Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
Join CSA’s AI Safety Working Group kickoff—shape the future of secure, trustworthy AI.

Why I'm Joining CSA

Published 09/16/2025

Home
Industry Insights
Why I'm Joining CSA
Written by Rich Mogull, Chief Analyst at CSA.

After a world-record-setting 15-year interview process, I'm insanely excited to officially join the Cloud Security Alliance as Chief Analyst.

Okay, this is the part where I should probably explain what the Chief Analyst is, what it adds for CSA members, how it helps the broader community, and why I'm taking the role.

I've been involved with CSA since just after it started. First as an editor on the Security Guidance, then eventually building the CCSK class, contributing to multiple working groups, serving as lead author on versions 4 and 5 of Guidance, and creating the Cloud Security Maturity Model.

I have to give CSA full credit for completely changing the course of my career; it started me down the cloud security path long before anyone thought this “cloud thing” had a future. Getting that early start allowed me to eventually advise some of the largest enterprises (and governments) on creating their cloud security programs, build and exit a cloud security startup, run dozens of hands-on technical assessments, and train many thousands of security professionals around the world.

It was an incredibly rewarding relationship, but recently it felt like it was time to do more. Not only is cloud everywhere, but we see real impacts of emerging threats right when yet another incredibly disruptive technology (AI) is hitting. Aside from responding to these rapid technology shifts, organizations still need to secure their existing infrastructure while transforming themselves for the future with initiatives including DevOps and Zero Trust. Yes, that's a lot of buzzwords, and yet I know every one of you reading this are tackling those issues and technologies.

This is why we collaborated on creating the role of Chief Analyst. CSA has been a leader in research since the start, and my role is to engage more deeply with CSA members and use my enterprise experience to apply the research toward improving security outcomes. As we deepen the conversation, I'll be collecting best practices, identifying gaps where CSA can develop new material and trainings, and producing more timely and practitioner-focused research.

This is what an analyst does. We talk to anyone and everyone, perform primary hands-on research, and distill the information into consumable and practical advice. Our job is to save you time and help you do your job better and faster. CSA has always been about leveling up the world, and we now get to expand that with decision support and deeper practitioner-focused research.

Practically speaking, this means we are bringing new capabilities to CSA members. Starting immediately, members can schedule Ask an Analyst calls for direct, confidential, advice and decision support. Feel free to ask about how to structure your AWS Organization, how to apply the CCM to the latest regulatory requirements, how to build a cloud security team, how to safely adopt AI frontier models, or anything in-between. We are actively building a CSA Analyst Council of experienced security professionals with deep executive and technical expertise to support members, since it turns out I don't actually know everything.

This is just the start! We are already working on new workshops and trainings to help apply the foundational CSA research. And while we have a good idea of what we think you want, our team will be reaching out for your feedback and collecting your needs and ideas. Do you want benchmarking? More diverse trainings? Research on specific topics?

For the community at large, as Chief Analyst I'm also tasked with producing new, timely research to support leaders and practitioners. I'll be taking the lessons learned as we work with our members and democratizing them to the world at large. This is, to me, the most exciting part of joining CSA. I now work for a not-for-profit whose mission is to improve security for everyone. I'm not constrained to only writing research people pay for; we get to produce the best independent and objective content and give it all away for free.

To me, this isn't a new job. As corny as it sounds, it's an incredible opportunity to really make a difference. I mean, my side hobby is “volunteer disaster paramedic” so public service has always been a part of who I am. I'm incredibly thankful to Jim and CSA for this new role, and I'm excited to start engaging with members and releasing new research for the community at-large.

Zero TrustTrainingCloud Controls MatrixSecurity Guidance

Share this content on your favorite social network today!

Future Cloud
Related Resources
Certificate of Competence in Zero Trust (CCZT)
The industry's first Zero Trust certificate program.
AI Organizational Responsibilities
A blueprint for enterprises to secure AI development and deployment.
AI Safety Initiative
Addressing present and future challenges of AI safety and security.
Latest from CSA
The State of Cloud and AI Security 2025
Analyzing Log Data with AI Models
Participate in the Cloud Threat Modeling 2025 Peer Review
Unlock Cloud Security Insights

Unlock Cloud Security Insights

Choose the CSA newsletters that match your interests:

Subscribe to our newsletter for the latest expert trends and updates

Enhance your cloud security skills with CSA's online training options.
Related Articles:
The Third-Party Access Problem: The Elephant in the Room for Every CISO’s Identity Strategy

Published: 09/16/2025

EDR Killers: How Modern Attacks Are Outpacing Traditional Defenses

Published: 09/15/2025

Fortifying the Agentic Web: A Unified Zero Trust Architecture Against Logic-Layer Threats

Published: 09/12/2025

From Policy to Prediction: The Role of Explainable AI in Zero Trust Cloud Security

Published: 09/10/2025