Who am I?

Hi, I am Sam Glynn, founder of Code in Motion.

I help regulated financial services firms, and those who sell to these firms, to:

  • Understand the most likely cybersecurity threats they face
  • Implement pragmatic steps to defend themselves, and
  • Prove to their regulators, board members, clients and prospects that they are not a risk.

My typical client

My typical client is a small firm with 5-100 staff. 

They may have a growing concern about cybersecurity attacks and a fear that they may be subject to the types of attacks reported in the papers every day.

Their board members or regulators may be increasingly concerned about how the risk is being managed, and how it is aligning to regulatory guidance and expectations. Cybersecurity and Third Party Risk Management (TPRM) are hot topics.

Their clients and prospects may be increasingly concerned about the risk that they pose to the client’s / prospect’s security, and they may be getting asked for an increasing level of evidence to prove that they have appropriate security measures in place. 

They usually do not have the resources or budget to commit significant time or money to a major cybersecurity project or into expensive technology. They usually have little or no in-house IT expertise. In many cases, IT is usually outsourced to an external IT Managed Service Provider (MSP) or it is being managed in-house on an ad-hoc basis. 

Bringing all this together, the senior management team is:

  • Worried about the financial and reputational damage of an attack.
  • Concerned about starting in the wrong place, or focusing on the wrong threats.
  • Unsure about how to get maximum benefit from any spend.
  • Confused about the various industry benchmarks that are out there (e.g. CIS 20, Cyber Essentials, NIST CSF, ISO 27001) and which, if any, they should align to.
  • Hopeful that a regulator, board member, client or prospect doesn’t ask too many searching questions about their cybersecurity defences.

I typically work with the business owner, the CEO or the most senior person in the firm who is accountable for IT, even though IT is not their primary area of expertise.

I do not publish a list of past or current clients but they are happy to provide references if you need them. In the meantime, you can get a sense of who I work with by looking at my connections on LinkedIn.

My experience

2012 – Present: IT, cybersecurity and data protection advisor to regulated financial services firms. I use my technology, risk management and data protection experience to ensure my clients’ systems, staff and IT providers are fit-for-purpose and provably secure.

2011 – 2012: IT service delivery manager, representing the delivery of IT services by Bank of Ireland and IBM to Northern Trust and State Street Global Advisors.

2009 – 2010: IT programme manager in Bank of Ireland, leading a number of initiatives to try to upgrade and rollout various Microsoft technologies across what was a diverse organisation of 13,000+ staff.

2001 – 2008: IT development manager for BIAM. I led teams of software developers and analysts in the delivery of new systems and system enhancements to client servicing, finance and risk & compliance teams. I was also the IT relationship manager to these business areas, ensuring their current problems and future needs were being addressed by the IT function.

1997 – 2001: Software development & IT management roles in BIAM (Ireland’s largest investment manager at the time). This role included the implementation and integration of document management systems, as well as leading the design and development of numerous secure banking websites.

My certifications

CCRS – Certified Cyber Risk Specialist

CIPP/E – Certified Information Privacy Professional (Europe)

CIPM – Certified Information Privacy Manager

CDPO – Certified Data Protection Officer

CISM [Pending certification] – Certified Information Security Manager

My academic qualifications

MSc Technology Management – 2008

Dip Psychology – 2001

BSc Computer Science – 1997

My current memberships

ISACA – Previously the Information Systems Audit and Control Association (www.isaca.org

Association of Compliance Officers in Ireland (www.acoi.ie)

International Association of Privacy Professionals (www.iapp.org)

Institute of Directors (www.iodireland.ie)