Knowledge sharing

We emphasize knowledge sharing. It's our way of enhancing domain expertise and pushing the boundaries of conventional practices. Our efforts take various forms, from podcasts to technical content and presentations. Our consultants are also available for private presentations and workshops to share our insights and expertise.

Post image
O3C and Coop Norway: Empowering Security Through Collaboration and Knowledge

O3C's approach to cybersecurity centers on a fundamental belief: they have a genuine interest in the customer's success. Coop Norway discovered this firsthand, recognizing a true partner dedicated to building a comprehensive cloud security approach tailored to Coop's needs and vision.

Read article ->
Post image
Storebrand hired O3C for Cloud Security

"There has been a cultural shift at Storebrand," says Øyvind Bergerud, Head of Security Operations at Storebrand.

Read article ->
Post image
Hardening Cloud VMs

My career in cybersecurity started with OS hardening, so I am rather passionate about the topic. When it comes to the cloud, many organizations have embraced automation. Yet, most skip hardening of the operating system or only do a bare minimum hardening baseline. I've also seen the pre-hardened CIS images used, but to my frustration, it update less frequently than other images. I am writing this as a companion post to my talk at NICConf. So, what are the options for hardening images in the cloud?

Read article ->
Post image
ThreatModCon & OWASP Global AppSec 2023: Recap by Håkon

Ever since Cody introduced me to threat modeling at our previous place of employment I have had an ever-growing interest in the field. When I saw that a conference solely dedicated to the topic was announced by a lot of people I respect in the industry I knew I had to be there. The timing of it being a “pre-con” to the OWASP 2023 Global AppSec made it a no-brainer.

Read article ->
Post image
Adversaries embrace new attack techniques in the cloud

On October the 25th, Microsoft Incident Response and Microsoft Threat Intelligence released a report on a threat actor they refer to as Octo Tempest. The report describes a threat actor adept at attacking cloud environments, using many techniques previously only seen in the latest offensive cloud security research. The report details the TTPs of the threat actor group, and Microsoft's recommended hunting, defensive controls, and detections of the group. To O3 Cyber, this shows that threat actors are increasingly adopting attack techniques for cloud services that have been most commonly observed in cloud offensive research circles in the past and are innovating to get ahead of defenders in this fairly new space. The reporting by Microsoft is of high quality and should be taken very seriously by any organization utilizing cloud services. In this blog, we will dive into our key takeaways and recommendations. For the full report, you can go to the Microsoft security blog.

Read article ->
Post image
Cloud Security Transformation, part 2: Cloud Security Controls and Roadmap

When it comes to navigating the complexities of cloud security, it's essential to adopt an approach that suits the unique cloud environment. Traditionally, many security managers have turned to frameworks as the one-size-fits-all solution.

Read article ->