Cloud Security Office Hours Banner

About Cloud Security Office Hours

A free, vendor-neutral community for cloud security professionals - what we are, why we exist, and how the site is built in the open.

A single, vendor-neutral place to learn cloud security, compare tools without sales pressure, and talk to peers working on the same problems in production. - why CSOH exists
Overhead view of a diverse team placing hands together in a sign of unity during a meeting
Photo by fauxels on Pexels

What CSOH is

Cloud Security Office Hours is a free, vendor-neutral community for people who do - or want to do - cloud security work. It is anchored by a weekly Friday Zoom (7am Pacific), a mailing list of 2,000+ practitioners, and a public resource hub at csoh.org. It was founded in February 2023 and has run uninterrupted since.

Why it exists

Cloud security is fragmented: every vendor sells a different acronym, every cloud provider draws the shared-responsibility line in a different place, and a newcomer drowns in marketing material before they find the handful of pages that actually teach the field. CSOH exists to give practitioners a single, vendor-neutral place to learn the discipline, compare tools without sales pressure, and talk to peers who are working on the same problems in production.

The ethos

A few principles run through everything on the site:

What’s on the site

The hub organizes ~50 long-form pages plus several living directories into five buckets:

Foundations

What is Cloud Security?, the Learning Path, the Shared Responsibility Model, the CSPM vs CNAPP vs CWPP vs CIEM vs DSPM acronym decoder, and the Vendor Landscape.

Disciplines

Vendor-neutral practitioner guides covering IAM, Zero Trust, Network Security, Data Security, KMS & Secrets, Vulnerability Management, API Security, SaaS Security (SSPM), Backup, DR & Ransomware, Threat Modeling, Detection Engineering, Incident Response & Forensics, Cloud Pentesting, AI/ML & LLM Security, Service Mesh Security, Landing Zones, Containers, Kubernetes, Serverless, CI/CD, Cloud SOC, GRC for Cloud, and Compliance Frameworks.

By cloud

Hub pages for AWS Security, Azure Security, and GCP Security, plus a side-by-side AWS vs Azure vs GCP comparison.

Career & community

Certifications, Degree Programs, Careers, Home Lab, Portfolio Projects, and the Best Practices checklist.

Reference & practice

A 300+ term Glossary with live search and auto cross-links, a 240+ entry Resources Directory, 39+ hands-on CTFs, a 27-conference directory, 10 deeply researched Breach Kill Chains mapped to MITRE ATT&CK, a curated Threat Research source directory, ~120 articles in Cloud Security News auto-aggregated every three hours, 94+ searchable Meeting Recaps, the Presentations archive, community-shared chat resources, and a site-wide MiniSearch search.

How it’s built - in the open

The site is intentionally low-tech: static HTML, no build step, no database, no JavaScript framework. You can clone it, open index.html, and have the full site running locally in seconds. This is a deliberate choice - it keeps the contribution barrier low and makes the site readable as a learning artifact in its own right.

Everything lives in a public GitHub repo at github.com/CloudSecurityOfficeHours/csoh.org under an open-content license:

How CSOH is funded

CSOH runs lean and stays independent. Here is exactly where the money comes from and where it goes, so you never have to guess:

Bottom line

csoh.org is the static, public counterpart to a 2,000-person Friday Zoom: a curated, vendor-neutral knowledge base built and maintained in the open by the practitioners who use it. Start with What is Cloud Security?, follow the Learning Path, and join the Friday session when you’re ready to talk to peers.