This article intends to share the personal view and experience of the author.
Read article ->
Elevating Your Cloud
Security Game.
Trusted experts helping you raise the bar in cloud security.
Secure Your Cloud Journey
- Comprehensive Assessments
Evaluate potential risks across your cloud landscape. Our thorough assessments aim to identify vulnerabilities, uncover hidden threats, and provide actionable insights to strengthen your overall security posture.
- Cloud Security Optimization
Protect and enhance your cloud infrastructure with customized solutions. We bolster your cloud operations' security, scalability, and adaptability, safeguarding your digital assets against evolving threats.
- Cloud Governance and Excellence
Implement robust security controls and governance frameworks tailored to cloud environments. We help you embed security into your cloud processes, ensuring effective risk management and regulatory compliance.
We are different
We are not your average consultancy company. We are a highly specialized boutique built with talent and quality in mind.
Delivering exceptional results through our team of industry-leading professionals.
Deeply rooted in our community, we prioritize local impact and foster a culture of giving back.
We share success with our team, offering competitive compensation and growth opportunities without external shareholder pressure.
We build trust through open communication with both employees and clients, fostering relationships that benefit all parties.
Read our blog
We share our knowledge and experience through blog posts and articles.
When assessing Google Cloud environments, one of the areas that we spend the most time understanding is Identity and Access Management. This article aims to demonstrate the different ways IAM can be assessed in GCP and its pros and cons. Much of the work is about processing and correlating data from multiple sources to determine attack paths.
Read article ->Now that we’ve covered the core components and ways of securing both the control plane and the data plane of a Kubernetes cluster, let’s dive into what actually happens under the hood when you use kubectl, the CLI tool for interacting with Kubernetes.
Read article ->We recently discovered that the AWS solution ‘Dynamic Image Transformation for Amazon CloudFront’, previously known as ‘AWS Serverless Image Handler’, prior to version 6.2.6, contains a configuration weakness where the role associated with the Lambda does not constrain which buckets can be accessed and the environment variable can be set to a wildcard allowing access to any bucket.
Read article ->Listen to our podcast
Together with our guests we share knowledge and give innsights about Cyber Security.

In this episode of the O3C Cloud Security Podcast, host Håkon Sørum and guests Rami McCarthy and Olav Østbye delve into the intricacies of cloud security strategy. Rami shares his extensive background in cloud security, discussing his transition from consultancy to in-house roles and now to a vendor position. The conversation emphasizes the importance of visibility in cloud security, the need to understand the business context, and the critical steps for CISOs moving to the cloud. They explore the challenges faced by security leaders in navigating the evolving landscape of cloud security, the significance of identity and data security, and the need for democratizing security practices across organizations. The discussion also highlights the role of people in shaping security strategies and the future trends that will impact cloud security.You can find Rami at: https://www.linkedin.com/in/ramimac/ and https://ramimac.me/
Listen to episode
In this episode Håkon has Olav and Karim on the podcast to discuss the upcoming season and some common challenges organizations face when using cloud services. Find us at: https://www.linkedin.com/company/o3cyber https://www.youtube.com/@o3cyber Host: www.linkedin.com/in/hakonsorum Guests: https://www.linkedin.com/in/karim-el-melhaoui https://www.linkedin.com/in/oestbye/
Listen to episode
A special edition episode in English featuring Scott Piper, a security researcher at Wiz.
Listen to episode
Beskrivelse: I ellevte episode av sesong fire er vi live på Sikkerhetsfestivalen i Lillehammer hvor vi snakker om hvorfor vi valgte å starte O3 Cyber, hvordan reise har gått så langt, blemmer og utfordringer, resultater og veien videre. Level: 100 Kilder som nevnes/anbefales: – https://o3c.io Medvirkende: - Olav Østbye, O3 CYBER - Karim El-Melhaoui, O3 CYBER - Håkon Nikolai Stange Sørum, O3 CYBER Følg oss! – https://www.linkedin.com/company/O3CYBER – https://twitter.com/O3CYBER – https://github.com/O3-Cyber Ris og ros? Gi oss gjerne en tilbakemelding, både positive og forbedringspotensiale. Dette kan du gjøre via kontakt oss på nettsiden vår, O3C.no Forslag til nye episoder? Skulle du ha noen ønsker/forslag til nye episoder så ta gjerne kontakt med oss med oss via nettsiden vår, O3C.no
Listen to episode