ACG Working Group Update: Implementation Patterns for the Cloud Security Notification Framework

Spring 2023

The Cloud Security Notification Framework (CSNF) is a set of guidelines and best practices for cloud security incident management and communication. It’s designed to help organizations improve their incident response capabilities and ensure the timely communication of security incidents to relevant stakeholders. This session will explore the implementation patterns for CSNF, which will include a demonstration by Splunk on how they have implemented the CSNF Canonical Data Model (CDM) to normalize messages for your SOC.
Session Outline:
-Introduction: The basics of Cloud Security Notification Framework (CSNF)
-Overview of the CSNF guidelines and best practices for incident management, incident notification, and incident response
-Best practices & design patterns for implementing CSNF
-Real-world examples of CSNF implementation and the challenges faced
-Discussion and sharing of attendees’ experiences with implementing CSNF
-Conclusion and Q&A
Target Audience:
IT professionals, security professionals, IT operations professionals and anyone interested in learning about the best practices for incident management, incident notification, and incident response in the cloud.


Dynamic and innovative technology leader with a proven track record in building and leading high-performance engineering teams. Passionate about driving digital transformation, enhancing cybersecurity, and optimizing cloud infrastructure for businesses. Extensive experience in driving strategic initiatives and delivering cutting-edge solutions that enable organizations to thrive in today’s rapidly evolving technology landscape. My expertise spans AWS, Azure, GCP, OCI and a wide range of security tools and practices. I’m dedicated to achieving operational excellence, cost optimization, and security posture enhancement through innovative solutions.


Staff Solutions Engineer for Splunk in the New York City area. A technologist with 20+ years working in the health and financial industries, focused on IT infrastructure and security monitoring, management, and tooling.

Josh Hammer is a Field CISO with Oracle. In this role, he works with customers to help them build innovative cloud security architectures and strategies that standardize and accelerate the secure adoption of Oracle Cloud Infrastructure (OCI).  Before returning to Oracle, he was a Security Partner Solutions Architect with Amazon Web Services.  In this role, he works closely with various strategic security partners to build cloud-optimized architecture and develop strategies with business development teams.  Before this, he was a Security Architect in the AWS Professional Services organization, where he helped large enterprises adopt AWS.

Related events