The Blog

Plus ça change

When Chris Blunt and I started Axenic back in 2009, John Key was Prime Minister, Barack Obama had just become President of the USA and told Benjamin Netanyahu that he should freeze settlement construction in Gaza to enable movement towards a two-state solution, and a Royal Commission recommended that the 8 Auckland region local government bodies merge to form a “supercity”.

Read More

The CSRB, Microsoft, China and You

What does the recent report on Microsoft security mean?

In May-June 2023 a hacking group affiliated with the Chinese Ministry of State Security (known as Storm-0558) breached the email of several of Microsoft’s customers including the US State Department, the US Department of Commerce, several UK government organisations as well as customers in other countries. They also compromised the personal email accounts of key individuals involved in US relations with China. Read More


ISO 27001 Audits Made Easy…Sort Of

ISO27001 Audit learnings

Our clients pay us to give them good security advice. And there is nothing like taking your own advice and seeing how well that goes. So, a couple of years ago we decided to eat our own dog-food and go for ISO 27001 certification. This is an internationally recognised way to demonstrate that you have good security. We’ve recommended it to a number of our customers, and we’ve helped several gain it. 

We had several things we wanted to achieve with this:

Read More


Analysing Organisation – Wide Cybersecurity Health

Whenever our team works on a project for one of our clients, we are most likely performing a risk assessment for a single information system. The purpose of this is for the organisation’s leadership to understand if that system falls within their risk appetite and to approve that system’s use. It’s like a warrant of fitness for your car – where the risk assessment is the development of items that need to be checked, and then when we audit the system, we’re playing the role of the mechanic checking each one of the items on that list. Then the organisation can approve the system for use (like when you get your WoF sticker and drive your car legally).

Read More