
Turning a bug bounty MVP into a platform enterprise clients could trust
Intro
Cyberdart is the first Italian bug bounty platform, connecting companies with ethical hackers to identify security vulnerabilities. When I joined, the product didn’t exist.
The founders needed: something concrete to show investors, a foundation for backend development, a platform that felt credible in a space dominated by global players.
The budget was tight. The timeline was aggressive. I shipped an MVP quickly to unlock development and secure the first investment round.
After CyberDart secured investment, the product needed to feel more mature and trustworthy for B2B clients. My work focused on improving visual polish, adding missing functionality, and making the platform easier to understand during client-facing use.
Role
Sole UX/UI Designer
Contractor
Status
Shipped
2024
Type
0->1
Start-up
B2B/B2C
Cybersecurity
Tools
Problems
After the initial 0→1 phase, Cyberdart struggled to scale in a high-trust cybersecurity context: heavy flows, fragmented support, and an unpolished UI were undermining credibility and creating high manual overhead.
Solution
I designed progressive onboarding and compliance flows that delayed friction until clear user intent, and led a full UI refresh across the platform and marketing site to raise trust and perceived maturity.
Results
Onboarding scaled autonomously, manual workload dropped, the platform became credible enough to support large, demanding clients.
Clients and investors praised its usability and effectiveness.
Screenshot gallery




Process
DESIGN CHALLENGE
How do you automate high-risk workflows without overwhelming users or losing trust?
There was no single “right” answer. Most competitors relied on demos or manual processes, so competitor analysis wasn't helpful. Instead I leaned heavily on:
Heuristics
Pattern analysis
Internal stakeholders who were former hackers and triagers
Incremental validation with internal users
Issue #1
Manual onboarding didn’t scale so we used progressive onboarding for companies.
Companies could not onboard themselves. Cyberdart handled everything manually, via calls and internal setup. This created friction, slowed sales, and didn’t match the “secure, scalable” promise of the platform.
Stakeholders initially wanted companies to: create an account, add company details, invite teammates, create a bounty AND allocate budget, all in one go, during sign up.
I pushed back, and instead I designed:
a lightweight account + company setup
immediate access to the platform
a visible setup checklist to complete the final steps.
This reduced cognitive load and let users build momentum instead of facing a wall.


Fig 1. Onboarding screens for companies
Issue #2
Compliance requirements clashed with motivation so I delayed identity verification for hackers
Features like identity verification for hackers and tax compliance were necessary but expensive in effort. If forced too early, they would kill engagement.
The original idea was to require identity verification at sign-up. I argued against it.
A hacker has no reason to share sensitive data before receiving value.
We moved verification to a high-intent moment: when submitting a report for a reward
At that point, the effort is justified by a clear benefit.


Fig 2. Hacker is prompted to verify their account on the BBP page
Issue #3
Some workflows could not be simplified, only assisted so I introduced smart defaults to reduce effort
For example, during bounty reward configuration, companies must define rewards for each target by vulnerability type and severity level. This can mean over 24 inputs per bounty, absolutely overkill.
Using company context and common patterns, I:
pre-filled reward matrices
enforced minimum thresholds
warned companies when rewards were likely too low to attract hackers
Everything remained editable; but most users didn’t need to start from zero.
This reduced setup time without removing control.
Fig 3. Example of smart defaults in place. To simplify the life of users.
Issue #4
Support was fragmented and risky so designed an in-platform support system.
When issues arose between hackers and companies, there wasn't an appropriate flow to fall back to. Inputs came from emails, discord, whatsapp and phone calls. Nothing was centralized or traceable, for a security product, this was dangerous.
To replace fragmented communication, I designed a shared, chat-like in-platform ticketing system with visibility across triagers and admins.
For the first time:
issues were centralized
responsibilities were clear
internal workload dropped significantly


Fig 4. Full-page and floating message UI are both available for triagers, admins and companies.
Results
Outcomes
Things shipped faster, and with less friction
While I didn’t have direct access to end users, the impact was visible through product behavior and business outcome:
companies were able to onboard independently
manual setup and support workload dropped significantly
compliance workflows no longer blocked engagement
the platform supported larger, more demanding clients
After the redesign, Cyberdart signed well-known companies including: Moneyfarm, TeamSystem, Fastweb, Casavo and more.
Both clients and investors explicitly praised the platform’s usability and ease of use.

Faster self-serve onboarding
Companies could get started with less manual setup

Usability praised by
clients & investors
Both clients and investors explicitly praised the platform’s usability and ease of use after the redesign.

Compliance stopped killing signup
Identity checks were shifted from signup to report submission, when hackers were more motivated to complete them.
Fantastic platform… implemented in a way that doesn’t waste time.

A. Cecchetti
Head of Cyber Security @Moneyfarm













