About 1 Sequence Cyber

Independent. Practitioner-led. Globally engaged.

A UK-credentialled cybersecurity consultancy. We deliver compliance audits and security testing directly — QSAs, lead Penetration Testers, ISO 27001 lead auditors, and vCISOs in the room from scoping through attestation.

Who we are

A UK-incorporated consultancy with global reach.

1 Sequence Cyber Limited is a UK-incorporated cybersecurity consultancy — Companies House 16021460, headquartered in Milton Keynes. We are a PCI SSC-listed QSAC, ISO 27001 and ISO 9001 certified, and Cyber Essentials Plus assessed.

Our practitioners hold the credentials we sell against: QSAs for PCI DSS, lead Penetration Testers for CREST-aligned testing, ISO 27001 lead auditors, and seasoned vCISOs. We do not resell vendor platforms and we do not subcontract delivery to generalists. The named credential on the engagement is the practitioner who shows up.

LEADERSHIP

Practitioner-led leadership.

Our consultants and operators run engagements end-to-end.

  • Ronald Williams

    CEO

    Senior QSA, lead auditor, multi-framework engagement governance.

  • J Sebastian

    CTO, Director of Operations

    Platform architecture & technical strategy.

  • Stephen Hancock

    Principal QSA

    PCI DSS QSA, ROC reporting, SAQ assessment.

  • Sujith MP

    Director of Professional Services

    PCI DSS, ISO 27001, multi-framework engagement delivery.

  • Sminu Vargheese

    CFO

    Financial governance and commercial structuring.

Practice areas

16 services. Compliance and security under one roof.

Compliance

  • PCI DSS
  • ISO 27001
  • NIS-CAF
  • SWIFT CSP
  • Data Privacy / GDPR
  • HIPAA
  • GRC
  • ASV Scanning

Security

  • Penetration Testing
  • SOC as a Service
  • Security Incident Response
  • Secure Payment Solutions
  • Business Continuity & DR
  • OT Cyber Security
  • SMB Security Assessment
  • vCISO

The full list sits in the Services menu.

Reach

Engaged across four regions, expanding into a fifth.

Engaged by merchants, acquirers, and enterprises across the UK, Europe, US and APAC to deliver audits, harden defences, and sustain compliance. Active expansion into the Middle East.

Delivery model

We deliver every engagement directly.

We do not resell. We do not generalise. Three principles govern every engagement we sign.

  • Direct delivery

    No resale, no margin stack from third parties. The consultancy you contract with is the consultancy that delivers.

  • Practitioner-led

    The QSA on the call is the QSA on the engagement. The lead Penetration Tester runs the test. The lead auditor signs the report.

  • Audit-defensible

    Every output stands up to assessor scrutiny. Methodology drawn from PCI SSC, CREST, ISO/IEC and NIST published references.

Accreditations

Independently verified credentials.

Not self-claimed marks. PCI QSAC is our company-level audit-defensible accreditation.

  • PCI DSS QSAC
    PCI DSS QSACPCI SSC-listed
  • ISO 27001
    ISO 27001Information Security Management
  • ISO 9001
    ISO 9001Quality Management System
  • Cyber Essentials
    Cyber EssentialsIASME-certified
  • Cyber Essentials Plus
    Cyber Essentials PlusIndependently audited

Want to scope an engagement?

30-minute scoping call. No commitment. Output is a written scope draft.

Book a 30-minute scoping call