Securing cloud environments becomes increasingly critical as more organizations embrace public cloud services. However, building secure cloud environments is not always straightforward, and organizations often face challenges in ensuring security, integration with existing processes, and adoption. One concept that can help address these challenges is the Landing Zone.

O3C's approach to cybersecurity centers on a fundamental belief: they have a genuine interest in the customer's success. Coop Norway discovered this firsthand, recognizing a true partner dedicated to building a comprehensive cloud security approach tailored to Coop's needs and vision.

"There has been a cultural shift at Storebrand," says Øyvind Bergerud, Head of Security Operations at Storebrand.

My career in cybersecurity started with OS hardening, so I am rather passionate about the topic. When it comes to the cloud, many organizations have embraced automation. Yet, most skip hardening of the operating system or only do a bare minimum hardening baseline. I've also seen the pre-hardened CIS images used, but to my frustration, it update less frequently than other images. I am writing this as a companion post to my talk at NICConf. So, what are the options for hardening images in the cloud?

Ever since Cody introduced me to threat modeling at our previous place of employment I have had an ever-growing interest in the field. When I saw that a conference solely dedicated to the topic was announced by a lot of people I respect in the industry I knew I had to be there. The timing of it being a “pre-con” to the OWASP 2023 Global AppSec made it a no-brainer.

On October the 25th, Microsoft Incident Response and Microsoft Threat Intelligence released a report on a threat actor they refer to as Octo Tempest. The report describes a threat actor adept at attacking cloud environments, using many techniques previously only seen in the latest offensive cloud security research. The report details the TTPs of the threat actor group, and Microsoft's recommended hunting, defensive controls, and detections of the group. To O3 Cyber, this shows that threat actors are increasingly adopting attack techniques for cloud services that have been most commonly observed in cloud offensive research circles in the past and are innovating to get ahead of defenders in this fairly new space. The reporting by Microsoft is of high quality and should be taken very seriously by any organization utilizing cloud services. In this blog, we will dive into our key takeaways and recommendations. For the full report, you can go to the Microsoft security blog.