Do you need to prove that your IT security defences are appropriate, but you don’t know where to start?

I help organisations to improve their defences against the most common cybersecurity threats, through focused advice, one-off board training, and recurring staff training and testing.

I specialise in helping regulated financial services firms, and SMEs that sell to regulated firms, to prove that they are managing cybersecurity risk appropriately. 

I help the executive or senior manager responsible for IT when they are under pressure to:

  • Understand the real cybersecurity risks to their organisation
  • Identify the steps they can take to manage the risks, and
  • Prove to their regulators, clients and prospects that they are not a risk.

I focus on pragmatic IT security advice to ensure you understand the most likely threats to your firm and the expectations of stakeholders (e.g. board members; prospective and current clients; regulators), the pragmatic steps you can take to reduce the risks, and the ways you can prove that you have this nailed.

When can I help?

I am a good fit if you are frustrated by:

  • Lack of time – You need to understand and address the most concerning cybersecurity gaps in your organisation, or deliver effective cybersecurity training to your board members or staff, but there’s always something more urgent to do.
  • Lack of clarity – You read a lot about cybersecurity threats and attacks, but you don’t know what you should focus on.
  • Lack of confidence – You are very concerned about an attack on your business – Not just because of the immediate financial loss and operational disruption, but because of the longer term reputational damage. 
  • Lack of compliance evidence – You are being told that cybersecurity risk is being managed appropriately, but you don’t have the evidence to prove it.
  • Lack of answers – You struggle to provide coherent answers when your regulators, clients or prospects ask you to prove that you are not a risk.
  • Lacks of wins – You have a nagging feeling that you are not converting prospects into paying clients because they perceive you as a risk. You are losing out to bigger competitors because they are seen as ‘safer’. 
  • Lack of solutions – You are unable to find a way to solve this in a pragmatic way. You don’t have the expertise to do it all in-house, but you also don’t have the desire to engage a fleet of consultants to flood you with polished presentations and graphs.

Who am I?

Sam Glynn

I am Sam Glynn. I have worked in the world of Corporate IT for almost 25 years.

I worked in various IT management roles in the financial services industry for 15 years. I established Code in Motion in 2012 to provide independent IT, cybersecurity and data protection training and advice to regulated financial services firms.

Alongside my IT qualifications and experience, I am also a certified data protection officer.

The About page can tell you more.

“Sam is the only IT person I know who doesn’t talk out of his a**. He speaks like people speak!”

– My favourite testimonial – From the Operations Manager of a client (c. 2016).


Am I the solution for you?

You need provable security. 

Every business needs to take pragmatic steps to protect itself against the most likely cybersecurity threats.

However, you need to do more:

  • You need to know that the steps you are taking are the right steps, and are being taken in the right order.
  • If you are a regulated firm, you need to prove to your Board and your regulators that you align to regulatory expectations.
  • If you sell to regulated firms, you need to prove to these firms that you are not a risk to their security. You may think you are a solution, but they think you are a risk.

I will help you to manage the risk. More importantly, I will show you how to prove it.    

‘Good Enough’ is good enough.

Businesses seldom benefit from perfect solutions – They take too long and cost too much.

Good enough is usually good enough. 

My guidance is pragmatic, and tailored to the concerns and resources of your business, and the expectations of your clients, prospects, board members and regulators.

It is ‘me’, not ‘we’.

If you are comfortable working with a Big Four consultancy firm, I am not for you. I do not have a bench of junior associates.

I have many trusted and experienced 3rd parties who I call on if we need their specific skills.

But if you choose to work with me, it will be me.

You will be paying for my experience, not funding my education.

I understand technology but I communicate in plain English.

I don’t use all of the latest techie terminology in an effort to prove my knowledge. I can go down that rabbit-hole when necessary.

I use plain English to help you understand what it takes to defend your firm like a pro.