ACG Working Group Update: Implementation Patterns for the Cloud Security Notification Framework

Spring 2023

The Cloud Security Notification Framework (CSNF) is a set of guidelines and best practices for cloud security incident management and communication. It’s designed to help organizations improve their incident response capabilities and ensure the timely communication of security incidents to relevant stakeholders. This session will explore the implementation patterns for CSNF, which will include a demonstration by Splunk on how they have implemented the CSNF Canonical Data Model (CDM) to normalize messages for your SOC.
Session Outline:
-Introduction: The basics of Cloud Security Notification Framework (CSNF)
-Overview of the CSNF guidelines and best practices for incident management, incident notification, and incident response
-Best practices & design patterns for implementing CSNF
-Real-world examples of CSNF implementation and the challenges faced
-Discussion and sharing of attendees’ experiences with implementing CSNF
-Conclusion and Q&A
Target Audience:
IT professionals, security professionals, IT operations professionals and anyone interested in learning about the best practices for incident management, incident notification, and incident response in the cloud.


Security leader focused on making multi-cloud environments a safer place. Enables new and untried technologies, running proof of concepts and designing secure configurations that enable the business to leverage new technology safely. Ensures that the security vision is consistently executed across all phases of the software lifecycle. Promotes patterns for security automation that leverage policy as code to scale security across multiple Cloud’s. Contributor to the open source community.


Staff Solutions Engineer for Splunk in the New York City area. A technologist with 20+ years working in the health and financial industries, focused on IT infrastructure and security monitoring, management, and tooling.

Josh Hammer is a Field CISO with Oracle. In this role, he works with customers to help them build innovative cloud security architectures and strategies that standardize and accelerate the secure adoption of Oracle Cloud Infrastructure (OCI).  Before returning to Oracle, he was a Security Partner Solutions Architect with Amazon Web Services.  In this role, he works closely with various strategic security partners to build cloud-optimized architecture and develop strategies with business development teams.  Before this, he was a Security Architect in the AWS Professional Services organization, where he helped large enterprises adopt AWS.

Related events