CSOH is a free, vendor-neutral, community-run gathering for cloud-security professionals. We started in February 2023 and meet on Zoom every Friday at 7am PT / 10am ET. Beyond the live session, we maintain a curated catalog of resources, news, breach kill chains, threat research, and meeting recaps — all on this site.

A small group of volunteer organizers from across the cloud-security industry. There is no company behind CSOH and no paid staff. The site itself is open source on GitHub.

No. We are deliberately vendor-neutral. Organizers and members work for various companies (sometimes competing ones), but CSOH itself takes no money from vendors and runs no paid promotions. See the Code of Conduct for the no-sales-pitch rule.

No. CSOH is 100% free. Donations via PayPal are optional and not required to attend or participate.

Sign up for the mailing list at sendfox.com/CSOH. We email the Zoom link and meeting info from there. The mailing list is the only place we publish the link.

Every Friday at 7:00 AM PT / 10:00 AM ET. Sessions usually run about an hour. We don't skip holidays unless we explicitly announce it.

Roughly: a brief welcome and intros, often a guest presentation (15–30 minutes), then open discussion and Q&A. Topics cover the gamut — recent breaches, conference recap, AI/LLM security, IAM design, tooling tradeoffs, career questions, and whatever else attendees bring.

No. Lurking is fine. Plenty of regulars only chime in when they have something to add. Use the chat if speaking up isn't your thing.

Only the presentation portion, and only when the speaker has agreed in advance. Participant Q&A and open discussion are not recorded. We publish topic-by-topic recaps after each session — summaries, not transcripts.

Recorded presentations (with speaker consent) appear on our Presentations page. Recaps of every session are on Meeting Recaps. URLs shared in chat are catalogued (after URL-safety scrubbing) on Chat Resources.

The mailing list email contains the Zoom link and meeting details, which most calendar apps can import. We're working on a dedicated calendar feed — if that's important to you, let us know.

sendfox.com/CSOH. Email address, optional first name, that's it. The list runs on SendFox.

No. The list exists to send you the Zoom link and rare community announcements (typically < once a month). We never use it for marketing, paid promotions, or third-party content. See the Privacy Policy.

Click the unsubscribe link at the bottom of any email. Removal is immediate. You can re-subscribe later if you change your mind.

Never. We do not sell, rent, or trade the list with anyone — vendors, recruiters, or otherwise. See the Privacy Policy for details.

The catalog grows from member contributions. The news page is automated — a script pulls from 39 trusted RSS feeds every three hours and aggregates the headlines. You can filter by source, topic, and date.

No analytics, no cookies, no fingerprinting. The only thing your browser stores is your dark-mode preference, locally. See Privacy.

We strip tracking parameters from all outbound links so you don't get followed across the web by clicking through CSOH. Automated checks enforce this on every PR and monthly across the whole site.

Yes — csoh.org/feed.xml. It carries the cloud-security news aggregated from our 39 sources. The RSS Subscribe page has reader recommendations and setup tips.

Resources is a broad catalog (200+) covering labs, tools, certifications, training, AI security, and jobs. CTFs is a focused directory of hands-on cloud CTF challenges with status and difficulty.

Breach Kill Chains is a curated library of step-by-step cloud breach reconstructions, mapped to MITRE ATT&CK Cloud techniques. Each entry is sourced from a real post-mortem, official advisory, or court documents — not summaries of summaries.

Threat Research is a directory of where to find ongoing intel — vendor research teams, annual reports, IOC feeds, attack frameworks, government advisories. Kill Chains documents historical incidents; Threat Research is the live feed of where to look.

Short version: no cookies, no analytics, no marketing trackers, never sell or share data, and the only personal data we hold is your email address (if you joined the mailing list). Long version: privacy.html.

Yes — see code-of-conduct.html. It covers expected behavior, what's not OK, how to report a problem, and how organizers respond.

Email admin@csoh.org. Reports are handled confidentially by the organizers.

See our Security Policy. Email admin@csoh.org with the details and we'll work with you on coordinated disclosure.

Three options: (1) the interactive script python3 tools/submit_resource.py; (2) a hand-written PR following the Add a Resource guide; (3) open a GitHub issue and a maintainer will add it. No coding experience needed for option 3.

Run python3 tools/submit_news_source.py or edit the FEEDS list in update_news.py. The aggregator picks up the new feed on its next run.

Run python3 tools/submit_ctf.py. See CONTRIBUTING_CTFS.md for the contribution guide.

Yes — but the bar is high. We require a real post-mortem or official disclosure as the source, step-by-step technical detail, and ATT&CK mappings. See CONTRIBUTING_KILL_CHAINS.md.

Absolutely. File issues, suggest resources, recommend a news source, fix a typo, or bring a topic to a Friday session. The most valuable contributions are usually subject-matter, not code.

Yes — we love member-led talks. Email admin@csoh.org with a one-paragraph pitch (topic, who'd benefit, how long). We aim for vendor-neutral, technical content. Sales pitches and product demos disguised as talks aren't a fit.

Only with your explicit consent. If you agree, we record only the presentation portion (not the Q&A), and post it on the Presentations page with full credit.

No formal CFP. We're flexible on topics — anything that helps cloud-security practitioners work better is fair game. Recent sessions have covered AI/LLM threats, supply chain attacks, IAM design, RSA recap, breach post-mortems.