Hi, I am Sam Glynn
I interpret IT & Cyber Security Risks and Regulations into Actionable Advice, enabling my clients to manage IT and cyber security without losing their sanity.
I have been working with First Line and Second Line teams in regulated financial services firms for over 25 years, providing independent IT and cyber security advice to executives and senior managers.
I am a Certified Information Security Manager (ISACA CISM) and a Certified Data Protection Officer (Compliance Institute CDPO, IAPP CIPP/E, and IAPP CIPM), backed up by an MSc in Technology Management.
My mission (because we all have a mission, right?)
In the 25+ years I’ve been doing this, I see a recurring problem with executives and senior managers being held accountable for IT and cyber risk in their firms, even though IT & Cyber are not their areas of expertise.
I am sick of seeing:
- Execs and senior managers being driven insane by cyber risks and regulations, just because IT and cyber are not their area of expertise
- Risk and Compliance teams struggling to get the traction required to comply with regulatory expectations and to manage cyber risk.
- Regulated firms struggling to get their IT service providers to understand ‘their world’ and their specific regulatory compliance needs.
- Good IT providers struggling to service and secure their clients because clients think they are just trying to upsell
- Bad IT providers getting away with terrible service and a lack of due care for their clients
My mission is to to help my clients:
- Manage the avalanche of information and demands coming their way every day
- Filter out the noise so they can focus on the next most important action
- Defend against the most common cyber attacks
- Align to regulatory requirements
- Embed true collaboration between First Line and Second Line teams
- Develop effective partnerships with their IT service providers
And along the way:
- To enable good IT providers to service and secure their clients, and to be paid appropriately for doing so.
- To enable bad IT providers to be shown the door.
What my clients say
Sam is really easy to work with. He is highly organised with good clear communication. He always uses plain English, and avoids IT-speak!! The structure he brought to the process made it much easier for us to go through this – It brought real clarity to our current situation and the steps required to get to where we want to be. Sam’s pragmatism is also very refreshing – Too many IT / Cyber Consultants that I have encountered in the past just pushed the party line and did not consider the audience or organisational situation that they were dealing with. It is great that Sam was always on our wavelength in terms of identifying what is practical/possible, given the size and capability of our organisation and the needs of our clients.
Xcentuate partners with customers in the Financial Services, Agri, Pharma and Public sectors in EMEA and Asia-Pacific to transform their business operations. We know it is critical to get cyber security right so we can protect our customers and our business. We asked Sam to guide us.
From Day 1, I knew we had made the right decision. Step-by-step and always through plain English, Sam showed us how we could get from where we were to where we needed to be. His recommendations were always pragmatic and well-grounded. Every action was understandable, achievable, and tied to a clear security benefit.
If you are confused about what appropriate security looks like, what’s important versus what’s just noise, I highly recommend that you ask Sam to define a clear path for your organisation.
IT isn’t our forte so we needed someone in our corner explaining in layman’s terms our current set-up, what needs to be done and how best to do it. Sam broke it down into a series of manageable steps and was willing to work as a liaison between our service provider. He translated IT language into language we could understand. The structure of his recommendations report ensured we were never overwhelmed by the task at hand. We would not have progressed to the point where we are without Sam – end of story. We can now respond to the Central Bank’s Risk Evaluation Questionnaire with a lot more confidence.
Sam is the only IT person I know who doesn’t talk out of his a**. He speaks like people speak!
How Do I Help?
I don’t know you. But perhaps I can read your mind…
I know you are worried about a cyber attack.
I know you may also be worried about regulatory compliance.
I also know that you are busy with a lot of other priorities.
And because you are busy, you are afraid to even look at your current security defences.
Because you know it will only identify things that need to be improved.
And that means more work for you.
This has led to inaction.
And you are now afraid that your inaction is going to blow up in your face.
Why do I know this?
Because most of the people I have helped were in exactly the same situation.
So what do I do?
I focus our efforts on defining a pragmatic and sustainable action plan that suits your needs, capabilities, and constraints.
So we can eat this elephant one bite at a time.
Who I work with
My typical client is a financial services or professional services business.
They usually do not have in-house IT or cyber security expertise. Staff may be trying to manage it on a best-efforts basis, or they are assuming their 3rd party IT service provider (MSP) is managing all of this for them. (PS – This is usually an invalid assumption)
Many of my clients are regulated entities, so regulatory compliance can be also a significant concern.
I usually work with:
- The First Line exec or senior manager who is accountable for IT & cyber security, even though this is not their area of expertise
- The Second Line Risk or Compliance team, to ensure my work with the First Line reflects their regulatory needs and allays their risk concerns.
- The Board, so directors know what the firm is doing to effectively manage IT & cyber security risk.
What my paperwork says
2012 – Present: Cyber security & IT advisor. I use my cybersecurity, risk management, regulatory compliance, and data protection experience to ensure my clients’ systems, staff and IT providers are fit-for-purpose and provably secure.
2011 – 2012: IT Service Delivery Manager, leading the delivery of IT services by Bank of Ireland to Northern Trust and State Street Global Advisors, while trying to steer the activities of a global IT managed service provider.
2009 – 2010: IT Programme Manager in Bank of Ireland, overseeing the work of a number of 3rd party technology and consultancy firms as we tried to upgrade the IT capabilities provided to the organisation’s 13,000+ staff.
1997 – 2008: IT manager for BIAM (Ireland’s largest investment manager at that time). I led teams of software developers and business analysts, working primarily with client servicing, finance, risk, and compliance teams. I was also the IT relationship manager to these business areas, ensuring their current problems and future needs were being addressed. This role included the design and development of numerous secure banking portals.
CISM – Certified Information Security Manager
CDPO – Certified Data Protection Officer
CIPP/E – Certified Information Privacy Professional (Europe)
CIPM – Certified Information Privacy Manager
ISACA – Formerly the Information Systems Audit and Control Association (www.isaca.org)
Compliance Institute – Formerly the Association of Compliance Officers in Ireland (www.compliance.ie)
IAPP – International Association of Privacy Professionals (www.iapp.org)
MSc Technology Management – 2008
Dip Psychology – 2001
BSc Computer Science – 1997
But enough about me
You have concerns
You are concerned about a cyber attack. But you are equally concerned about..
- Not knowing what ‘good enough’ looks like
- Looking foolish because you do not know the techie jargon
- Being bamboozled by IT providers
- Spending too much money or investing in the wrong things
- Committing to cybersecurity improvements that will take too long or cost too much to implement, or which could be unsustainable in the longer term.
As a result of these concerns, you find it difficult to act.
And you fear that this inaction will blow up in your face.
Because you know if you suffer an attack, not only will it cause financial loss, business disruption, and reputational damage, it could also bring on a world of other pain – Attention from a regulator; a deeper review by a key client or business partner.
You have challenges
- You have little or no in-house IT expertise. Day-to-day IT is outsourced to an external IT Managed Service Provider (MSP).
- While you are accountable for IT, IT is not your primary area of expertise.
- You do not have the resources or budget to commit significant time or money to a major cybersecurity project or into expensive technology.
Does managing IT and cyber security drive you insane?
But instead you’re left with confusion:
Do you need Progression, not Perfection?
That’s where I come in.
- No techie jargon.
- No theoretical perfection.
- No junior associates.
Just clear, specific advice on how to get to where you want to go.
Regain Your Sanity
When can I help?
I can help if you are frustrated by:
- Lack of confidence – You are very concerned about a cyber-attack – Not just because of the immediate financial loss and operational disruption, but because of the longer-term reputational damage.
- Lack of clarity – You read a lot about cybersecurity threats and attacks, but you don’t know what you should focus on so your organisation has sufficient level of security that aligns to your needs, capabilities and the expectations of your clients and regulators.
- Lack of plain English – You don’t care about firewalls. You care about risks, and the ways to reduce the likelihood and/or impact of these risks.
- Lack of answers – Even if you ask your IT providers, you aren’t certain whether you asked the the right questions and if they have actually provided reasonable answers.
- Lack of momentum – You want to get this addressed, but there’s always something more urgent to do. It’s difficult to maintain momentum.
- Lack of pragmatic advice – You are unable to find a way to solve this in a pragmatic way. You don’t have the expertise to do it all, but you also don’t want to engage a fleet of consultants who will flood you with fancy presentations and graphs that make you even more confused than before.
Am I the solution for you?
Progress rather than Perfection
Progression is better than Perfection.
Businesses in the real world seldom benefit from perfect solutions – They take too long, cost too much, and are impossible to sustain.
My guidance is pragmatic and realistic, and tailored to your capabilities and constraints.
Plain English rather than PowerPoint.
You are an expert in your field, but cybersecurity is not your area of expertise.
You don’t want to be bamboozled by the latest techie jargon and wowed by fancy PowerPoint slides.
You want Plain English explanations of the risks and the regulations, and to be shown how to get this under control.
Trustworthy Interpretation rather than Techie Incomprehension.
Managing IT and cyber security inevitably involves conversations and negotiations with IT providers and other third parties.
I will be your trusted advisor and interpreter, so you get what you need.
Me rather than We.
If you want to work with a large team of consultants (or if you need the cover that a large consultancy firm will give you), I am not for you.
But if you choose to work with me, it will be me.
You will be paying for my experience, not funding my team’s education.
If it sounds like I could help you, let’s talk.
I only work with a limited number of clients at a time, so I can serve them well.
Please book your call at your earliest convenience, so we can see whether I’m a good fit for your needs.