Be sure you’re secure

I give you certainty that you have reasonable security in place to reduce the risks of a cybersecurity attack.

I help the executive or senior manager who is responsible for IT when they are under pressure to:

  • Understand the real cybersecurity risks to their organisation
  • Identify the steps they can take to manage the risks, and
  • Demonstrate to their regulators, clients and prospects that they are not a risk.

I provide pragmatic IT security advice to ensure you understand the most likely threats to your organisation, the pragmatic steps you can take to reduce the risks, and the ways you can prove to your key stakeholders (including clients, prospects, the Board, and the regulators) that you have this nailed.

What do I guarantee?

  1. No jargon. Just Plain English.
  2. No bull. Just actionable insight.
  3. No scenic routes. Just direct and to-the-point advice.
  4. No juniors. Just me.  

When can I help?

I can help if you are frustrated by:

  • Lack of confidence – You are very concerned about an attack on your organisation – Not just because of the immediate financial loss and operational disruption, but because of the longer-term reputational damage. 
  • Lack of clarity – You read a lot about cybersecurity threats and attacks, but you don’t know what you should focus on and what to ask your IT providers.
  • Lack of answers – Even when you ask your IT providers, you aren’t certain whether you asked the the right questions and if they have actually provided reasonable answers. 
  • Lack of momentum – You want to get this addressed, but there’s always something more urgent to do. It’s difficult to maintain momentum.
  • Lack of pragmatic advice – You are unable to find a way to solve this in a pragmatic way. You don’t have the expertise to do it all in-house, but you also don’t want to engage a fleet of consultants who will flood you with fancy presentations and graphs that make you even more confused than before.
  • Lacks of wins – You struggle to provide coherent answers when your regulators, clients or prospects ask you about your security measures. If you work with regulated firms, you have a nagging feeling that you are not converting prospects into paying clients because they perceive you as a risk. You are losing out to bigger competitors because they are perceived as ‘safer’. 

Who am I?

Sam Glynn

I am Sam Glynn. I have worked in the world of Corporate IT for almost 25 years.

I worked in various IT management roles in the financial services industry for 15 years. I established Code in Motion in 2012 to provide independent IT, cybersecurity and data protection training and advice to regulated financial services firms and those that sell to these firms.

Alongside my IT & cybersecurity qualifications and experience, I am also a Certified Data Protection Officer. (Yep, I’m the guy you avoid at parties..)

The About page can tell you more.

“Sam is the only IT person I know who doesn’t talk out of his a**. He speaks like people speak!”

– My favourite testimonial – From the Operations Manager of a client (c. 2016).


Am I the solution for you?

You need ‘good enough’, not perfection.

Businesses seldom benefit from perfect solutions – They take too long and cost too much, and are impossible to sustain.

[Good enough] is better than [perfect]. 

My guidance is pragmatic, and tailored to the concerns and resources of your business, and the expectations of your clients, prospects, board members and regulators.

I start by ensuring you have the right foundations in place. This may be good enough.

If it is not, I then lead you through a short, structured process to identify what ‘good enough’ means for your business, and then develop a structured, achievable roadmap that will guide you there.

You need plain English.

You are an expert in your field, but cybersecurity is not your area of expertise. 

I use plain English to explain what the risks are, and how to manage them effectively. 

You need a trusted advisor and translator.

Managing this usually involves many conversations and negotiations with IT providers and other third parties.

You need someone to represent your best interests in these engagements.

It is ‘me’, not ‘we’.

If you want to work with a large team of consultants (or if you need the cover that a large consultancy firm will give you), I am not for you.

I do not have a bench of junior associates. I have many trusted and experienced 3rd parties who I call on if we need their specific skills.

But if you choose to work with me, it will be me.

You will be paying for my experience, not funding my team’s education.

Bonus: You work in a regulated financial services firm or you are trying to sell to these firms. 

Every business needs to take pragmatic steps to protect itself against the most likely cybersecurity threats. And I help many non-regulated organisations to improve their cybersecurity defences.

However, as a regulated entity, you need to do more – You need prove to your Board and your regulators that you align to regulatory expectations.

And if you sell to regulated firms, you need to prove to these firms that you are not a risk to their security. You may think you are a solution, but they think you are a risk.

I will help you to manage the risk. More importantly, I will show you how to prove it.