k9 Security Blog
Secure your cloud infrastructure quickly and confidently
The top AWS Identity and Organization security launches of 2025
The AWS Identity and Organization teams launched some big improvements to IAM in 2025. Read on for a quick introduction to the six changes we think are most likely to help you make an impact securing your AWS organization and identities: Enforce MFA for root users...
How to Systematically Convert Cloud Security Assessments into Client Outreach
Running assessments is familiar territory for most cloud security consultants. However, many consultants lack a standardized process for how they package findings, position their value, and follow up with clients. By creating such a system, consultants can turn...
Export Findings from Security Hub in OCSF Format: A Complete Guide
Security teams have long been challenged by security findings scattered across many tools in proprietary formats that don't play well together. If you're managing AWS Security Hub findings and need to analyze them alongside data from other security tools, you've...
k9 Security launches initial support for automated IAM security review with findings in OCSF format
k9 Security introduces automated IAM security review for AWS, delivering findings in OCSF format. This release detects excess IAM admins and stale API access keys, saving hours of manual review while improving security and compliance. Results are available in JSON, Excel, and CSV to simplify analysis and remediation.
AWS IAM Users vs. Identity Center & JIT: Is Your Cloud Access Strategy Secure or Stalling?
This article was originally written by Cloudanix Introduction The way we manage access in AWS has changed IAM dramatically. When many organizations first ventured into the cloud, creating individual AWS IAM users directly within each account was standard practice....
Effective IAM News – 2025-05-16
NCC Group's AI Red Team recently published key findings after penetration testing dozens of AI applications. Analyzing Secure AI Architectures reveals that major AI vulnerabilities stem not from model flaws, but from misunderstanding how AI systems interact with...
Effective IAM News – 2025-05-02
PowerUserAccess: The Hidden Path to Admin Control Ever wonder how attackers see the AWS permissions you grant? This week, we gain a critical perspective from the trenches with PowerUserAccess vs. AdministratorAccess from an attacker's perspective by Eduard Agavriloae,...
Effective IAM News – 2025-04-18
If you're responsible for securing Azure, you should know about Azure's Apex Permissions: Elevate Access & The Logs Security Teams Overlook because it exposes a critical security blindspot affecting virtually every Azure environment. Nathan Eades and the Permiso...
Effective IAM News – 2025-04-04
This Week’s Featured IAM Resource This week we are highlighting The Director's Guide: IAM Security at Scale by Kyle Chrzanowski (Mandiant | Google Cloud) because it offers a concise, implementation-focused guide to architecting IAM at scale. The article defines...
Effective IAM News – 2025-03-21
Welcome to The Effective IAM Newsletter! Our mission is simple: curate high-impact resources that address real-world cloud IAM challenges for busy security professionals. Each edition features an industry trend, expert insight, or practical tool that you can use. You...
Get k9 News
Get k9 Security technical articles & release updates, at most weekly.