top of page

Our story

Who are we?

Ashley Woodhall - Founder

After 10 years in cyber security I’ve seen a lot of change but crucially, I’ve learned that good security is just doing a couple of things consistently, and doing them very well.

Practical Infosec helps purpose-led organisations do those things very well, so they can do the good in the world they want while being protected.

I started the business after making myself a promise in 2019: If the next full-time employment role didn’t work out for any reason, I would build something myself which had meaning. I'm now finding meaning through my work, helping purpose-led organisations.


In addition to my BSc in cyber security and forensics, I'm certified to GCIH (ability to identify and respond to cyber attacks) and GCCC (ability to carry out audits against the Critical Security Controls). 


I have worked in technical, risk management and strategic roles and for the last two years have been running Practical Infosec.


I am a mentor to students both privately and through organisations such as CAPSLOCK and the North East Business Resilience Centre (NEBRC). I have also served on a board of directors for 3 years.

Outside of work, I can be found (out of place) in Barcelona's hipster cafes, watching Liverpool FC, laughing out loud at Bill Bryson's travel books or getting lost in the city. I'm also learning to play chess as I find it infinitely challenging - challenge me on :) 

Farzan Mirza - Cyber Security Consultant
Hi everyone! I am Farzan, I joined Practical Infosec in February 2022 and have assisted with the development and implementation of our services.


I have experience in performing security gap assessments and cyber risk assessments, improving client’s cyber resilience, using frameworks such as ISO 27001. Alongside my Practical Infosec duties, I have completed volunteering opportunities with The Cyber Helpline, UK Cyber Security Council, alongside events like SteelCon and BSides Leeds. 

07 (1)_edited.jpg

My interest in Cyber Security stems from my childhood interest in technology & computers. Little side hobbies such as fixing computers and running my own website at 9 years old proved to be vital in developing my passion over the years.


Outside of the Cybersphere, you can usually find me spending time watching football, enjoying a good coffee whilst reading or racking up listening time on Spotify.

Why do we exist?

We want to make a difference. We love going the extra mile by supporting organisations who are making a difference in the world. If your organisation is supporting one or more of the 17 Sustainable Development Goals, we'd love to help you realise your goals.

We want to help sustainable organisations succeed through building practical, proportional security foundations which are appropriate for today and can scale tomorrow.

How do we provide practical assurance?

Importantly, we get to know your organisation really well. We spend time with your employees, demo your product or service and (if you'll let us) we occasionally listen in on calls. 
Such context really helps us understand your organisation and cyber security needs, and helps us provide practical help, for example in the form of cyber security roadmaps which are proportional to your current situation and future growth.

Secondly, we shape all of our engagements around quantitative data on your organisation's specific context. We are up aware of the latest facts on where data breaches come from. This makes absolute sense for two reasons:

1. Every organisation faces different threats

2. The right data helps reduce subjectivity, inconsistency and inaccuracy.

The result?

Our methodologies are risk-based and consistent, but our services are tailored to you. And they are practical.

What value can we add to your organisation?

Because of our extra focus on getting to know you, the outputs of our assurance services are highly relevant to your security needs and importantly, they are practical and actionable.

We focus on a handful of information security subject areas so we can deliver extremely good value:

- Assess - Cyber Security Health Check

- Improve - Secure Passwords Forever

- Improve - Security Champions Training

- Improve - The Security Journey

- Certify - Cyber Essentials

- Certify - ISO 27001 for Small Business

- Quick Win - Security Lockdown

- Pro Bono Support

bottom of page