What is CSOH?
Cloud Security Office Hours (CSOH) is a weekly community gathering for cloud security professionals that started in February 2023. We have grown to over 2000 members! Every Friday at 7:00 AM PT / 10 AM ET, we meet on Zoom to discuss cloud security topics, share knowledge, and learn from each other. It's a great place to network and share thoughts about the current security landscape. CSOH is completely free to join, with no paid marketing efforts.
100% Community-Driven
This site and every resource on it is built and maintained by volunteers. Whether you want to add a resource, improve a page, or build something new, the GitHub repo is open and the contribution guide walks you through it. New to open source? This is a safe place to start - all skill levels welcome.
100% community-driven, completely free, no on-site ads, no tracking - Friday Zoom at 7am PT. - what CSOH is in one line
Start here

Cloud Security News
Fresh headlines from 39 top security sources, auto-refreshed every 3 hours.

CTF Challenges & Vulnerable Environments
Hands-on vulnerable environments and CTF labs for AWS, Azure, GCP, and Kubernetes.

Cloud Threat Research
Vendor research teams, annual threat reports, notable incidents, IOC feeds, and MITRE ATT&CK Cloud frameworks.

Meeting Recaps
Topic-by-topic summaries of every Friday Zoom session going back to March 2024.
Learn the fundamentals
What is cloud security?
The vendor-neutral primer: the shared-responsibility line, the top failure modes, and where to start.
Shared responsibility model
Exactly what AWS, Azure, and GCP secure - and what is always on you.
AWS security
Services, landing zones, the top misconfigurations, and the attack paths AWS enables.
Azure security
Defender for Cloud, Entra ID, Conditional Access, and Azure-specific attack paths.
GCP security
Org policy, IAM, Security Command Center, and the GCP-specific failure modes.
IAM & identity
The control plane for cloud security: least privilege, federation, and non-human identity.
Zero trust
Assume the network is hostile: authenticate and authorize every request, every time.

CSPM vs CNAPP
The tooling taxonomy decoded - CSPM, CWPP, CIEM, and what CNAPP actually bundles.
Browse by topic

Hands-on labs & training
Interactive labs and training platforms for practical cloud security skills.

Security tools & platforms
CNAPP, CSPM, KSPM, SIEM, and other cloud security tooling.

Certifications
Certification paths, study guides, and professional development.

AI security & LLM protection
Securing AI/LLM deployments, prompt protection, and model safety.

Jobs & career development
Job boards, interview prep, and career advice for cloud security.

Degree programs
Academic paths and universities with strong cloud-security reputations.

Careers
Roles, salary bands, interview formats, and portfolio projects.

Home lab
Free-tier setups and kill-switches so you learn without a surprise bill.

About CSOH
What CSOH is, why it exists, the ethos, and how the site is built in the open.
Quick answers
What is Cloud Security Office Hours (CSOH)?
Cloud Security Office Hours (CSOH) is a weekly community gathering for cloud security professionals that started in February 2023. We have grown to over 2000 members. Every Friday at 7am PT, we meet on Zoom to discuss cloud security topics, share knowledge, and learn from each other. It's completely free and vendor-neutral.
How many cloud security resources does CSOH provide?
CSOH provides 370+ curated cloud security resources including CTF challenges for AWS, Azure, GCP, and Kubernetes; hands-on training labs; CSPM and CNAPP security tools; professional certifications; and penetration testing platforms. All resources are free and updated weekly.
When are the CSOH Zoom sessions held?
CSOH Zoom sessions are held every Friday at 7am PT. Sessions include presentations from industry experts, open discussions, and Q&A. All sessions are 100% free with no vendor pitches and no sponsored content.
Is CSOH free to join?
Yes, CSOH is completely free. All resources, Zoom sessions, and community access are provided at no cost. We are vendor-neutral and do not do any marketing. The community is run by volunteers.
What cloud platforms does CSOH cover?
CSOH covers security for all major cloud platforms including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Kubernetes. Resources include multi-cloud security tools, CTF challenges, and training labs for each platform.
Join the community
Get in touch
Questions, ideas, or just want to say hi? Email admin@csoh.org or drop into the Friday Zoom to meet the community in person.
Email us →Contribute
Add a resource, fix a typo, suggest a feature, or build something new. No coding required - all skill levels welcome.
How to contribute →Support CSOH
CSOH is completely free and run by volunteers. If it’s helped you, consider a small donation to keep the lights on.
Donate via PayPal →In our members' words
Hear from CSOH community members about what they get out of the Friday sessions and the resources here.
"Hello, world! Welcome! the couch is open, the room is safe, come unpack whatever's been living in your S3 bucket, we promise we've seen worse."
- Ken Bauer - Senior Security Analyst
"Hands down one of the most welcoming communities in the cyber security space in my opinion. Instead of making you feel less than for not knowing something; you'll be pointed in the right direction to learn something."
- Alexander Kane
"CSOH is a rare space where cybersecurity is explored at the level of real intent beyond posture or abstraction, staying focused on what protection is ultimately for, better human experiences."
- Michael Basil - Transformation Lead
About CSOH
Cloud Security Office Hours began in February 2023 as a weekly gathering for cloud security professionals. We're a vendor-neutral community focused on sharing knowledge, learning together, and advancing cloud security practices - with a free Friday Zoom, a 2,000+ member mailing list, and a public resource hub built and maintained in the open.
Memorial
We honor the memory of Kevin Mitnick, a legendary figure in cybersecurity who inspired many in our field.
