I use plain English to show you what appropriate cybersecurity looks like for your business, so you can get back to your ‘real’ job.

I help organisations to improve their defences against the most common cybersecurity threats, through focused advice, one-off board training, and recurring staff training and testing.

I specialise in helping regulated financial services firms, and SMEs that sell to regulated firms, to prove that they are managing cybersecurity risk appropriately. 

I help the executive or senior manager responsible for IT when they are under pressure to:

  • Understand the real cybersecurity risks to their organisation
  • Identify the steps they can take to manage the risks, and
  • Demonstrate to their regulators, clients and prospects that they are not a risk.

I focus on pragmatic IT security advice to ensure you understand the most likely threats to your firm and the expectations of stakeholders (e.g. board members; prospective and current clients; regulators), the pragmatic steps you can take to reduce the risks, and the ways you can prove that you have this nailed.

When can I help?

I am a good fit if you are frustrated by:

  • Lack of confidence – You are very concerned about an attack on your business – Not just because of the immediate financial loss and operational disruption, but because of the longer term reputational damage. 
  • Lack of clarity – You read a lot about cybersecurity threats and attacks, but you don’t know what you should focus on and what to ask your IT people.
  • Lack of answers – Even when you ask your IT people, you aren’t certain whether you asked the the right questions and if they have actually provided reasonable answers. 
  • Lack of momentum – You want to get this addressed, but there’s always something more urgent to do. It’s difficult to maintain momentum.
  • Lacks of wins – You struggle to provide coherent answers when your regulators, clients or prospects ask you about your security measures. You have a nagging feeling that you are not converting prospects into paying clients because they perceive you as a risk. You are losing out to bigger competitors because they are seen as ‘safer’. 
  • Lack of pragmatic advice – You are unable to find a way to solve this in a pragmatic way. You don’t have the expertise to do it all in-house, but you also don’t want to engage a fleet of consultants who will flood you with fancy presentations and graphs that make you even more confused than before.

Who am I?

Sam Glynn

I am Sam Glynn. I have worked in the world of Corporate IT for almost 25 years.

I worked in various IT management roles in the financial services industry for 15 years. I established Code in Motion in 2012 to provide independent IT, cybersecurity and data protection training and advice to regulated financial services firms and those that sell to these firms.

Alongside my IT & cybersecurity qualifications and experience, I am also a certified data protection officer.

The About page can tell you more.

“Sam is the only IT person I know who doesn’t talk out of his a**. He speaks like people speak!”

– My favourite testimonial – From the Operations Manager of a client (c. 2016).


Am I the solution for you?

Good is better than perfect.

Businesses seldom benefit from perfect solutions – They take too long and cost too much, and are impossible to sustain.

Good is better than perfect. 

My guidance is pragmatic, and tailored to the concerns and resources of your business, and the expectations of your clients, prospects, board members and regulators.

I start by ensuring you have the right foundations in place. This might be good enough.

If it is not, I then lead you through a short, structured process to identify what ‘good enough’ means for your business, and then develop a structured, achievable roadmap that will guide you there.

I understand technology but I communicate in plain English.

I don’t use all of the latest techie terminology in an effort to prove my knowledge. I can go down that rabbit-hole when necessary.

I use plain English to help you understand what it takes to defend your firm like a pro. 

It is ‘me’, not ‘we’.

If you want to work with a specific advisor from start-to-finish, I may be a good fit.

If you are more comfortable working with a big consultancy firm (or if you need their cover), that’s fine too – But I am not for you.

I do not have a bench of junior associates. I have many trusted and experienced 3rd parties who I call on if we need their specific skills.

But if you choose to work with me, it will be me. You will be paying for my experience, not funding my education.

If you’re a regulated firm, you need provable security. 

Every business needs to take pragmatic steps to protect itself against the most likely cybersecurity threats.

However, you may need to do more:

  • If you are a regulated firm, you probably also need to prove to your Board and your regulators that you align to regulatory expectations.
  • If you sell to regulated firms, you probably need to prove to these firms that you are not a risk to their security. You may think you are a solution, but they think you are a risk.

I will help you to manage the risk. More importantly, I will show you how to prove it.