Our Profile

Seven Stones is a subsidiary of First Advisory (Indonesia), also based in Indonesia. We are in the business of solving information security problems with consulting, risk assessment, and software.

Seven Stones delivers value. We will only engage with clients if we can be sure that value can be delivered.

Security is complex, as often commented by leading figures in the field, in particular Bruce Schneier. We cannot deliver security solutions if we don't know the big picture of how information assets relate to finances.

Information Security, as a relatively new field of risk management, is still in it's infancy. Thus far there has been a imbalance, first with an over-emphasis on technical solutions, and then the balance was tipped too far the other way, with an almost total removal of any practical IT emphasis in security. The result of this is that Management has never been well advised in information security.

We at Seven Stones have the necessary background and experience to correct this imbalance, and finally deliver value for money in security.

Ian Tibble - CTO

  • Infosec industry experience with both service providers: Trusecure (now Verizon), and PricewaterhouseCoopers, and also with end users in logistics, banking, and insurance.
  • In 2011 authored the book titled "Security De-engineering"; Taylor-Francis Publications.
  • Entered infosec from IBM Global Services and has an extensive system administrative and programming background.
  • Worked with 95 different Fortune 500 companies and banking / finance houses around Asia (Indonesia, Singapore, Malaysia, Taiwan, Hong Kong, and Australia), Czech Republic, and the UK.
  • Broad IT Security background. Oracle, Unix, Windows, Cisco. Penetration and Web Application Security Assessment. Data flows and Network Architecture. ISO 27001.
  • Engages and empathizes with IT and network operational teams.
  • Does not rely on check lists or standards to carry out risk assessment unless specifically mandated to do so. The picture with regard costs of safeguards versus qualitative risk is an important one to understand and check lists do not give the solution.
  • Experience with common flavours of security product (SIEM, IdM, vulnerability management) and assessment tools.
  • CISSP in 2004, CISMP in 2008.