Who am I?

Hi, I am Sam Glynn, founder of Code in Motion.

I help regulated financial services firms, and those who sell to these firms, to:

  • Understand the most likely cybersecurity threats they face
  • Implement pragmatic steps to defend themselves, and
  • Prove to their regulators, board members, clients and prospects that they are not a risk.

My typical client

My typical client is a small firm with 5-100 staff. 

Many have a growing concern about the reputational damage that they would suffer if they were the victims of a cybersecurity attack or data breach.

They may also have a concern about their alignment to the expectations of regulators such as the Central Bank of Ireland (CBI). They are worried about the problems that could arise in the event of an inspection by regulator or audit by a client, and the reputational damage this could cause.

Their board members or regulators may be increasingly concerned about how the risk is being managed, and how it is aligning to regulatory guidance and expectations. 

Their clients and prospects may be increasingly concerned about the risk that they pose to the client’s / prospect’s security, and they may be getting asked for an increasing level of evidence to prove that they have appropriate security measures in place. 

They can see that cybersecurity, business resilience, outsourcing and Third Party Risk Management (TPRM) are hot topics for regulators and large clients.

They usually do not have the resources or budget to commit significant time or money to a major cybersecurity project or into expensive technology. They usually have little or no in-house IT expertise. In many cases, IT is usually outsourced to an external IT Managed Service Provider (MSP) or it is being managed in-house on an ad-hoc basis. 

Bringing all this together, the senior management team is:

  • Worried about the financial and reputational damage of an attack.
  • Concerned about starting in the wrong place, or focusing on the wrong threats.
  • Unsure about how to get maximum benefit from any spend.
  • Confused about the various industry benchmarks that are out there (e.g. CIS, Cyber Essentials, NIST CSF, ISO 27001) and which, if any, they should align to.
  • Hopeful that a regulator, board member, client or prospect doesn’t ask too many searching questions about their cybersecurity defences.

I typically work with executive or senior manager in the firm who is accountable for IT, even though IT is not their primary area of expertise.

I do not publish a list of past or current clients but they are happy to provide references if you need them. In the meantime, you can get a sense of who I work with by looking at my connections on LinkedIn.

My experience

2012 – Present: IT, cybersecurity and data protection advisor to regulated financial services firms. I use my technology, risk management and data protection experience to ensure my clients’ systems, staff and IT providers are fit-for-purpose and provably secure.

2011 – 2012: IT service delivery manager, representing the delivery of IT services by Bank of Ireland and IBM to Northern Trust and State Street Global Advisors.

2009 – 2010: IT programme manager in Bank of Ireland, leading a number of initiatives to try to upgrade and rollout various Microsoft technologies across what was a diverse organisation of 13,000+ staff.

2001 – 2008: IT development manager for BIAM. I led teams of software developers and analysts in the delivery of new systems and system enhancements to client servicing, finance and risk & compliance teams. I was also the IT relationship manager to these business areas, ensuring their current problems and future needs were being addressed by the IT function.

1997 – 2001: Software development & IT management roles in BIAM (Ireland’s largest investment manager at the time). This role included the implementation and integration of document management systems, as well as leading the design and development of numerous secure banking websites.

My certifications

CISM [Pending certification] – Certified Information Security Manager

CCRS – Certified Cyber Risk Specialist

CDPO – Certified Data Protection Officer

CIPP/E – Certified Information Privacy Professional (Europe)

CIPM – Certified Information Privacy Manager

My academic qualifications

MSc Technology Management – 2008

Dip Psychology – 2001

BSc Computer Science – 1997

My current memberships

ISACA – Previously the Information Systems Audit and Control Association (www.isaca.org

Association of Compliance Officers in Ireland (www.acoi.ie)

International Association of Privacy Professionals (www.iapp.org)