Lyn Spath

SUMMARY OF QUALIFICATIONS: Infrastructure security compliance and risk professional with expertise in vulnerability, patch, and configuration management.

**** ***** ***** ********** ****** Spoke Champion –Award for Top 1% of Performers

TECHNICAL:

Collaboration

Outlook, Zoom, SharePoint, MS Teams, Jira, Confluence

Reporting & BI

Tableau, Excel, Alteryx, SQL

Automation

SharePoint Designer, Alteryx

Development

Agile, Kanban, SDLC

PROFESSIONAL EXPERIENCE:

Technology Systems Senior Consultant, VP

EIT/ETI/CORE ENGINEERING/Process Engineering and Service Assurance 3-2018 to Present

Enterprise Patching Program: Leading patch governance oversight and policy exception processes for server, firmware, storage and mainframe infrastructure. Produced performance metrics and developed executive presentations for same.

Configuration Management Program: Serve on Core Engineering leadership team responsible for bringing infrastructure product baseline controls and management into compliance with SACM and Audit governance. Matured process and control management with unstructured product groups; exceeded or met all project timelines and developed reporting framework and content to track and remediate configuration drift.

Vulnerability Management Program: Developed Core Engineering executive reporting and presented analysis and findings for CIO audience. Creating consistent analysis framework across 5 sub-asset class teams.

Patch Re-engineering Pilot: Managing solution engineering efforts with creation and enforcement of strategic direction and project plans. Engineering spokesperson at senior executive status meetings.

Sr. Business Systems Consultant 5, AVP

EIT/ETI/CORE ENGINEERING/Operational Services and Governance 3-2016 to 2-2018

Operating System, Firmware, Storage, Mainframe Patch Compliance and Reporting

Risk Management:

Provided OS Competency Center security patch metrics and asset risk exposure in accordance with MRA directives, Asset Inventory, and patch compliance. Provided data integrity checks on Tanium monitored patch data.

Developed methodologies for operational reporting in the Layered Products and Firmware reporting space by aligning Layered Product/Firmware ‘release and version’ compliance with date-driven OS methodology.

Achieved strategic linkage between Windows/Unix Patches and corresponding QVR vulnerabilities for current tactical and future strategic remediation efforts.

OS/FW Competency Center Lead for Security and Non-Security for patch non-Compliance, exception development, submission, remediation, and backlog exception activity.

Created One-Team relationships with lines of business to foster collaborative risk remediation efforts. Managed 3 contractors.

Partnered with Service Delivery to create automated CIO Summary reporting for non-compliant server communications. These summaries provide ‘state of the business’ metrics for CIO informational consumption.

Helped strategize transition of server baseline SPARK security plans to exception system of record.

Sr. Business Systems Consultant 5

Wells Fargo distributed Products & Controls (Infrastructure) 1-2015 to 3-2016

OS/FW/MW Exception Team Lead & Patch Reporting Analyst

•Partnered with EIS and Enterprise Patching Center of Excellence with security exception management tools. UAT Lead for all Policyworks enhancements including expanded exception types, competency center designation, and interim remediation milestone tracking. SME for development of ‘future state’ BRDs for security and non-security exception management tools.

•Built staffing model and managed EGS team members and contractor staff to administer security and non-security patch and configuration management exception. Taught patching and configuration management basics to non-technical staff to enable good understanding of exception content. Held regular team meetings to share information, strategize tactical activities, and review exception metrics.

•Represented OS Competency Center with MRA#2 patching sustainment audit. Educated ORM risk managers on patching sustainment and security patch exception processes and reporting. Provided metrics and documentation which provided basis for risk testing activities.

•Represented DSO for MRA#1 Enterprise Patching and Policy Exception initiatives. Introduced exception processes and reporting framework to the Middleware/Applications/Workstations competency centers. Participated in MRA#1 strategy planning for patch and exception reporting/metrics and target state patch processes/control points for OS, Firmware, Middleware and Layered Products.

•Subject Matter Expert for patch and exception data reporting in Validation Framework and DMAN patch scheduling tools. Provided business and functional direction for development staff. Participated in user testing of all patch-related functionality.

•Initiated SDT (Service Delivery Team) partnership to partner on overdue patch reporting with the security patch exception identification and communication process. Instituted process to align DSO and non-DSO supported server patch data to achieve ‘one source reporting’. Jointly participated in development of OSMC, an overdue patch triage tool used in the research of servers that are habitually non-compliant. Provided pre-communication of monthly exception reporting data to encourage proactive remediation of servers.

Business Systems Consultant 5

Wells Fargo distributed Products & Controls (Infrastructure) 4-2014 to Present

Process and Workflow Analyst, DPC Process and Portfolio Team

Produced MRA patch reports (unpatchable, exceptions, backlog, and base line) which were presented to senior executives. Content included data presentation, charting, pivot table creation, trending. Used DSM/DSSM relationships to acquire raw data from many sources. Combined disparate data to put together meaningful information to help manage MRA #2 patch effort.

Produced ad hoc reporting metrics, analysis, and trending for DLMP Executive Steering Committee consumption and decision making. Work was performed with changing requirements with tight deadlines.

Translated technical patching, end of life, and OS baseline raw reporting into executive reporting presentation decks. Used communication skills to translate very technical concepts into executive level presentation content.

Led Enterprise Patching Program (MRA#1) OS/FW/DIST patching process creation; first with governing high level “to be” processes and then granular platform execution step level processes. Used personal relationship building skills to facilitate effective work sessions held between engineering and leadership staff. Reported on process gaps between current and to-be scenarios. Attained expertise on multi-platform enterprise patch practices.

Piloted and revised new patch exception submission process in support of corporate MRA#2. Led user testing within Policyworks, and created internal reports and metrics to identify gaps in process.

Used SharePoint developer skills to help develop report repository for Tools and Reporting Center of Excellence of reporting.

Coached TIS and NON-TIS patch engineers through MRA#2 patch exception process and best practices.

Coordinated DLMP Patching Process annual review that included Windows, UNIX, Firmware, and Middleware. Used technical understanding of patch creation and deployment to seek efficiencies. Took initiative to gain expertise on TIBCO business studio and Visio to document workflows and associated metadata.

Led annual process review and subsequent modifications of Configuration Management high level and sub-processes. Remediation processes selected as a ‘best practice’ for baseline remediation efforts.

Senior Business Analyst (contract)

Wells Fargo distributed Products & Controls (Infrastructure) 5-2013 to 4-2014

Manager, Validation Framework (VF) UAT and

Communications Manager, DLMP (Distributed Lifecycle Management Program)

Wrote Business Requirement Documents (BRD’s). The complexity of this effort surpassed ordinary application requirement planning in that 10 BRD’s defined system needs.

Translated business requirements into technical specifications (agile methodology) for “Line of Business” and “User Interface” modules.

Wrote test plans, scripts, and execution grids for three VF releases.

Presented UAT status, metrics, and associated reports to leadership on a regular basis.

Coordinated and Managed User Acceptance testing for VF releases 3.0/3.1/4.0. This effort involved creating user-ids, creating

test plans for each participant, being available during UAT for questions and script validation and/or script revisions.

Produced defect report metrics used to determine testing success or failure.

Planned deployments for releases 3.0, 3.1, and 4.0 which required a complete understanding of aggregate changes and defect cause/ application effect.

Communications Manager for Distributed Lifecycle Management Program (DLMP)

Developed senior executive reporting vehicles, presentations, taking points, and strategy.

Led DLMP CIO communications to highest quality awards on three occasions.

Created DLMP reports and metrics for executive presentation. Metrics and associated presentation content was consistently developed and delivered with extremely short deadlines. Success depended on being able to deliver quality work under extreme pressure.

Managed all electronic department communications (newsletters, announcements, presentations, decks) content to ensure consistent department voice and message.

Product and Operations Manager, Benefit First Software System

The Benefit Company (health & Disability Software) 5-2011 to 5-2013

Wrote business requirements for system enhancements that helped to reduce programming effort and time.

Developed application reporting within MS Access utilizing data relationship analysis and queries.

Prioritized programmer work on defects and functionality enhancements.

Managed test processes and individual test scripting standards for unit and user acceptance testing which reduced post production issues significantly (50-70% from baseline).

Planned system release schedules with associated user communications.

Wrote Benefit First benefit enrollment guide for a user population of over 20,000.

Conducted system training with company account managers which standardized the way Benefit First was shown to potential customers.

Represented company in SAE-16 risk compliance audit. Developed workflow-based customer enrollment system that saved up to 2 week s within a 12-week process. Re-designed complex business processes to improve and support company business. This effort led to company being awarded first SAE-16 compliance business certification.

Represented company in HIPPA risk compliance audit.

Developed SharePoint workflow system to augment customer enrollment system.

Analyzed complex business requirements and processes using conceptual data and business modeling, data dictionaries, and other documentation.

Designed and developed post-production support help ticket system using SharePoint Workflow concepts.

ADDITIONAL EXPERIENCE:

Project Manager/Business Analyst, Computer Sciences Corporation, Columbia SC

Sr. Business Analyst, General Electric Remote Engineering, Salem, VA

Contact this candidate