Persona Archetype)

“Interactive with a visually appealing, user-friendly application that has a professional minimalist design” - This goal was based off the survey result whereby the Doctor opted for this specific design as the main theme.

(Results from UX Preference Insight Survey)

It was essential to conduct further research to ensure it resonated with all end-users. A major study by Manhattan Research and Google examining physician channel adoption revealed that doctors spent 38% of their smartphone usage on professional apps. Additionally, doctors "have little patience with non-optimized sites, with 62% saying they would be likely to leave such a site." This survey, backed by significant research, reinforced the decision to design a professional and minimalistic application.

-

Understanding user frustrations is more critical than focusing solely on user happiness. While users often take positive experiences for granted, negative interactions such as confusing interfaces or broken features— leave lasting impressions that can lead to poor engagement, low retention, and reputational damage.

For instance, the frustrations of Dorothy (Nurse) stemmed from the earlier surveys conducted corroborated with multiple studies.

(Nurse User Persona Archetype)

“Dorothy finds that mandatory online training sessions, which end with a quiz, lead to rushed completion and lack of engagement, preferring interactive scenarios with immediate feedback instead"

(Results from Nurse Role-specific survey)

Here, the power of user research methods and focus groups are exemplified, through thought-provoking questions , one of the participants gave real-world feedback that highlighted poor training methods and lack of feedback which led to a "lack of engagement". (Clarke and Martin) in an extensive study, compliment this frustration and state that “training programs to meet the diverse needs and technical proficiency levels of different user groups, including clinicians and staff".

Conclusion

To synthesize, it was made apparent that current training methods are outdated, redundant or lack empathy towards the end-users (healthcare professionals), therefore an application that addresses these issues is justified and necessary. As we bring our insights together, are then visualised through wireframes and prototypes in the next stage.

3. Wireframes

From our research and user personas, the creation of design visions and user-inspired mock-ups, wireframes were crucial in the design process, as they gave a visual outline of the final product goal, low-fidelity, therefore easily changeable and adaptable to the user's preferences.

The core pages were:

• Home

• Role Selection

• Hub/Dashboard

• Learning Modules

• Simulations

The user flow was designed to be intuitive, low-effort, and tailored to healthcare professionals’ needs:

Home Screen

A clean, minimal start screen with a single call-to-action encourages immediate engagement without distractions.

Role Selection

Users choose their role (e.g., Doctor, Nurse, IT Specialist), ensuring the training content is relevant. This step directly reflects survey insights calling for personalized, role-specific training.

Hub

The role-based hub presents key modules via touch-friendly tiles and tracks progress visually. This reinforces learning and keeps users motivated—addressing key pain points like lack of engagement and poor feedback loops.

The final stage of the user flow leads to interactive learning modules and simulations. These pages present bite-sized, visual content with swipeable progress indicators and clear, single-action buttons to reduce cognitive load. Simulations, such as phishing recognition, were designed to mirror real-world scenarios, reinforcing engagement and retention through practical application which directly addressing user feedback on outdated, passive training methods.

4. Prototyping

High-fidelity prototypes helped encapsulate the final design vision of the application, in the industry, high-fidelity prototypes are the final process before application development, therefore these final designs must be infallible in addressing the user needs.

Iterative Design Decision

During final prototype review, it became clear that the original Hub design introduced unnecessary friction. Although users could reach modules within a few taps, they were required to repeatedly return to the Hub to access other features — creating redundant steps and potential fatigue.

To address this, I redesigned the Hub into a unified dashboard with a persistent top navigation bar. This change minimized decision fatigue and reduced unnecessary navigation loops, allowing users to access core features without resetting their flow. The new layout streamlines the experience, prioritizing clarity and ease of access — a direct response to Hick’s Law, which emphasizes the cognitive burden of excessive choices

The result: a more efficient, less overwhelming experience that keeps users focused on completing tasks, not navigating between them.

4.5. Agile Milestone Phase

To validate that the focus group needs are still being addressed and met, I added a milestone survey while showcasing the surveys in a powerpoint slide

As mentioned previously, the final prototyping state is crucial, therefore the milestone survey was necessary to ensure that the focus group were happy with the final design before coding. This is compliments our UCD process, as well as strong principles within Agile.

Once the survey was approved, the final design designs were approved, we moved onto the final stage of mobile application development.

5. Mobile Development (Final Development Phase)

As a reminder of the project goal, the app was aimed to govern how a full-scale training application for healthcare professionals should resemble, considering their user needs, psychological aspects and cyber security awareness level.

Development included:

• React Native (Main framework)

• ExpoGo (Easier to run the application and allows for testing on actual devices)

• TypeScript (Same as JavaScript but allows static typing)

• Node.js (Development and runtime)

Due to the different locations and timezones the focus-group had, it was out of the scope of the project to conduct in-person/virtual usability testings. In light of that a video representation was seen as a closer method to achieving an interactive and close feel of using the application to judge and give constructive feedback on.

As every project, a plethora of issues were encountered, (too many to document) but one notable issue that had came up with a solution was:

Problem: iOS Testing & Scaling Issues

Challenge:
iOS testing was blocked due to network/connectivity issues. When access was briefly possible, it revealed significant UI scaling/alignment issues specific to iOS devices.

Solution:

• Implemented a device-agnostic layout system using flexible grid units and responsive design principles to ensure visual consistency across iOS and Android.

• Prioritized emulator testing using iOS simulators within Xcode and cross-device preview plugins to validate UI hierarchy and scaling without physical device access.

• Scheduled QA feedback loops from users with iOS devices, allowing async validation of layout integrity through user screenshots and screen recordings.

In retrospect, the application was challenging in creation but I think the due to the UCD and agile methodologies, the final product was indicative of a product that could be adapted into something more viable with a larger focus group, implementation of gamification and more relatable simulations.

6. Evaluation

However, as seen in the final evaluation survey, the focus group were extremely happy with the application:

The project objective of creating a threat awareness application for healthcare professionals through user experience was successful, here we were able to work with a focus group over several months, conducted surveys and independent research to produce design solutions that helped visualise a real-world product that addresses a real world problem within healthcare.