Skip to main content
Home
Main navigation
  • CAPABILITIES
  • SOLUTIONS
    • ArgusGA
    • AthenaGA
    • ComplySyncATO
    • ComplySyncATO (ServiceNow)
    • HephaestusGA
    • PhoenixGA
  • CUSTOMERS
  • CONTRACT VEHICLES
  • ONPOINT
Responsive Hamburger Menu
  • CAPABILITIES
  • SOLUTIONS
    • ArgusGA
    • AthenaGA
    • ComplySyncATO
    • ComplySyncATO (ServiceNow)
    • HephaestusGA
    • PhoenixGA
  • CUSTOMERS
  • CONTRACT VEHICLES
  • ONPOINT
  • GREEN ACCELERATOR
  • PARTNERS
  • CAREERS
  • ABOUT US
primary menu
GREEN ACCELERATOR
PARTNERS
CAREERS
ABOUT US
BACK

VINAY V. SHIRKE

VINAY V. SHIRKE
Chief Information Officer
Type:
OnPoint Xchange
Tags:
  • AI/ML
Sectors:
Defense, Civilian, Healthcare
Capabilities:
Cyber Security, AI Integration Services

Insightful, Intentional, and Intelligent Cybersecurity

Security Data Lake

A Data-Driven, Design-Led, and Intelligence-Infused Approach for the Security Data Lake at HHS CMS

The Centers for Medicare & Medicaid Services (CMS) manages one of the largest digital infrastructures in the federal government—spanning hundreds of FISMA systems, cloud workloads, hybrid networks, and compliance environments. To safeguard this complex ecosystem, CMS partnered with ASSYST to implement a forward-thinking solution, a Security Data Lake (SDL). A Platform designed to unify Continuous Diagnostic and Mitigation (CDM) detailed cybersecurity telemetry from across the IT environment, enhancing threat intelligence and empowering real-time decision-making to improve the security posture of mission-critical applications. 

It was a transformation driven by data engineering, human-centered design (HCD), and the power of AI infused user experiences.

Challenge: Siloed Data, Slower Response

CMS’s security teams were overwhelmed by volumes of data generated by disparate sources—cloud configurations, vulnerability scans, firewall logs, compliance assessments, and more. Each team operated in silos, using their ingestion tools, dashboards, and data schemas. This fragmentation slowed collaboration, increased storage costs, and made cross-domain analysis nearly impossible.

During zero-day events like Log4J, what should have been a rapid response became a manual process of stitching together insights from different systems—costing critical time and adding risk to operations. CMS needed a unified, governed, and accessible data platform that could provide a view of CDM data to support multiple teams, roles, and missions—without compromising agility or security.

Solution: A Federated, AI-Ready Security Data Lake

ASSYST collaborated with CMS’s Information Security and Privacy Group (ISPG) to architect and operationalize a federated Security Data Lake platform built on Snowflake’s secure, FedRAMP-authorized Data Cloud. The platform centralized the ingestion of telemetry from AWS Config, Tenable, Snyk, Panther, Archer, and more, from both the cloud and the premise data center. Applying schema-on-read techniques to retain raw fidelity while enabling flexible, on-demand analytics.

We designed the SDL to support a multi-tenant access model featuring row-level security and role-based controls that enable different security units to collaborate securely from a shared source of truth. To support CMS’s modernization and automation goals, we integrated data services for metadata enrichment and cross-domain telemetry linking.

The AI-enabled platform is integrated with large language models (LLMs), predictive analytics, and multi-agent systems, which enhance context-driven decision-making, streamline investigations, and scale compliance readiness.

Human-Centered Design: Making Cyber Data Work for People

Recognizing that technology is only as valuable as it is usable, ASSYST adopted a Human-Centered Design (HCD) approach for data visualization of the CDM data. We developed detailed user personas to represent the diverse range of CMS stakeholders—from SOC analysts and vulnerability engineers to executive leadership and audit teams—each persona guided decisions regarding data access, dashboard views, chatbot behavior, and analytics priorities.

To unlock the full value of the SDL, we designed and deployed the Agentic AI App. This conversational, LLM-powered tool enables users to search and retrieve data catalog metadata using natural language queries. The Agentic AI app is capable of leveraging multiple UI patterns (linear, card-based, threaded) and selecting the threaded mode based on feedback from metadata users who require structured exploration paths and layered conversations. The UI integrates interactive components, such as buttons, forms, and menus, providing users with an intuitive, action-driven interface for discovering and utilizing cyber telemetry without requiring SQL knowledge to formulate queries.

Usability at Scale: Dashboards That Drive Action

Beyond search and metadata exploration, ASSYST focused on making data-driven decisions easier across CMS. Working closely with CMS stakeholders, we redesigned Tableau dashboards with HCD principles—streamlining visual layouts, reducing cognitive load, and improving data navigation across key views such as:

  • Vulnerability Monitoring Dashboard
  • Known Exploited Vulnerabilities (KEV)
  • Vulnerability-Related Asset Details

We facilitated user discovery sessions, journey mapping, and dashboard testing to ensure these dashboards not only reflected real-time SDL data but also aligned with user goals, workflows, and remediation processes. Special attention was given to login and landing page usability, with validated UX enhancements enabling faster access to alerts, insights, and reports.

These improvements have directly contributed to higher dashboard adoption across CMS, increased stakeholder satisfaction, and faster time-to-action in response to evolving cyber threats.

Value Delivered: From Insights to Outcomes

The results have been transformative. CMS now operates from a single pane of glass for security telemetry, with unified data access across departments, improved team collaboration, and sharply reduced response times. During major cyber events, queries that previously took days now return results in minutes. Compliance and audit preparation have become more efficient through the use of live telemetry overlays and the contextual mapping of NIST controls via AI Tools.

The Security Data Lake—once envisioned as a data warehouse—is now a living, AI-ready platform where data, design, and intelligence converge to drive mission success.

What’s Next: Agentic AI, Continuous Compliance, and Beyond

With the SDL in place, ASSYST is helping CMS prepare for its next leap forward: integrating Agentic AI. Using the Model Context Protocol (MCP), CMS will enable autonomous agents to interact with live data, perform security checks, validate configurations, and generate evidence for audits in real-time.

Through ASSYST’s Green Accelerator Framework, ASSYST is advancing toward a future where security operations are not only data-driven but context-aware, automated, and intelligently designed around the people who rely on them.

Related Files:

Related Content

Model Context Protocol Fuels AI Agentic Engagement for Enterprise Cybersecurity Data Access
AI Impact Stories - Assisting HHS Agency in Leading with Security Data Lake and AI for Vulnerability Detection
Unleashing Cybersecurity Excellence: Measuring Effectiveness with the Security Data Lake
Back
  • Facebook
  • Linkedin
  • Twitter

CORPORATE

22866 Shaw Road
Sterling, VA 20166
Phone: 703-230-3100
Fax: 703-230-3100
e-mail: info@assyst.net

OTHER OFFICES

7000 Security Boulevard, Suite 120
Baltimore MD 21244
Phone: 443-200-5387

FOLLOW US

facebook linkedin twitter

TALK TO US

Image CAPTCHA
Get new captcha!
Enter the characters shown in the image.
Clicky
Footer menu
  • Terms of Use
  • Accessibility
  • Privacy Statement
CMMC 2.0 CMMI Level 3 ISO 9001 ISO 20000 ISO 27001 © All Rights Reserved.