Hero placeholder
O3 Cyber

Elevating Your Cloud Security Game.

Trusted experts helping you raise the bar in cloud security.

Trusted by
Dr. Dropin logoStorebrand logoNordic Brain Tech logoFjordline logoCoop logoIndustry Capital Partners logo
Expert advice at every stage

Secure Your Cloud Journey

Comprehensive Assessments

Evaluate potential risks across your cloud landscape. Our thorough assessments aim to identify vulnerabilities, uncover hidden threats, and provide actionable insights to strengthen your overall security posture.

Cloud Security Optimization

Protect and enhance your cloud infrastructure with customized solutions. We bolster your cloud operations' security, scalability, and adaptability, safeguarding your digital assets against evolving threats.

Cloud Governance and Excellence

Implement robust security controls and governance frameworks tailored to cloud environments. We help you embed security into your cloud processes, ensuring effective risk management and regulatory compliance.

We are different

We are not your average consultancy company. We are a highly specialized boutique built with talent and quality in mind.

Quality

Delivering exceptional results through our team of industry-leading professionals.

Community

Deeply rooted in our community, we prioritize local impact and foster a culture of giving back.

Employee-owned

We share success with our team, offering competitive compensation and growth opportunities without external shareholder pressure.

Transparency

We build trust through open communication with both employees and clients, fostering relationships that benefit all parties.

Learn more about us ->
Our Partners

Read our blog

We share our knowledge and experience through blog posts and articles.

Post image
Abusing AWS Serverless Image Handler

We recently discovered that the AWS solution ‘Dynamic Image Transformation for Amazon CloudFront’, previously known as ‘AWS Serverless Image Handler’, prior to version 6.2.6, contains a configuration weakness where the role associated with the Lambda does not constrain which buckets can be accessed and the environment variable can be set to a wildcard allowing access to any bucket.

Read article ->
Post image
Tool Release: Azure and OIDC - Code to Cloud

In conjunction with our talk at HackCon and the release of our latest tool in Research Release, are sharing this as a companion blog post.

Read article ->
Post image
Kubernetes: Securing the Data Plane

Unlike the control plane, the data plane in Kubernetes (which includes your workloads and nodes) is user-managed in both on-premise and cloud environments. This means the security responsibility lies squarely with you. In this article, we share some essential practices to keep your data plane secure.

Read article ->
Post image
Kubernetes: Securing the Control Plane

Securing the Control Plane is all about protecting the very heart of your Kubernetes cluster. If the control plane is compromised, attackers gain the power to manage, schedule, and configure all aspects of your workloads. In this article, we’ll walk through the key components of the control plane and share practical tips to keep them locked down. Let’s dive in and safeguard the most critical layer of your Kubernetes environment.

Read article ->
View all articles

Listen to our podcast

Together with our guests we share knowledge and give innsights about Cyber Security.

Post image
S05E01 - Cloud Security Challenges with Olav and Karim

In this episode Håkon has Olav and Karim on the podcast to discuss the upcoming season and some common challenges organizations face when using cloud services. Find us at: https://www.linkedin.com/company/o3cyber https://www.youtube.com/@o3cyber Host: www.linkedin.com/in/hakonsorum Guests: https://www.linkedin.com/in/karim-el-melhaoui https://www.linkedin.com/in/oestbye/

Listen to episode
Post image
Special Edition: Security Researcher Scott Piper

A special edition episode in English featuring Scott Piper, a security researcher at Wiz.

Listen to episode
Post image
S04E11 - Sikkerhetsfestivalen, historien bak O3 CYBER og veien videre

Beskrivelse: I ellevte episode av sesong fire er vi live på Sikkerhetsfestivalen i Lillehammer hvor vi snakker om hvorfor vi valgte å starte O3 Cyber, hvordan reise har gått så langt, blemmer og utfordringer, resultater og veien videre. Level: 100 Kilder som nevnes/anbefales: – ⁠⁠⁠⁠https://o3c.io⁠ Medvirkende: - Olav Østbye, O3 CYBER - Karim El-Melhaoui, O3 CYBER - Håkon Nikolai Stange Sørum, O3 CYBER Følg oss! – ⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/O3CYBER⁠⁠⁠⁠⁠⁠ – ⁠⁠⁠⁠⁠⁠https://twitter.com/O3CYBER⁠⁠⁠⁠⁠⁠ – ⁠⁠⁠⁠⁠⁠https://github.com/O3-Cyber ⁠⁠⁠⁠ Ris og ros? Gi oss gjerne en tilbakemelding, både positive og forbedringspotensiale. Dette kan du gjøre via ⁠⁠⁠⁠⁠⁠kontakt oss⁠⁠⁠⁠⁠⁠ på nettsiden vår, ⁠⁠⁠⁠⁠⁠O3C.no⁠⁠⁠⁠⁠⁠ Forslag til nye episoder? Skulle du ha noen ønsker/forslag til nye episoder så ta gjerne ⁠⁠⁠⁠⁠⁠kontakt med oss⁠⁠⁠⁠⁠⁠ med oss via nettsiden vår, ⁠⁠⁠⁠⁠⁠O3C.no

Listen to episode
Post image
S04E10 - Sikkerhetsfestivalen, Cloud Security

Beskrivelse: I tiende episode av sesong fire snakker vi om Cloud Security live på sikkerhetsfestivalen i Lillehammer. Level: 100 Kilder som nevnes/anbefales: – ⁠⁠⁠https://o3c.io Medvirkende: - Olav Østbye, O3 CYBER - Karim El-Melhaoui, O3 CYBER - Håkon Nikolai Stange Sørum, O3 CYBER - Melvin Langvik, TrustedSec Følg oss! – ⁠⁠⁠⁠⁠https://www.linkedin.com/company/O3CYBER⁠⁠⁠⁠⁠ – ⁠⁠⁠⁠⁠https://twitter.com/O3CYBER⁠⁠⁠⁠⁠ – ⁠⁠⁠⁠⁠https://github.com/O3-Cyber ⁠⁠⁠ Ris og ros? Gi oss gjerne en tilbakemelding, både positive og forbedringspotensiale. Dette kan du gjøre via ⁠⁠⁠⁠⁠kontakt oss⁠⁠⁠⁠⁠ på nettsiden vår, ⁠⁠⁠⁠⁠O3C.no⁠⁠⁠⁠⁠ Forslag til nye episoder? Skulle du ha noen ønsker/forslag til nye episoder så ta gjerne ⁠⁠⁠⁠⁠kontakt med oss⁠⁠⁠⁠⁠ med oss via nettsiden vår, ⁠⁠⁠⁠⁠O3C.no

Listen to episode
View all podcasts