Hero placeholder
O3 Cyber

Elevating Your Cloud Security Game.

Trusted experts helping you raise the bar in cloud security.

Trusted by
Dr. Dropin logoStorebrand logoNordic Brain Tech logoFjordline logoCoop logoIndustry Capital Partners logo
Expert advice at every stage

Secure Your Cloud Journey

Comprehensive Assessments

Evaluate potential risks across your cloud landscape. Our thorough assessments aim to identify vulnerabilities, uncover hidden threats, and provide actionable insights to strengthen your overall security posture.

Cloud Security Optimization

Protect and enhance your cloud infrastructure with customized solutions. We bolster your cloud operations' security, scalability, and adaptability, safeguarding your digital assets against evolving threats.

Cloud Governance and Excellence

Implement robust security controls and governance frameworks tailored to cloud environments. We help you embed security into your cloud processes, ensuring effective risk management and regulatory compliance.

We are different

We are not your average consultancy company. We are a highly specialized boutique built with talent and quality in mind.

Quality

Delivering exceptional results through our team of industry-leading professionals.

Community

Deeply rooted in our community, we prioritize local impact and foster a culture of giving back.

Employee-owned

We share success with our team, offering competitive compensation and growth opportunities without external shareholder pressure.

Transparency

We build trust through open communication with both employees and clients, fostering relationships that benefit all parties.

Learn more about us ->
Our Partners

Read our blog

We share our knowledge and experience through blog posts and articles.

Post image
Security without flashing a badge: The evolution of the modern security team

This article intends to share the personal view and experience of the author.

Read article ->
Post image
A Guide to Assessing Privileges in Google Cloud

When assessing Google Cloud environments, one of the areas that we spend the most time understanding is Identity and Access Management. This article aims to demonstrate the different ways IAM can be assessed in GCP and its pros and cons. Much of the work is about processing and correlating data from multiple sources to determine attack paths.

Read article ->
Post image
From kubectl to Privilege Escalation: A Security Breakdown

Now that we’ve covered the core components and ways of securing both the control plane and the data plane of a Kubernetes cluster, let’s dive into what actually happens under the hood when you use kubectl, the CLI tool for interacting with Kubernetes.

Read article ->
Post image
Abusing AWS Serverless Image Handler

We recently discovered that the AWS solution ‘Dynamic Image Transformation for Amazon CloudFront’, previously known as ‘AWS Serverless Image Handler’, prior to version 6.2.6, contains a configuration weakness where the role associated with the Lambda does not constrain which buckets can be accessed and the environment variable can be set to a wildcard allowing access to any bucket.

Read article ->
View all articles

Listen to our podcast

Together with our guests we share knowledge and give innsights about Cyber Security.

Post image
S05E02 - Cloud Security Strategy with Rami McCarthy and Olav

In this episode of the O3C Cloud Security Podcast, host Håkon Sørum and guests Rami McCarthy and Olav Østbye delve into the intricacies of cloud security strategy. Rami shares his extensive background in cloud security, discussing his transition from consultancy to in-house roles and now to a vendor position. The conversation emphasizes the importance of visibility in cloud security, the need to understand the business context, and the critical steps for CISOs moving to the cloud. They explore the challenges faced by security leaders in navigating the evolving landscape of cloud security, the significance of identity and data security, and the need for democratizing security practices across organizations. The discussion also highlights the role of people in shaping security strategies and the future trends that will impact cloud security.You can find Rami at: https://www.linkedin.com/in/ramimac/ and https://ramimac.me/

Listen to episode
Post image
S05E01 - Cloud Security Challenges with Olav and Karim

In this episode Håkon has Olav and Karim on the podcast to discuss the upcoming season and some common challenges organizations face when using cloud services. Find us at: https://www.linkedin.com/company/o3cyber https://www.youtube.com/@o3cyber Host: www.linkedin.com/in/hakonsorum Guests: https://www.linkedin.com/in/karim-el-melhaoui https://www.linkedin.com/in/oestbye/

Listen to episode
Post image
Special Edition: Security Researcher Scott Piper

A special edition episode in English featuring Scott Piper, a security researcher at Wiz.

Listen to episode
Post image
S04E11 - Sikkerhetsfestivalen, historien bak O3 CYBER og veien videre

Beskrivelse: I ellevte episode av sesong fire er vi live på Sikkerhetsfestivalen i Lillehammer hvor vi snakker om hvorfor vi valgte å starte O3 Cyber, hvordan reise har gått så langt, blemmer og utfordringer, resultater og veien videre. Level: 100 Kilder som nevnes/anbefales: – ⁠⁠⁠⁠https://o3c.io⁠ Medvirkende: - Olav Østbye, O3 CYBER - Karim El-Melhaoui, O3 CYBER - Håkon Nikolai Stange Sørum, O3 CYBER Følg oss! – ⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/O3CYBER⁠⁠⁠⁠⁠⁠ – ⁠⁠⁠⁠⁠⁠https://twitter.com/O3CYBER⁠⁠⁠⁠⁠⁠ – ⁠⁠⁠⁠⁠⁠https://github.com/O3-Cyber ⁠⁠⁠⁠ Ris og ros? Gi oss gjerne en tilbakemelding, både positive og forbedringspotensiale. Dette kan du gjøre via ⁠⁠⁠⁠⁠⁠kontakt oss⁠⁠⁠⁠⁠⁠ på nettsiden vår, ⁠⁠⁠⁠⁠⁠O3C.no⁠⁠⁠⁠⁠⁠ Forslag til nye episoder? Skulle du ha noen ønsker/forslag til nye episoder så ta gjerne ⁠⁠⁠⁠⁠⁠kontakt med oss⁠⁠⁠⁠⁠⁠ med oss via nettsiden vår, ⁠⁠⁠⁠⁠⁠O3C.no

Listen to episode
View all podcasts