Cybersecurity Trainer and Advisor 

I help organisations to improve their defences against the most common cybersecurity threats, through the delivery of one-off board training, recurring staff training and testing, and broader advisory services.

I specialise in helping regulated financial services firms to prove to their regulators, and service providers to prove to their regulated clients, that they are managing cybersecurity risk like a pro. 

I help the executive or senior manager responsible for IT when they are under pressure to:

  • Understand the real cybersecurity risks to their organisation
  • Identify the steps they can take to manage the risks, and
  • Prove to their regulators, clients and prospects that they are not a risk.

I focus on pragmatic IT security advice to ensure you understand the most likely threats to your firm and the expectations of stakeholders (e.g. board members; prospective and current clients; regulators), the pragmatic steps you can take to reduce the risks, and the ways you can prove that you have this nailed.

When can I help?

I am a good fit if you are frustrated by:

  • Lack of time – You want to deliver effective once-off cybersecurity training to your board members or recurring training and testing to your staff members, but there’s always something more urgent that prevents you from getting this done.
  • Lack of clarity – You read a lot about cybersecurity threats and attacks, but you don’t know what you should be focused on.
  • Lack of confidence – You are very concerned about an attack on your business – Not just because of the immediate financial loss and operational disruption, but because of the longer term reputational damage. 
  • Lack of compliance evidence – You are being told that cybersecurity risk is being managed appropriately, but you don’t have the evidence to prove your regulatory compliance.
  • Lack of answers – You struggle to provide coherent answers when your regulators, clients or prospects ask you to prove that you are not a risk.
  • Lacks of wins – You have a nagging feeling that you are not converting prospects into paying clients because they perceive you as a risk. You are losing out to bigger competitors because they are perceived as ‘safer’. 
  • Lack of solutions – You are unable to find a way to solve this in a pragmatic way. You don’t have the expertise to do it all in-house, but you also don’t have the desire to engage a fleet of consultants to flood you with polished presentations and graphs.

Who am I?

Sam Glynn

I am Sam Glynn. I have worked in the world of Corporate IT for almost 25 years.

I worked in various IT management roles in the financial services industry for 15 years. I established Code in Motion in 2012 to provide independent IT, cybersecurity and data protection training and advice to regulated financial services firms.

Alongside my IT qualifications and experience, I am also a certified data protection officer.

The About page can tell you more.

“Sam is the only IT person I know who doesn’t talk out of his a**. He speaks like people speak!”

– My favourite testimonial – From the Operations Manager of a client, c. 2016.


Am I the solution for you?

Staff Training: You need a fully-managed training and testing service 

You are no longer satisfied with ticking the box on staff training. You need a fully managed training and testing service that can be implemented quickly and provides specific metrics on a quarterly basis to demonstrate the increasing strength of the organisation’s human defences. 

Board Training: You need someone who can speak in plain English to a non-technical audience of senior people

Your board needs to be trained and updated on cybersecurity risk on a frequent basis. But you recognise that board members are as interested in regulatory compliance as they are in cybersecurity. You need someone who can talk not just about cybersecurity, but also about the expectations of the regulator on board members.

Advisory: You need provable security. 

Every business needs to take pragmatic steps to protect itself against the most likely cybersecurity threats.

However, you need to do more:

  • You need to know that the steps you are taking are the right steps, and are being taken in the right order.
  • If you are a regulated firm, you need to prove to your Board and your regulators that you align to regulatory expectations.
  • If you sell to regulated firms, you need to prove to these firms that you are not a risk to their security. You may think you are a solution, but they think you are a risk.

I will help you to manage the risk. More importantly, I will show you how to prove it.    

‘Good Enough’ is good enough.

Businesses seldom benefit from perfect solutions – They take too long and cost too much.

[Good enough] is usually good enough. 

My guidance is pragmatic, and tailored to the concerns and resources of your business, and the expectations of your clients, prospects, board members and regulators.

It is ‘me’, not ‘we’.

If you are comfortable working with a Big Four consultancy firm, I am not for you. I do not have a bench of junior associates.

I have many trusted and experienced 3rd parties who I call on if we need their specific skills.

But if you choose to work with me, it will be me.

You will be paying for my experience, not funding my education.

I understand technology but I communicate in plain English.

I don’t use all of the latest techie terminology in an effort to prove my knowledge. I can go down that rabbit-hole when necessary.

I use plain English to help you understand what it takes to defend your firm like a pro.