Let's talk
Oxford Infosec
About us

Practical security without the theatre.

We help startups and small businesses get security, privacy, and compliance right, shaped around how the business actually works rather than a generic checklist.

That means sensible advice, clear priorities, and work that stands up when customers, auditors, or investors start asking questions. No fear, no jargon, no one-size-fits-all tools.

Understand your requirementsTalk to us

Customers we've worked with

AmpereBeamBiographicaChalfenGeneral IndexHarbr DataJudge.meLightsonicResponsible MarketingSyntassoThe Key GroupZaptic

Why we exist

Enterprise security practices forced onto startups. We take a more realistic approach.

Most security advice is built for large organisations and then handed, unchanged, to small ones. The result is the same enterprise checklist, the same fear, and a bill that rarely matches the real risk.

We built Oxford Infosec to work the other way round. We start from what your business actually does, work out how much security and privacy it genuinely needs, put that in place, and stop there.

If a smaller set of controls covers what your customers are asking for, we'll say so. If you don't need us yet, we'll tell you that too.

Everything you need, and nothing you don't.

Who we help

Built for startups and small businesses.

We work best with teams of roughly 2 to 200 people who've reached the point where security and privacy can no longer be left to chance, usually because someone outside the business has started asking about it.

People tend to come to us when there's:

A customer security questionnaire to fill in
An ISO 27001, SOC 2, or Cyber Essentials deadline
Investor or acquirer due diligence
A GDPR or data protection obligation
A sense that the basics need tightening

The people

Senior practitioners, not a sales team.

The person who scopes your work is the person who does it. Everyone here works in security and privacy leadership roles day to day, and that's who you'll deal with from the first call onward.

Proper photos
coming soon

Founder & Practising CISO

Stuart Murray

25 years in tech; still can't make printers work reliably.

LinkedIn
Proper photos
coming soon

Founder & Lead Auditor and Implementer

Amy Church

Has lost count of the ISO audits she's led; still triple-checks every control.

LinkedIn

Credentials

Recognised expertise, backed by practice.

Our advice is grounded in the standards themselves. Between us we hold the qualifications that matter for security, privacy, and AI governance.

We're also happy to work alongside compliance automation platforms such as Drata where they save you time, and just as happy without one.

ISO 27001 Lead Auditor
ISO 27001 Lead Implementer
ISO 42001 Lead Implementer
CISSP
CISM
CIPP/E
CIPM
2–200

The employee range we're built for

24hr

Typical time to hear back from us

0

Hand-offs to junior staff

Want to see if we're the right fit?

If you've got a security question hanging over the business, a conversation with us may be all you need.

We'll tell you what looks worth doing, what can wait, and if it turns out you don't need us yet, we'll say that too.

No charge.

See how we workTalk to us