InnovateIT Awards: Senior Government Executive Dinner ft. InnovateIT Awards 2022

True leaders understand the necessity of innovation to remain relevant. AFCEA Bethesda’s InnovateIT Awards program recognizes those in the federal civilian space who combine leadership with innovation to achieve tangible results. The 2022 InnovateIT Awards program will recognize leaders who exhibit qualities of successful leadership across the following areas:

1) Data Analytics: Leveraging data analytics to tap into the wealth of insights in data, solving government’s biggest challenges through predictive analytics, artificial intelligence, machine learning, and visualization. Applying actionable information to reshape processes and make informed decisions.

2) Citizen Services or CX Innovation: Improving the citizen experience with digital government, using innovative technologies that optimizes workforce productivity to achieve mission goals and improve the customer experience at every touchpoint.

3) Cybersecurity: Applying advanced approaches and technology to prevent, deter, and respond to increasingly sophisticated attacks on government networks and critical services, strengthening the security and resilience of agency infrastructure.

The CMS Infrastructure and User Services Group (IUSG), part of the Office of Information Technology (OIT) is uniquely positioned in that it is responsible for both Infrastructure hosting and User Services – a rare combination. It helps reinforce that the criticality of networks, servers, and personal computing devices combined with the requirements for security, business continuity, and disaster recovery are determined by their impact on the end-user experience, and ultimately the mission of CMS. Mr. Oh recognized gaps in enterprise situational awareness as there are siloed systems across the enterprise that monitor various components like network infrastructure, servers, down to CMS issued computing devices. Mr. Oh brought to life an enterprise situational awareness dashboard tool called the Enterprise Monitoring and Management (EMM) application which provides critical information with a bias toward action. EMM provides real-time messaging for proactive alerting and combines real-time data from critical systems and batch data from system logs with a hierarchical structure using organizations, systems, devices, and individuals. Mr. Oh serves as the EMM business owner and, with the help of Senior Technical Advisor Dennis Skinner, who works closely with the EMM team, has spearheaded the development effort of intuitive dashboards and workflows with powerful search and drill-down capabilities derived from Human-Centered Design (HCD) principles. Through the graph capabilities available in EMM, approximately 20,000 IT components can be connected back to the end-user experience and provides Mr. Oh and other OIT/IUSG stakeholders with actionable insights into the state of CMS’ enterprise operations, management, and security. For example, the EMM tool opens tickets in ServiceNow on behalf of users experiencing laptop issues, which streamlines CMS IT Service Desk operations and provides faster resolution for laptop issues with less employee downtime.

EMM has roughly 40 different integrations with tools and systems hosted across the CMS enterprise, reducing previously siloed information and providing CMS with actionable information in easy-to-use dashboards. EMM bridged the gap between key monitoring areas and provides robust information views within intuitive dashboards. Through its End User Experience dashboards and workflows, EMM provides IUSG with critical insights into the tools used by CMS employees and contractors to support their day-to-day work, down to the performance of government furnished computing devices and the experience of the employees and contractors that use them. Based on EMM thresholds, automated incidents are created on behalf of end users for various situations, including issues with their computing devices like system crashes, application latencies, hard disk issues, successful data backups, and mitigating risk of information loss. In 2021, over800 incidents were submitted, creating a positive experience for CMS employees by providing proactive technical support based on data driven decisions. Recognizing a limitation of traditional enterprise monitoring, Mr. Oh led the way in implementing synthetic monitoring within EMM, to identify issues with how CMS end users interact with email. EMM will highlight latency with sending or receiving emails, which often indicates a larger issue, potentially with infrastructure, thus combining operations management and end-user experience.

The Defense Health Agency (DHA) implemented the Medical Community of Interest (Med-COI) enterprise enclave to unify Military Treatment Facilities (MTFs) across all services globally, modernizing healthcare system capabilities and cybersecurity posture. As part of the DHA Risk Management (RM) program, the SAVR team’s overall mission and key objectives targeted driving down the Med-COI’s enterprise residual risk by focusing on enclaves or systems that account for a significant percentage of overall residual risk. Evolution to the Med-COI brought major updates to infrastructure, security services, and Information Technology (IT) service delivery, while substantially increasing the need for effective Risk Management.

The SAVR team is comprised of Risk Management Framework (RMF) Counselor, specialized Tech Support, and Tech Documentation functional experts. Deliberate organizational effort created this centralized team to orchestrate RM efforts with cybersecurity staff at each MTF. The consolidation of these capabilities enhanced Risk Management across a significantly broader scope, enabling rapid process development targeting customer needs. A common criteria, language, and milestone structure was created and refined based on 63 specific DHA RMF steps to obtain an authorization to operate, successfully translating a lengthy process into 10 key milestones for tracking and planning purposes. These efforts solidified a repeatable and enduring methodology to evaluate cyber risk to critical resources. The SAVR team maximized enterprise productivity and accelerated RMF workflows for 132 MTFs, achieving 56 authorizations that extend into CY 2023 and beyond while posturing the remaining sites to be completed by 2024. Moreover, through streamlined business processes, the team is actively capturing risk data for sites on the DHA network in real-time. Through the creation of over 300 focused tools, procedures, and templates, the team successfully eased cyber constraints at the MTFs, allowing onsite staff to focus support on local healthcare needs.

The Federal Energy Regulatory Commission is a small agency with a critical mission of ensuring access to reasonably priced, reliable, safe, secure and economically efficient energy to all consumers. FERC regulates on national issues in electricity reliability and transmission, transportation of oil and natural gas, and hydropower. FERC employees include policy administrators, lawyers, engineers and analysts ranging from digital migrants, who have adapted to use technology to perform their job, to digital natives, who have grown up using technology in every facet of their daily lives. Having this diverse an audience presents a challenge for any CIO who must meet the needs of the employee while providing the protection necessary for federal systems. COVID-19 complicated this need in the last two years, adding the challenge of provisioning secure hybrid environments that provides IT resources to employees regardless of location or time. Grid reliability to prevent blackouts, , oil pipeline safety to prevent massive spills, dam safety and environmental analysis necessitate adequate access to secure data as well as an ability to respond in a timely manner. Like many government agencies, FERC is faced with employee retention issues. Employees value work-life balance and want to have the ability perform their job without having to miss out on family. Being able to finish a deliverable while cheering for children at a soccer game becomes an incredibly effective retention tool. Finally, central to the current administration’s policies is the executive order on transforming the federal customer experience and service delivery to rebuild trust in government. This transformation is just as important for employees as it is for customers. Employees must have a positive experience with IT systems to successfully manage the complexity and stress of some our nations most critical missions.

FERC CIO, Mittal Desai, is an Emerging Leader impacting the future of federal government. He brings transformative thinking, a deep understanding of security, and a pragmatic approach taking into account the needs/constraints of his agency. He approached this challenge of a technologically diverse community, with needs to access critical data from any location at any time, with a eye on user experience, successful adoption and employee retention goals. Mittal chose Microsoft’s InTune MAM suite to ensure users could perform their job on any device they chose. The innovation of this approach was not only the deployment of the appropriate solution but the associated OCM. Mittal leveraged end-user devices, enabling self service registration, enterprise training, user help guides, and the ability to download applications from commercial marketplaces. Backend processing, geofencing tech and zero trust automation abstracted the user from security policies, letting them focus on critical tasks. This approach increased the user’s experience in adoption of secure mobile technology resulting in 100% of all employee mobile devices registered and 95% of them were done using this self-service approach. Desai’s ”shift left” method reduced the need for costly IT support, is repeatable across agencies, and sets the stage for achieving continued success as an Emerging Leader.

The Provider Relief Fund (PRF), managed by the Health Resources and Services Administration (HRSA), facilitates urgent relief to healthcare providers responding to and recovering from COVID-19. The HRSA team had the monumental challenge of rapidly organizing resources to disperse $178B in funds appropriated through COVID-19 relief legislation to support healthcare workers on the front lines. The challenge to allocate billions in funds in a fast, fair, and secure manner was further heightened due to the complex stakeholder ecosystem and working within an unprecedented fully remote environment. To steward taxpayer dollars and achieve the vital mission of PRF, the HRSA team accelerated innovation through data-driven decision-making. PRF used new data assets evolving in real-time within siloed systems to inform payment policy; respond to customer inquiries; provide transparent reporting; drive program compliance; and prevent fraud. But given the urgency of the pandemic, the team needed to rapidly develop nimble, future-ready data systems that could quickly evolve. HRSA innovatively developed a cloud-smart, scalable, and integrated data platform pilot using the power of Snowflake, Salesforce, and Tableau to solve the task at hand. Salesforce provides a scalable, extensible front-end for data collection, reporting, and case management, allowing providers to securely report on funds use and utilize a COVID dashboard. This performance reporting solution is integrated with a Snowflake Cloud data warehouse and data lake solution to transfer the provider reporting using REST APIs. The on-premise data mart is migrated to Snowflake to improve performance while preserving data security with encryption. HRSA’s cutting-edge Snowflake Cloud Data Warehouse solution forms the high-performance data science platform to make real-time data accessible to a number of stakeholders and systems. Built to be agile and customizable, internal users may leverage their own data science tools such as SAS, R, Python, and Rapid Miner to run AI-driven data analysis to facilitate fraud analysis, predictive modeling, and pattern analysis. Finally, resulting reports are available to HRSA’s on-premises Tableau systems, and visualized in Salesforce.

By combining best-in-breed SaaS technologies (Salesforce and Snowflake) with on-premises Tableau infrastructure and HHS-standard security, HRSA has pioneered a cost-effective, scalable, secure data platform focused on solving today’s business needs, while enabling the extensibility to build out the future capabilities of Cloud and AI, and support democratization of data for federal agencies and the public. HRSA's PRF Performance Reporting and Cloud Data and analytics platform foundationally enabled mission-critical analysis, reporting, and response at this critical moment for the US healthcare system and public. The impact of the HRSA PRF program as of Mar 31, 2022, includes: • The providers in need received ~$136 billion in funding, enabling them to fight the COVID-19 pandemic and help Americans fight the disease and prevent mortality. • About 443,000 providers received funding through this PRF program and continued to provide health care services to the American public. • Over 101,000 providers submitted performance reports through the PRF portal for Reporting Period 1 • Over 107,000 providers submitted performance reports through the PRF portal for Reporting Period 2 This solution enabled: • HRSA Senior leadership to make informed decisions to target distributions for providers highly impacted by COVID-19 • HRSA PRF business users were to respond swiftly to the provider requests and senior leadership data requests • Department of Justice (DOJ) to quickly access the provider reporting data for audits.

Beth Libbey is being nominated for her role supporting the Operation Allies Welcome (OAW) and the enrollment and processing of Afghan nationals being transferred to the United States. While Beth primarily serves as the Product Manager for the Customer Profile Management System (CPMS) application suite, Beth played an integral role during the OAW effort through the process design discussions, hardware and software configuration of CPMS, and support of biometrics and biographic enrollments. As a result, USCIS was able to readily establish new remote enrollment sites to process the 50K+ Afghan nationals, devise reporting mechanisms to keep site managers and executives aligned with the progress being made and minimized the number of encounters required to collect all the required information and biographic data. Beth was able to leverage her 20+ years of USCIS experience as a thought leader when USCIS teams were collaborating on a plan for supporting the enrollment of several thousand Afghan nationals, through CPMS system configuration changes, enrollment workstation configurations, and quality assurance for data and biometrics. Beth worked extended hours in the evenings and on weekends to monitor team activities, troubleshoot issues with USCIS personnel working in the newly created remote sites, and conducting reviews of photos and records to ensure the best quality for downstream usage. She provided additional training on the process to the site personnel to ensure that all members were adequately equipped to perform quality checks at each enrollment site. In the initial weekend of enrollments, her direct involvement included reviewing photo quality detected issues with the backgrounds of photos that would not pass card issuance quality checks. This early awareness enabled the remote sites to reposition enrollment stations and cameras so that a sufficient background was used to eliminate unusable photos and the need to enroll Afghan nationals a second time.

When the US military began to extract from Afghanistan, the Afghan nationals that supported the troops found themselves in eminent danger as the new regime took control. With lives in jeopardy, the US planned to evacuate and save Afghan national lives. The initial estimates were approximately 10,000 Afghan Nationals, but, as we watched it play out on the news, the number surpassed well over 50,000 Afghan Nationals. USCIS faced the challenge of enrolling and processing thousands of nationals in a very short time, unlike any other expedited processing requirement they had yet to face. Operation Allies Welcome (OAW) was a collaborative effort across agencies that relied on systems available within USCIS, including, but not limited to, CBP, ICE, Department of State, and the FBI. Beth Libbey was instrumental in the success of OAW and provided though leadership from day one of the initiative as multiple solutions were discussed and proposed. Ultimately, the decision was made to leverage the existing CPMS application and implement modifications and processes that would ensure that OAW was successful.

As the federal agency responsible for protecting the nation’s information technology infrastructure, Department of Homeland Security (DHS) faced a major challenge in competing for talented professionals to combat an evolving threat landscape. Over the past eight years, Cybersecurity Ventures reports that unfilled cybersecurity jobs grew by 350 percent. This talent shortfall is expected to continue through 2025. To boost DHS recruitment efforts, the Office of Personnel Management (OPM) helped DHS establish a customized career site on OPM's USAJOBS website to direct these difficult-to-acquire professionals to cybersecurity positions. The groundbreaking Cybersecurity Talent Management System (CTMS) job application portal integrates, aggregates, and customizes the presentation of high-priority positions and skills requirements across DHS units. It replaces a fragmented hiring experience that could hamper a candidate's ability to quickly find relevant cybersecurity job listings on USAJOBS. Through this personalization, applicants can better understand the work expectations and more efficiently move forward in the system. The new portal applies technology and automation to streamline the hiring process. It also outlines new compensation structures, and offers candidates a personalized experience that targets five cybersecurity career tracks at the following levels: entry, developmental, technical, leadership, and executive. Marshall Fordham led the development of the portal's main site as well as the job tagging features on the Apply Page, and oversaw a seamless launch. Quadrina Quinn was the technical lead of the project, facilitating between OPM units and DHS to validate designs and ensure delivery. The HR Solutions team at OPM was also critical in making this project a success: Erika Vega, Bridget Dongarra, Christy Dollard, Patrick Sharpe, Dan Thibodeau, Megan Arens, Julie Jackson, Michelle Earley, Felipe Flores, Maria Ahmad, Jeff Cain, and Katie Keegan. OPM's partners at DHS on this project were: Erin Hayes, Travis Hoadley, Christine Winchester, and Alicia Dozier.

In its first 120 days, the CTMS set recruitment records by identifying and engaging with more than 1,000 prospective cybersecurity professionals. The agency received more than 2,000 applications during this period. DHS benefits by streamlining the process of identifying and vetting cybersecurity professionals. Cybersecurity professionals benefit from a customized applicant experience, a modernized hiring process, and learning more about compensation structures. As a result of the CTMS platform: • the application portal has received over 22,000 visits • DHS.gov has received over 13,500 unique IP visits • DHS had over 750 email inquiries to its general mailbox • DHS addressed over 860 applicant inquiries This partnership is an excellent example of how DHS leveraged OPM's USAJOBS team led by Quadrina Quinn and Marshall Fordham to modernize its hiring process and meet unique hiring requirements. The joint initiative is a model for other federal agencies that have specific technical and professional hiring requirements. The partnership between DHS and OPM has made a positive impact on Federal hiring, and it also allows DHS to follow merit system principles. The CTMS is significantly outperforming previous processes at both a quantitative and qualitative level. CTMS helps DHS hire a trusted cybersecurity workforce on the front line of the nation’s fight to protect the cyber landscape, and the country’s critical infrastructure.