Cybersecurity for Regulated Financial Services Firms and Their Service Providers


I enable regulated financial services firms to prove to their regulators, and service providers to prove to their regulated clients, that they are managing cybersecurity risk like a pro. 

I help the executive or senior manager responsible for IT when they are under pressure to:

  • Understand the real cybersecurity risks to their organisation
  • Identify the steps they can take to manage the risks, and
  • Prove to their regulators, clients and prospects that they are not a risk.

I focus on pragmatic IT security advice to ensure you understand the most likely threats to your firm and the expectations of regulators, the pragmatic steps you can take to reduce the risks, and the ways you can prove to your regulators, clients and prospects that you have this nailed.

When can I help?

I may be a good fit if you are frustrated by:

  • Lack of clarity – You read a lot about cybersecurity threats and attacks, but you don’t know what you should be focused on.
  • Lack of confidence – You are very concerned about an attack on your business – Not just because of the immediate financial loss and operational disruption, but because of the longer term reputational damage. 
  • Lack of compliance evidence – You are being told that cybersecurity risk is being managed appropriately, but you don’t have the evidence to prove your regulatory compliance.
  • Lack of answers – You struggle to provide coherent answers when your regulators, clients or prospects ask you to prove that you are not a risk.
  • Lacks of wins – You have a nagging feeling that you are not converting prospects into paying clients because they perceive you as a risk. You are losing out to bigger competitors because they are perceived as ‘safer’. 
  • Lack of solutions – You are unable to find a way to solve this in a pragmatic way. You don’t have the expertise to do it all in-house, but you also don’t have the desire to engage a fleet of consultants to flood you with pre-packed presentations and graphs.

Who am I?

Sam Glynn

I am Sam Glynn. I have worked in the world of Corporate IT for almost 25 years.

I worked in various IT management roles in the financial services industry for 15 years. I established Code in Motion in 2012 to provide independent IT, cybersecurity and data protection advice to large regulated financial services firms.

I help regulated firms to manage IT security risk and to prove their regulatory compliance.

I help those who sell to regulated firms to win and retain clients by showing them how to proactively address the reasons why these regulated firms perceive them as a risk.

Alongside my IT qualifications and experience, I am also a qualified data protection officer.

LinkedIn can tell you more.


Am I the solution for you?

You need provable security. 

Every business needs to take pragmatic steps to protect itself against the most likely cybersecurity threats.

However, you need to do more:

  • If you are a regulated firm, you need to prove to your Board and your regulators that you align to regulatory expectations.
  • If you sell to regulated firms, you need to prove to these firms that you are not a risk to their security. You may think you are a solution, but they think you are a risk.

I will help you to manage the risk. More importantly, I will show you how to prove it.    

‘Good Enough’ is good enough.

Businesses seldom benefit from perfect solutions – They take too long and cost too much.

[Good enough] is usually good enough. 

My guidance is pragmatic, and tailored to the concerns and resources of your business, and the expectations of your clients, prospects, board members and regulators.

It is ‘me’, not ‘we’.

If you are comfortable working with a Big Four consultancy firm, I am not for you. I do not have a bench of junior associates.

I have many trusted and experienced 3rd parties who I call on if we need their specific skills.

But if you choose to work with me, it will be me.

You will be paying for my experience, not funding my education.

I understand technology but I communicate in plain English.

I don’t use all of the latest techie terminology in an effort to prove my knowledge. I can go down that rabbit-hole when necessary.

I use plain English to help you understand what it takes to defend your firm like a pro.