Axenic Lightning Talks Series – March 2025

A few years back, we kicked off our own internal lightning talks—our way of having a good old geek-out over cybersecurity topics that get our Governance, Risk, Assurance, and Compliance brains buzzing. Think of it as a slightly more structured version of those deep and meaningful yarns we used to have around the office coffee machine… before COVID did its thing and made us all experts in online meetings awkwardness instead.

These blogposts are not written by one team member. The content is provided to you by the whole Axenic Team – or whomever attended on the day.

Read More

From iced matcha tea to qualification: The rollercoaster ride to becoming a Qualified Security Assessor (QSA)

Axenic PCI QSA JourneyAlways remember this -> Without ambition, one starts nothing. Without work, one finishes nothing. The prize will not be sent to you. You have to win it – Ralph Waldo Emerson.

If you’re reading this blog, you probably already have some experience with security standards and certifications – maybe you even hold a few yourself. In this blog, I will shed some light on my own journey to gain the QSA qualification and break down the steps I took to make this happen. 

Read More


Plus ça change

When Chris Blunt and I started Axenic back in 2009, John Key was Prime Minister, Barack Obama had just become President of the USA and told Benjamin Netanyahu that he should freeze settlement construction in Gaza to enable movement towards a two-state solution, and a Royal Commission recommended that the 8 Auckland region local government bodies merge to form a “supercity”.

Read More


The CSRB, Microsoft, China and You

What does the recent report on Microsoft security mean?

In May-June 2023 a hacking group affiliated with the Chinese Ministry of State Security (known as Storm-0558) breached the email of several of Microsoft’s customers including the US State Department, the US Department of Commerce, several UK government organisations as well as customers in other countries. They also compromised the personal email accounts of key individuals involved in US relations with China. Read More