The eGT Blog is a place we created to share our ideas and knowledge about what we know and what we have learned working in technology and cybersecurity in the public sector. We passionately believe in our federal clients’ missions to make America stronger, smarter, and safer. Therefore, we created a place to depart ideas on how to advance our government’s innovation and modernization.

Staff Spotlight: Vanessa Phillips

,

Meet Vanessa, Cybersecurity Subject Matter Expert

Our people are at the core of our business. We are featuring the amazing individuals who make EGlobalTech an exciting and supportive place to work.

Vanessa has been in the cybersecurity field for thirty years, and this experience and her wealth of knowledge make her an invaluable member of our team. Her work includes supporting security control assessors by providing specialized guidance to ensure that our clients’ data is secure and that any potential risks are addressed. She also contributes to our work in leveraging technology to automate portions of the IT system security lifecycle.

Vanessa chose cybersecurity as a profession because it brings daily opportunities to be an “impact player”. For example, she has to constantly stay on her toes to respond to evolving security threats. Her advice to aspiring cyber professionals — “Be willing to learn, be flexible, and understand that you don’t have all the answers. You must be collaborative.” She was drawn to EGT because of that collaborative team mentality and its supportive environment. As a woman in cybersecurity, she enjoys seeing more representation of women in a usually male-dominated field.

Out of office, Vanessa is pursuing her PhD in management, with an emphasis on Information Technology, at the University of Phoenix. She enjoys spending time with her husband, six children, and family dog. She loves to travel, host and attend family activities, dance, read, and (no surprise) could spend hours solving puzzles.

 

Staff Spotlight: Elizabeth Voeller

,

Meet Elizabeth, Cybersecurity Director

Our people are at the core of our business. We are featuring the amazing individuals who make EGlobalTech an exciting and supportive place to work.

Elizabeth is one of EGT’s leaders, serving as a Director in our Cybersecurity Practice. In addition to many corporate and professional activities, she provides program management support to Federal enterprise-level, cybersecurity programs. With an eye on expanding our cybersecurity service offerings, her strategic vision has impacted our ability to excel. She also helped establish the “751 Book Club”, part of the EGT Women’s Initiative, which pays tribute to our late founder, Sonya Jain, who loved to read (751 was Sonya’s office number).

Within the professional community, Elizabeth is a regular speaker for the Potomac Forum’s “Cyber Security in Government” Workshop, which educates and motivates Federal government leaders to make positive changes to keep their organizations secure. In 2011, she was also elected by her peers as the Vice President of Programming for MADRA, the Mid-Atlantic Disaster Recovery Association. In 2015, that role expanded, and she now serves as MADRA’s Director of Operations.

When Elizabeth isn’t in the office, she likes to travel internationally, read, spend time at the beach with friends, dance Bachata, explore new vineyards on her husband’s Harley, and train for triathlons. She is the favorite aunt to 7 nieces and nephews back in her home state of North Dakota, with another on the way! She shares life’s adventures with her husband, Rob, and their two pups, Lilah and Piper.

What Is Human-Centered Design?

,

What is Human-Centered Design?

Human-Centered Design (HCD) provides an interactive solution development approach that focuses on the users. Leveraging deep knowledge of user needs and requirements, these iterative techniques enable prototyping user-focused solutions and continuous feedback. Above all, HCD aims to deliver focused and meaningful solutions.

Because solutions rely more on advances in artificial intelligence, automation, and robotics, it is crucial to capture and maintain focus on the human aspect of innovation. Without clearly defining the challenge and capturing focused requirements, these kinds of technology solutions can be wasteful, costly, and frustrating to the end-users. HCD strives to create innovative products, services, and solutions through creative and collaborative practices.

How does the HCD approach work?

The HCD process has three phases that engage the customer throughout the entire solution development lifecycle: the Inspiration Phase, the Ideation Phase, and the Implementation Phase.

First, the Inspiration Phase focuses on learning directly from the client through immersion in their environment. This phase is focused on in-depth research and the identification of requirements. The Inspiration Phase is about adaptive learning, being open to creative possibilities, and trusting that by adhering to end-user needs, the ideas generated will evolve into the right solution.

Next, the Ideation Phase contains two parts: Synthesis and Prototyping. Synthesis brings together the needs and requirements learned during the Inspiration Phase and organizes them into themes, insights, and potential solutions opportunities. The second part of the Ideation Phase is Prototyping; expanding outputs from Synthesis into testable processes, products or services. Synthesis and Prototyping form a cyclical process of testing prototypes, getting feedback, and iterating that is key to creating an effective, innovative solution. This approach is designed to test the desirability, feasibility, and viability of solutions with end-users on a small scale with minimal risk.

Finally, during the Implementation Phase, the complete functional solution is developed and executed. During this phase, special attention is paid to how the decided upon solution will impact the client environment and how it will be implemented. Even after implementation, HCD encourages ongoing feedback and continuous refinement of the concept.

Impact

Using a human-centered approach to design and develop solutions results in substantial benefits for organizations and end users. While user-centered design focuses on improving the interface between users and technology, HCD concentrates on actively involving the end-users throughout the development process. As a result, solutions designed using human-centered methods increase usability and productivity while improving quality and user experience. HCD is more successful by giving ownership and control of the solution to the customer.

EGlobalTech and HCD

At EGlobalTech, we leverage the creative and iterative aspects of human-centered design to develop and implement optimized solutions based on direct user engagement.

Would you like to find out how EGT can employ HCD methods for your organization? Contact us today.

Want to learn more about HCD? Our Human-Centered Design Delivers Focused and Meaningful Solutions White Paper provides more details on the approach.

Staff Spotlight: Michelle Durante

,

Meet Michelle, Senior Recruiting Manager

Our people are at the core of our business. We are featuring the amazing individuals who make eGlobalTech an exciting and supportive place to work.

As the Senior Recruiting Manager at eGlobalTech, Michelle Durante leads the recruiting team and finds top talent to join our team. Drawn to eGT by the opportunity to build on the company culture and make an impact, Michelle knows the work her team does truly matters. Whether Michelle is finding the right people to support an agency mission or to prevent a cyber-attack, her team’s work has a direct, positive impact on the American public.

Michelle broke into recruiting after hearing the CEO of a woman-owned staffing company speak while she was studying business at Towson University. She reached out to the speaker, who offered Michelle a job and launched her career in recruiting. Building on this experience, Michelle’s biggest advice to the next generation looking to get into recruiting and consulting is: “Don’t be afraid to get up from behind the computer to connect.” That personal connection can make the difference, which is why she and her team host several networking events a year to build out eGT’s talent community.

When outside of work, you can find Michelle working on her garden and collection of indoor plants with her fiancé Josh, playing with her dog Colby, and enjoying time with friends and family. She also serves as the Women in Technology (WIT) Board Member at Large for Sponsorship and Strategic Partnerships, supporting the organization’s mission of advancing women in technology from the classroom to the boardroom.

 

How To Leverage Data Lakes For Your Organization

,
How To Use Data Lakes Blog Image Numbers On Green Background

Using Data Lakes To Generate New Insights From Data and Build Data Capabilities

Introduction

As data lakes have increased in popularity over the past five years, cloud providers started offering data lake capabilities to make it easier to ingest, store, and centralize data across an organization. Most organizations benefit from data lakes as data is often stored in dozens to hundreds of disparate data environments, and the data can be represented in various formats, including structured and unstructured data. Data lakes enable organizations to store their data in a centralized, virtual data platform. Centralization provides many benefits, including predictive analytics, Artificial Intelligence (AI) capabilities, data storage across multiple data types (including streaming data and images/videos), data discovery and cognitive search, and granular data security controls.

What Is A Data Lake?

A data lake is a virtual, centralized repository that stores data from across an organization, regardless of data format, structure, or type. A data lake sends and receives data from any database, data warehouse, or API. Its virtual environment permits organizations to move towards data centralization for analytical purposes without decommissioning existing databases. This enables organizations with existing data systems to leverage the benefits of a data lake without deactivating existing or legacy systems. Once the data lake ingests and centralizes the data, data scientists and AI practitioners can build and deploy powerful AI analytics and solutions. These solutions will generate new insights, patterns, and relationships among all the integrated data.

Data Lakes Power Artificial Intelligence

As disciplines within AI continue to advance, the possibilities for both federal agencies and commercial organizations are endless. Perhaps most exciting are the continuously evolving fields of machine learning (ML) and deep learning, empowering companies to generate new insights from unstructured data. The problem that agencies face when they feel ready for AI, ML, and deep learning is that their data isn’t in a single environment where AI algorithms can easily access it. Data lakes power AI capabilities for this reason. Without data centralization, newly uncovered relationships, patterns, and correlations can’t be deduced as the AI algorithms will only have a smaller subset of data to work with. To build an AI model with a reasonable accuracy rate, high volumes of data are required, which can be stored within a data lake.

What Is A Data Lake Not?

Data lakes are not data warehouses. A data warehouse requires data to be pre-categorized and tagged before storage. Data lakes are flexible and can ingest and store data in its as-is format. With that said, it’s important to note that Extract, Transform, and Load (ETL) operations will need to occur to get data sets prepared for data analytics, ML, or AI models. AI and ML require data to be prepared in specific formats that predictive algorithms will understand, so it’s important to consider ETL when building analytical models. This is the case regardless if you’re using data stored in a data lake, data warehouse, or SQL environment.

Examples Of Capabilities That Can Be Built Using Data Lakes

Create A Google-like Search Engine Within The Data Lake

Following data centralization, agencies can index their data and create a search engine that returns relevant search results quickly while providing a user-friendly search experience.

Protect Data At The Column Or Cell Level

Data lakes enforce roles and access policies for every unique data set, including protecting data within an individual table column. This tactic enables granular data protections across various types of data. Additionally, it ensures the same security policies are carried over from the original data source to the data lake.

Implement Data Governance And Provenance

Knowing how data is accessed and disseminated across an organization is critical to enforce proper governance of the data. With capabilities like Cloudera Data Flow that integrate smoothly into Hadoop-based data lakes, an agency can visually track key data sets and see who’s accessing data, how, and what they’re doing with the data. This provides complete operational oversight into the data lifecycle and offers provenance once new data sets are ingested.

Want To Learn More?

Data lakes can empower your organization to execute new types of analytics to make faster, more informed decisions. Our AI experts at eGlobalTech implement data lakes for on-premise systems and cloud providers. This guidance enables our clients to securely store data while harnessing more data in less time. Our Senior Director of Technology Strategy and Head of eGT Labs, Jesus Jackson, will present at the O’Reilly Software Architecture Conference on data lake implementation and data lake use cases.

Have questions? Contact us at egtlabs@eglobaltech to find out how eGlobalTech can deploy data lakes to support your organization.

Staff Spotlight: Jesus Jackson

Meet Jesus Jackson, Senior Director of Technology Strategy and Head of eGT Labs

Our people are at the core of our business, we’re featuring the amazing individuals who make eGlobalTech an exciting and supportive place to work.

As a Senior Director of Technology Strategy and the Head of eGT Labs, Jesus Jackson spends his days solving tough problems leveraging cutting-edge technology. He and his team work directly

Director eGT Labs Jesus Jackson

with eGT employees to teach them about utilizing new tools to quickly solve issues and support clients in innovative ways. By growing emerging capabilities, like cloud automation and Artificial Intelligence, Jesus strives relentlessly to improve the value we provide to our clients.

Consulting empowered Jesus to wear multiple hats, growing both as a technology and business leader. In 2018, he found his home at eGlobalTech and within eGT Labs, combining all the skillsets he learned throughout in his career. Jesus says he “could tell the culture at eGT would be a great fit and this new role would enable him to be focused on leveraging emerging technology to solve client’s toughest business problems.”

When not at work, Jesus pours his creative energy into creating electronic music (find his project Advakit on streaming services), learning Spanish and improving his fluency, and spending time with his friends and family, including his grey cat Ash. You’ll also find him and his partner, Bri, adventuring the world; they recently returned from a New Year’s Eve trip exploring Iceland.

Announcing Product Update: Cloudamatic 3.0

, ,
Cloudamatic Logo

We are pleased to announce a major product update to eGlobalTech’s Cloudamatic®, a scalable open source solution for automating the complete deployment and orchestration of infrastructure, security, configuration, and provisioning for any application to the cloud.  Used in both the public and private sectors, Cloudamatic shortens application migration cycles from weeks to a single day.

With release 3.0, Cloudamatic includes the following features:

  • Complete Microsoft Azure Migration & Deployment Support
  • Containerization Support Across All Cloud Providers
  • Kubernetes Support Across All Cloud Providers

Find out more about these features here.

5 Ways to Plan and Prepare for a Cyber Audit

Signature on a cyber audit

Why Are Cyber Audits Important?

Cyberattacks are continuously evolving. How well organizations evolve to protect themselves and their clients is dependent on various factors, including the review of their practices, processes, and infrastructure. For the federal government, cyber audits play a central role in keeping agencies secure and prepared for any future threat. While the process of preparing and undergoing an audit can be unwieldy, these audits can highlight gaps and serious areas for improvement.

How to Prepare Your Organization For A Cyber Audit

Leveraging their experience and lessons learned, our cybersecurity experts compiled the five steps you and your organization can take to best prepare for a cyber audit.

1. Establish a communications plan

It is critical to establish a communications plan with all stakeholders in the organization to ensure everyone is aware of their responsibilities and understands the proper flow of information. First, the organization should identify a primary point of contact to lead the effort and serve as the liaison between the auditors and the organization’s stakeholders. Secondly, the organization should identify points of contact within each respective area included under the scope of the audit. All points of contact must be trained on how to respond to audit requests and interviews. The guidance should emphasize that stakeholders must only address the question asked of them and not provide any additional details outside of the scope of the question.

2. Review and understand rules of engagement 

Audits will have formal rules of engagement that provide what will be examined and how these items will be examined. The rules will include important items, such as the amount of access to be given to auditors, the extent to which penetration testing can use offensive capabilities, and overall scope. A clear understanding of how the audit will be conducted and what the auditors can and cannot request will ensure a smoother audit process.

3. Take a full scale and proactive inventory

A significant part of the audit includes the review of the systems that are under the control of the organization. The rules of engagement should clearly define the boundary of the audit and provide the types of items that should be included.. Prior to knowing what is included in the audit, the organization should prepare a full inventory that not only includes all physical devices under operational control, but also their corresponding Authority to Operate documents and management documentation. It is best practice to prepare a clear index that includes all pertinent information in a single location, including a clear list of all systems and software being used, what machines software is installed on, and the license structure of the software.

4. Establish evidence management and clear ownership of items

Due to the high volume of requests that occur during an audit, it is crucial to establish evidence management and clear ownership of evidence for traceability. A helpful way to manage evidence is to establish tracking methods prior to the initiation of the audit and construct a central repository to store all evidence with separate areas based on the type of request (documents, logs, samples, etc.). One method to use is managing the audit requests via a centralized tracking log that includes the specific details of the request and tagging any evidence stored in the repository with a consistent naming convention that correlates to the audit request tracking number. Having these tracking mechanisms in place increases response times during the audit in situations where stakeholders need to refer to specific items for follow up information.

5. Identify the status of all items with plans for updates 

A successful audit includes the proper documentation and demonstrates the organization is following the policies and procedures it previously established. In preparation for the audit, the organization should have all related policies, procedures, and guidance collected in a single location with the appropriate update schedules provided. Additionally, the most recent set of system scans should be provided with the corresponding Plan of Actions & Milestones (POAM) document or the government, risk, and compliance (GRC) documentation needs to be presented.

Protect Your Organization From Cyber Attacks Today

Have an upcoming cyber audit or looking to make your organization more secure? eGlobalTech’s cyber experts can help you prevent attacks with our end-to-end cybersecurity services. Contact us today. 

Improving Your FISMA Scorecard Rating

,
Improve Your FISMA Scorecard Rating with image of digitallock

Insights To Improve Your FISMA Scorecard Rating Today

Federal Information Security Modernization Act (FISMA) Scorecards are a crucial aspect of keeping federal agencies secure. These scorecards measure agency performance in different cyber “areas of concern” and identify weaknesses that could be exploited by cybercriminals. Are you looking to improve your scorecard rating? Our Cybersecurity Solutions experts created this white paper to provide tips and best practices for achieving a high scorecard rating.

Download Your White Paper Today

 

 

 

 

eGlobalTech’s RPA Bot: Automatic SSP Validation for ATOs

,
Hands on computer with Robotic Process Automation on screen

Robotic Process Automation (RPA) can revolutionize the way organizations function, enabling employees to focus on complex problems while RPA bots fully automate tasks like data entry, document reviews, and screen scraping. By automating tasks that don’t require human decision-making or interference, RPA saves organizations time and money.

While many processes would benefit from RPA, this use case will focus on the Authority to Operate (ATO) document review for System Security Plans (SSPs). This process is a great candidate for RPA because its underlying business process is well-defined, the document review steps are repeatable and consistent, the reviews are time-intensive, and the data validation steps do not require human decision-making.

What is an Authority to Operate (ATO)?

An ATO grants a system the ability to operate in production environments on a federal agency’s infrastructure. For a project to acquire an ATO, multiple security documents need to be thoroughly completed and reviewed, including the System Security Plan (SSP), which documents key attributes of a system’s security posture. SSPs are reviewed to ensure system information is accurate, security levels are correct, and access controls are correctly implemented. It typically takes Information System Security Officers (ISSOs) two days to review and validate an SSP and review findings need to be remediated and triaged, which results in the ATO process taking months.

eGlobalTech’s Bot: Automate the SSP Review

To accelerate the review process and empower ISSOs to address system vulnerabilities quicker, we developed an RPA bot using the UiPath tool suite to validate and verify the completeness of an SSP, including system controls for a moderate-level system, the system details, security categorization, information types, security images, and access controls.

After the evaluation, our bot creates a scorecard and populates the results for ATO evaluators. Our bot completes the entire evaluation and scorecard in under four minutes without human intervention. It scans the SSP, highlights errors in various colors, and even writes detailed comments for ATO evaluators (e.g. “a required image is missing in this section”) – all without any intervention.

Impact

With the SSP review completely automated, an ISSO can refocus their time on the review findings and remediating any system vulnerabilities. The bot also accelerates the ATO process by reducing false starts in initial submissions. This use case can be expanded to other security documents within the ATO process, enabling the automated review of all ATO documents and shortening the time it takes for systems to achieve an ATO from months to days.

eGlobalTech and RPA

At eGlobalTech, we think about RPA at the enterprise level. We not only develop bots for our clients – we work with clients to identify opportunities for RPA though process and workflow evaluation, optimize existing workflows, lead bot deployments, and perform ROI evaluations. We also formed a strategic partnership with UiPath, a leading RPA software company that’s deploying bots at over 40 federal agencies. Would you like to see our bots in action or to start an initial workflow assessment? Contact us today.

Want to learn more about RPA? Our RPA Demystified Whitepaper defines RPA and provides use case examples.