Express Employment International Cyber Risk Case Study

How a growing operations team built visibility, efficiency and executive-ready insights with Onspring

OVERVIEW

Express Employment International is a global staffing franchisor with a mission of putting a million people to work each year. The organization supports more than 850 franchise locations across the United States, Canada, South Africa, Australia and New Zealand, with more than 500 corporate employees based at its international headquarters in Oklahoma City, OK.

As the organization grew, its operational workflows became more complex, especially across cyber operations, data governance, DevOps activity and legal processes tied to its large franchise network. The cyber operations team needed a platform that could consolidate data from multiple systems, visualize daily activity, identify emerging trends and communicate operational impact to executives in a clear and meaningful way.

Onspring became the system that made this possible. By centralizing operational data and automating visual reporting, the team now has a reliable way to track incident activity, monitor risk indicators, support legal decision-making and demonstrate how day-to-day operations contribute to broader governance and risk reduction efforts. The result is a more connected, more informed operational ecosystem that strengthens both frontline activity and C-suite decision-making.

Challenge

When Mysti Williams joined Express Employment International as a Cyber Operations Engineer, she walked into a department aiming to build clarity around its impact. The cybersecurity and operational teams used multiple systems across incident response, DevOps, data governance and franchise-related legal activity. But there was no unified way to understand what was happening day to day or how those activities shaped the organization’s risk posture.

Reports had to be pulled separately from different tools and then pieced together manually. Trends were difficult to spot. Leadership visibility was limited. And operational teams lacked a single source of truth.

Mysti summed it up clearly, “Before Onspring, we would have had to pull this report and pull that report and piece everything together. There was no way to create one visual that showed the full picture.”

The team needed a better way to track and elevate operational activity, especially as the organization continued to scale.

Solution

Using Onspring, Mysti built custom applications that now anchor the team’s operational visibility, cross-department collaboration and leadership reporting.

Real-time visibility into operational activity

Mysti created dashboards that track daily cyber operations, including device isolation events, user resets after phishing clicks and other incident workflows. These views help identify recurring patterns, seasonal spikes and opportunities for targeted user training.

“We can pump data from multiple places into Onspring and create one overall dashboard. You scroll and can see everything that is going on.”

Trend monitoring across threat and vulnerability management

The team uses Onspring to show threat and vulnerability trends over time. Seeing multi-year patterns helps distinguish between isolated events and emerging risk areas that may require additional resources or training.

Supporting legal decisions across a large franchise network

Employee Express’ legal team uses Onspring to track active and historical cases tied to each franchise location. This becomes especially important during ownership changes.

“Legal can go into Onspring, look at an office and immediately see what cases are active or resolved. It helps them make decisions when ownership changes.”

Monitoring DevOps workflows

A custom DevOps app surfaces activity trends across scanned sites, libraries and development tools. Leadership can easily see progress and workload distribution across the team.

Turning operational data into executive insight

Mysti also created dashboards for data governance initiatives, helping executives understand how policies reduce risk and strengthen oversight across the company.

When Express implemented Copilot, AI risks and data exposure became top of mind for leadership. Onspring helped answer critical questions quickly.

“Executives were concerned about what users might be able to see. We can show them how many licensed users we have, how many are actually using it, the types of prompts they ask and the sensitivity of the data being returned.”

Operational data became strategic insight, helping the company set responsible guidelines for AI use.

Results

A unified operational view

The team no longer gathers information from scattered systems. Onspring consolidates daily activity, trends and risk indicators in one place.

Faster reporting and less manual work

Dashboards eliminate the need to pull and merge multiple reports. Leadership now sees what is happening operationally within minutes.

Higher confidence in decision-making

Legal, DevOps, cyber operations and data governance teams rely on shared data to coordinate efforts and anticipate issues.

Stronger AI governance

The company can monitor real usage patterns of Copilot, understand data sensitivity and provide leadership with accurate, real-world insights.

Looking Ahead: Expanding with AI Inside Onspring

Mysti sees Onspring’s AI capabilities as a way to speed up troubleshooting, discovery and onboarding for new users.

“I am excited about the AI inside Onspring and how it can help me get to answers faster. It will also help us train new users as more departments come on board.”

Advice for new users

Mysti encourages new users to embrace the platform without hesitation.

• “If someone is considering Onspring, I would just say do it. Do not be scared of it. You cannot break it. I have tried. Just get in there and click around.”

  Mysti Williams

  – Cybersecurity Engineer

  Express Employment International

  Read Case Study →