Who am I?

Hi, I am Sam Glynn, founder of Code in Motion.

I help those who sell to regulated financial services firms to:

  • Understand the most likely cybersecurity threats faced by their firm
  • Understand the risks that their prospects perceive about their firm 
  • Implement pragmatic steps to deal with these real and perceived risks, and
  • Prove to their clients, prospects, and other interested stakeholders that they are not a risk.

My typical client

My typical client is a small firm with 5-100 staff. They are frequently fintechs (but not always).

They have achieved a level of success and market validation. They have paying clients but most are non-regulated firms or smaller, less sophisticated regulated firms. They are now targeting larger, more sophisticated firms but they are finding the procurement process far more challenging. 

My client’s prospects are increasingly concerned about the risk that they pose to their business, and my client is being asked for an increasing level of evidence to prove that they have appropriate security measures in place. 

My client usually does not have the resources or budget to commit significant time or money to a major cybersecurity project. While they may have in-house IT expertise, this expertise needs to be focused on client work. As a result, IT is usually being managed in-house on an ad-hoc basis. 

Bringing all this together, the founder or CEO is:

  • Seeing a longer sales cycle, or indications of a “slow no”, on some key deals.
  • Feeling like there is an invisible ceiling that is preventing the firm from achieving its financial goals, and maximising its book value.
  • Hopeful that a regulator, board member, client or prospect doesn’t ask too many searching questions about their cybersecurity defences.
  • Worried about the financial and reputational damage of a cyber attack or information security breach.
  • Concerned about burning time and money because they started in the wrong place, or focused on the wrong threats. 
  • Confused about how much is ‘good enough’, and if any of the industry benchmarks that are out there (e.g. CIS, Cyber Essentials, NIST CSF, ISO 27001) could be of use.

I do not publish a list of past or current clients but they are happy to provide references if you need them. In the meantime, you can get a sense of who I work with by looking at my connections on LinkedIn.

My Dirty Little Secret

In truth, my engagements frequently grow beyond IT security and risk management and develop into general advisory / counsel for the founder or CEO.

While this has not been an intentional strategy on my part, it appears to be a valuable service to many of my clients.

Perhaps after 20+ years working with may firms in the regulated financial services world, I can provide an independent perspective that ensures you maintain the 30,000 foot view while you are buried in the weeds.   

My experience

2012 – Present: IT, cybersecurity and data protection advisor to regulated financial services firms and their service providers. I use my technology, risk management and data protection experience to ensure my clients’ systems, staff and IT providers are fit-for-purpose and provably secure.

2011 – 2012: IT service delivery manager, representing the delivery of IT services by Bank of Ireland and IBM to Northern Trust and State Street Global Advisors.

2009 – 2010: IT programme manager in Bank of Ireland, leading a number of initiatives to try to upgrade and rollout various Microsoft technologies across what was a diverse organisation of 13,000+ staff.

2001 – 2008: IT development manager for BIAM. I led teams of software developers and analysts in the delivery of new systems and system enhancements to client servicing, finance and risk & compliance teams. I was also the IT relationship manager to these business areas, ensuring their current problems and future needs were being addressed by the IT function.

1997 – 2001: Software development & IT management roles in BIAM (Ireland’s largest investment manager at the time). This role included the implementation and integration of document management systems, as well as leading the design and development of numerous secure banking websites.

My certifications

CCRS – Certified Cyber Risk Specialist

CIPP/E – Certified Information Privacy Professional (Europe)

CIPM – Certified Information Privacy Manager

CDPO – Certified Data Protection Officer

CISM [Pending certification] – Certified Information Security Manager

My academic qualifications

MSc Technology Management – 2008

Dip Psychology – 2001

BSc Computer Science – 1997

My current memberships

ISACA – Previously the Information Systems Audit and Control Association (www.isaca.org

Association of Compliance Officers in Ireland (www.acoi.ie)

International Association of Privacy Professionals (www.iapp.org)