Who am I?

Hi, I am Sam Glynn, founder of Code in Motion.

I help organisations to improve their defences against the most common cybersecurity threats, through the delivery of one-off board training, recurring staff training and testing, and broader advisory services.

I specialise in helping regulated financial services firms, as well as those who sell to these firms.

I provide plain English and pragmatic guidance so my clients:

  • Understand the most likely cybersecurity threats they face
  • Implement pragmatic steps to defend themselves, and
  • Prove to their regulators, board members, clients and prospects that they are managing the risks appropriately.

My typical client

Their primary concerns

  1. Many have a growing concern about the reputational damage that they would suffer if they were the victims of a cybersecurity attack or data breach.
  2. If they are a regulated firm, they also have a concern about their alignment to the expectations of regulators such as the Central Bank of Ireland (CBI). They are worried about the problems that could arise in the event of an inspection by regulator or audit by a client, and the reputational damage this could cause.
  3. Their board members or senior management team may be increasingly concerned about how the risk is being managed, and how it is aligning to the expectations of key stakeholders. 
  4. Their clients and prospects may be increasingly concerned about the risk that they pose to the client’s / prospect’s security, and they may be getting asked for an increasing level of evidence to prove that they have appropriate security measures in place. 
  5. They can see that cybersecurity, business resilience, outsourcing and Third Party Risk Management (TPRM) are hot topics for regulators and large clients.

Their common challenges

  1. They may have little or no in-house IT expertise. In many cases, IT is usually outsourced to an external IT Managed Service Provider (MSP), by a faceless global team, or it is being managed in-house on an ad-hoc basis. 
  2. They may not have the resources or budget to commit significant time or money to a major cybersecurity project or into expensive technology.
  3. If they have the resources, they may prefer that these are focused on more valuable initiatives.

Their reason for seeking my help

My staff training and testing service is a good fit for organisations that seek a fully managed service that can be implemented quickly, and provides specific metrics on a quarterly basis that demonstrate the increasing strength of the organisation’s human defences. 

My board training is a good fit for organisations that need someone who knows how to speak in plain English to non-technical board members about cybersecurity risk management and regulatory compliance.

My more in-depth advisory services are a good fit when the organisation:

  • Needs someone who speaks in plain English, filters out the noise and delivers clear guidance. 
  • Wants to know what ‘good enough’ looks like, using globally-recognised benchmarks. 
  • Wants to get to the answer as quickly as possible, so we can get on with implementation and adjust course along the way. 
  • Needs to deliver evidence as soon as possible to stakeholders (e.g. board members; prospective or current clients; regulators) that the organisation is moving in the right direction

Who I work with

For ongoing staff training ad testing engagements, I typically work with a HR or Operations manager to agree the scope and frequency of the training and testing.

For one-off / board training engagements, I typically work with an executive or senior Operations manager to identify an appropriate scope and agenda for the session.

For in-depth / advisory engagements, I typically work with executive or senior manager in the firm who is accountable for IT, even though IT is not their primary area of expertise.

I do not publish a list of past or current clients but they are happy to provide references if you need them. In the meantime, you can get a sense of who I work with by looking at my connections on LinkedIn.


2012 – Present: IT, cybersecurity and data protection trainer and advisor. I use my technology, risk management and data protection experience to ensure my clients’ systems, staff and IT providers are fit-for-purpose and provably secure.

2011 – 2012: IT service delivery manager, representing the delivery of IT services by Bank of Ireland and IBM to Northern Trust and State Street Global Advisors.

2009 – 2010: IT programme manager in Bank of Ireland, leading a number of initiatives to try to upgrade and rollout various Microsoft technologies across what was a diverse organisation of 13,000+ staff.

2001 – 2008: IT development manager for BIAM. I led teams of software developers and analysts in the delivery of new systems and system enhancements to client servicing, finance and risk & compliance teams. I was also the IT relationship manager to these business areas, ensuring their current problems and future needs were being addressed by the IT function.

1997 – 2001: Software development & IT management roles in BIAM (Ireland’s largest investment manager at the time). This role included the implementation and integration of document management systems, as well as leading the design and development of numerous secure banking websites.


CISM – Certified Information Security Manager

CDPO – Certified Data Protection Officer

CIPP/E – Certified Information Privacy Professional (Europe)

CIPM – Certified Information Privacy Manager

CCRS – Certified Cyber Risk Specialist

Academic qualifications

MSc Technology Management – 2008

Dip Psychology – 2001

BSc Computer Science – 1997

Association memberships

ISACA – Formerly the Information Systems Audit and Control Association (www.isaca.org

Compliance Institute – Formerly the Association of Compliance Officers in Ireland (www.compliance.ie)

International Association of Privacy Professionals (www.iapp.org)