Independent IT Adviser to Executives of Regulated Financial Services Firms

I help regulated financial services firms reduce the risk of a cybersecurity incident.

I enable 1st line executives to demonstrate to their 2nd line, to their 3rd line, to their Board and to the CBI that the risk is being managed appropriately.

While I can talk bits-and-bytes where necessary, I focus on providing plain English explanations of your current risks and the pragmatic steps you should take to mitigate these risks.


When can I help?

I usually get involved when the CFO, COO or the executive responsible for IT is:

  • Concerned about the risk of a data breach or cyber incident in their organisation.
  • Unable to confidently answer questions or address risk items raised by 2nd line (Risk & Compliance), 3rd line (Internal Audit) or the Board.
  • Unsure about the firm’s alignment to the Central Bank’s expectations on IT, cybersecurity and cloud outsourcing
  • Unsure what questions to ask of the firm’s IT service providers
  • Frustrated and impatient about the responses received from these service providers – Their answers are frequently opaque, incomplete or miss the point entirely.


How can I help?

I independently assess the organisation’s current cybersecurity defences and I provide pragmatic guidance in plain English on the steps required to improve this current state.

My engagements vary depending on the concerns of the executive for whom I work, but may include seeking answers to questions like:

  • Is IT secure? I assess how IT is contributing to the organisation’s defences against cyber crime, payment fraud, and data breach. I provide pragmatic advice on improvements it could make to improve these defences.
  • Is IT aligned to Central Bank expectations? I assess whether the organisation’s technology and governance align to the Central Bank of Ireland’s expectations, especially with regard to IT and cybersecurity and risk management, & outsourcing to the cloud.
  • What else are others doing? Managing cyber risk is not just about technology. There are also organisational controls that should be in place to improve a firm’s defences – e.g. staff training and testing. My focus is not just on IT.


Who am I?

Sam Glynn

I am Sam Glynn. I have worked in IT for over 20 years.

I worked in various IT management roles in the wholesale financial services industry for 15 years.

I have been providing independent IT guidance to financial services firms since 2012. LinkedIn can tell you more.

I know the questions to ask about cybersecurity and I know how to interpret and challenge the answers.



Am I the solution for you?

I am independent.

While I work with an organisation’s staff and service providers to truly understand what is going on, I have no allegiance to current solutions or previous decisions.

My assessments and guidance are truly independent, and I answer to the executive who engages me. 

It is ‘me’, not ‘we’.

I do not have a bench of junior associates focused on filling chargeable hours.

I have many trusted and experienced 3rd parties who I can call on if we need their specific skills.

But if you choose to work with me, it will be me.

I know technology but I communicate in plain English.

I communicate regularly with Board members and senior business executives in plain English about technology problems and solutions.

Whiteboards, visuals and metaphors are all key elements of my communication approach.

I apologise in advance for metaphors and analogies involving Luas tracks and train drivers, houses vs mobile homes, and burglar alarms and grannies.

I am pragmatic, not academic.

Organisations seldom need ‘perfect’ solutions – They take too long.

‘Good enough’ may be the immediate need, with ‘great’ as a longer-term goal.

My guidance is always pragmatic, and tailored to the needs and capabilities of the organisation.

It’s not about technology. It’s about risk management and the desired business outcome.


Should we have a conversation?

Let’s talk:

  • Connect with me on LinkedIn.
  • Call me at (01) 554 6268. If I am unable to answer, just leave your contact details and I will call you back.
  • Get in touch using the form below.

Privacy: Breaching your trust would destroy my business. I will only use your personal data for the purposes of responding to your query. More information is accessible in my privacy policy.
Confidentiality: I treat every conversation as confidential but if you need a non-disclosure agreement before we talk, just mention this above.