About Code in Motion

Sam Glynn

Hi, I am Sam Glynn, the founder of Code in Motion.

After a 15 year career employed in IT management roles within regulated firms, I started Code in Motion in 2012 to provide independent and pragmatic advice on:

  • Information security risk management (including IT risk and cyber security risk). 
  • Third party risk management. 
  • Aligning security controls to internationally-recognised frameworks like NIST CSF, and aligning and certifying to the ISO27001 standard.
  • Aligning to regulatory expectations (e.g. DORA, NIS / NIS2), primarily helping regulated financial services firms.

I also provide once-off or ongoing security assurance and oversight services, to ensure you and your third parties continue to manage the risks effectively. This includes:

  • Independent security review of your Microsoft 365 environment.
  • Independent review of your Information Security policies and processes.
  • Production of a security dashboard / board pack to communicate the health of your security in a way that a ‘normal’ person can understand. 

I ensure you can demonstrate that you are taking reasonable steps to manage information security & IT risk, and outsourcing / third party risk.

 

The partners

I am the lead consultant and main point of contact for all client engagements.

Where I need to bring in specific skills or scale to meet the needs of a client, I work with a small number of industry veterans.

They include:

  • Moondance Business Consultants: Experts at change management, project management, and digital transformation.
  • Aquest Founded by an ex-Central Banker and lawyer, and yet someone who is forever pragmatic – Who knew this was possible! Aquest delivers regulatory counsel through Training & Advisory services for Irish Authorised firms.
  • GEOD Consulting: Founded by the ex-CEO of one of the few IT service providers that I trusted, GEOD Consulting are experts at technical infrastructure reviews and architecture design.
  • DFMC Management, founded by the former Head of IT in New Ireland / Bank of Ireland Life, DFMC are experts at complex programme delivery.

If we need to look at technical implementations, there are also a small number of IT managed service providers that I trust.

In other words, if or when we need someone to help, I know who to call.

 

The mission (because we all have a mission, right?)

To help organisations to manage the risks, so if or when an incident occurs, they can demonstrate that they had taken reasonable steps to reduce the likelihood and impact of such an incident.

We do this by helping our clients to:

  1. Understand any of their regulatory obligations. (Do we know about the CBoI guidance on Cyber Security (2016), Outsourcing (2020), and Op Resilience (2020)? Yes, yes, and yes. What about DORA and NIS2? YES.)
  2. Understand the expectations of their clients, board members, and business partners.
  3. Identify the risks that need to be managed.
  4. Align their people, processes, and technology to mitigate these risks.
  5. Document the evidence of what they have done.

 

What clients say (and not just because there was a gun held to their head)

During my time as CEO at Ark Life Assurance, we engaged Sam to help us align our IT and cyber security controls to regulatory expectations. Sam consistently demonstrated deep and wide technical skills, but more importantly, exceptional interpersonal skills.

He had an amazing ability to communicate in technical language with external IT providers and intra-group teams, while also always speaking in plain English to the management team. Sam was also excellent at bridging the gap between first line and second line Risk & Compliance teams, ensuring everyone’s concerns were understood while also ensuring we focused on what was reasonable rather than perfect. This is a rare skill.

Beyond his professional expertise, Sam was always pragmatic, and on more than one occasion helped us regain momentum by helping us to identify the ‘next best action’. This not only made him a valuable asset to our team but also a pleasure to work alongside. I wholeheartedly recommend Sam. He is not only skilled and dedicated but also a person who brings out the best in those around him.

Sam is really easy to work with. He is highly organised with good clear communication. He always uses plain English, and avoids IT-speak!

The structure he brought to the process made it much easier for us to go through this – It brought real clarity to our current situation and the steps required to get to where we want to be.

Sam’s pragmatism is also very refreshing – Too many IT / Cyber Consultants that I have encountered in the past just pushed the party line and did not consider the audience or organisational situation that they were dealing with. It is great that Sam was always on our wavelength in terms of identifying what is practical/possible, given the size and capability of our organisation and the needs of our clients.

Rebecca McGee, Head of IT, LIA

Xcentuate partners with customers in the Financial Services, Agri, Pharma and Public sectors in EMEA and Asia-Pacific to transform their business operations. We know it is critical to get cyber security right so we can protect our customers and our business. We asked Sam to guide us.

From Day 1, I knew we had made the right decision. Step-by-step and always through plain English, Code in Motion showed us how we could get from where we were to where we needed to be. The recommendations were always pragmatic and well-grounded. Every action was understandable,  achievable, and tied to a clear security benefit.

If you are confused about what appropriate security looks like, what’s important versus what’s just noise, I highly recommend that you engage Code in Motion to define a clear path for your organisation.

IT isn’t our forte so we needed someone in our corner explaining in layman’s terms our current set-up, what needs to be done and how best to do it.

Code in Motion broke it down into a series of manageable steps and they were always willing to work as a liaison between our service provider. They translated IT language into language we could understand. The structure of the recommendations report also ensured we were never overwhelmed by the task at hand.

We would not have progressed to the point where we are without Code in Motion – end of story. Because of their help, we can now respond to the Central Bank’s Risk Evaluation Questionnaire with a lot more confidence.

Marie Ainsworth, CEO, Mount Street Group
Sam is the only IT person I know who doesn’t talk out of his a**. He speaks like people speak!
Identity Protected!, Operations Manager of Regulated Financial Services Firm

But enough about us. 

Are you being asked difficult questions about your cyber security?

That’s where Code in Motion can help.

  • No techie jargon.
  • No theoretical perfection.
  • No junior associates.

Just clear, specific advice on how to get to where you want to go.

Is Code in Motion the right solution for you?

Progress rather than Perfection

Code in Motion’s methodology focuses on Progress rather than Perfection. 

Businesses in the real world seldom benefit from perfect solutions – They take too long, cost too much, and are impossible to sustain.

The guidance is pragmatic and realistic, and driven by your capabilities and constraints.

Plain English rather than PowerPoint.

You don’t need to be wowed by fancy PowerPoint slides.

You just want Plain English, actionable advice to show you how to align to your prospects’ expectations.

Small ‘we’ rather than BIG ‘WE’.

If you want to work with a large team of consultants (or if you need the cover that a large consultancy firm will give you), Code in Motion is not for you.

But if you need skill rather than scale, we should talk.

When you engage Code in Motion, I may involve trusted partners and former colleagues from my broad network of industry veterans, but I will be your lead consultant and your point of contact. 

You will be paying for our experience, not funding our education.