Laremy Legel

Laremy Legel
Senior Manager, Security Communications

Prior to joining Okta recently as a Senior Communications Manager, Laremy Legel worked for Amazon Web Services (AWS). Upon joining AWS in 2014, he delivered communications on topics such as Zero Trust, Defense in Depth, Confidential Computing, and global privacy regulations. After bringing two services to market (AWS Artifact and Amazon Macie), Laremy transitioned to assist the CISO of AWS and co-founded the first dedicated cloud security conference, AWS re:Inforce, in 2019.  

Laremy Legel

Saying “No Thanks” to nOAuth

You may have heard about a vulnerability called, “nOAuth”, where, per Microsoft, “use of the email claim from access tokens for authorization can lead to an escalation of privilege.” What is this vulnerability, how can Okta help, and what are the mitigation steps and strategies to keep your own environment nOAuth free? Let’s break it down! What is nOAuth? Discovered in April of 2023, by researchers at descope, the nOAuth vulnerability relies on user accounts being merged by an Microsoft Azure...

Tim Peel and Laremy Legel

Social Engineering is Getting More Extreme, but the Fixes Can Be Simple

Social engineering is a hacking technique older than the internet itself, and it's tempting to think you've already seen it all. But recently, we've noted a trend among threat actors pursuing more sophisticated and aggressive techniques to trick, or even threaten, users into performing their desired actions. Their campaigns are convincing, brazen, and at times alarming. In this blog post, we want to talk about some of the techniques we've seen (or been made aware of) and provide some practical...

John Murphy and Laremy Legel

Study up on Okta Logs for Splunk’s Boss of the SOC!

Okta Security is pleased to announce another collaboration with our friends at Splunk - our security teams have joined forces to come up with a range of Okta-relevant scenarios for this year’s “Boss of the SOC'' competition at Splunk .conf23. Per Splunk, “Boss of the SOC (BOTS) is a blue-team capture the flag-esque competition. As a contestant, you will explore and investigate realistic event data in Splunk Enterprise and Splunk Enterprise Security. The questions in BOTS range from easy to...