All Articles

Weekly CISO Podcast Pick - Armchair Architects: Governance Strategies for AI Agents

Posted by Biswajit Banerjee on December 11, 2025 at 7:36pm in Blog

Member Contribution • Weekly CISO Podcast Pick

This Week’s Pick by David B. Cross (CISO, Atlassian)

Series curated by the CISO Platform community. Spotlighting practical listens for security leaders and their teams.

Why governance for agents is different

Agents are not microservices. They reason, plan and act based on probabilistic models. That makes traditional deterministic governance models inadequate. The episode argues governance must focus on observability, identity, evaluation and cost-performance of agents in production.

 
Featured discussion — Armchair Architects (Azure Essentials)
Key themes: observability, identity-driven access, cognitive monitoring, tool interactions and responsible AI evaluation.
Episode excerpt on agent governance — transcript source provided.
⏱ ~16 min read Focus: agent governance • observability • identity • performance • responsible AI

Why this discussion matters

  • Agents make decisions and act. Governance must reveal what happened inside the agent so teams can trust or correct its actions.
  • Observability is essential. Since internal model parameters aren't visible, teams must monitor inputs, reasoning traces and outputs.
  • Identity defines capability. Each agent and model execution needs a secure identity and entitlements.
  • Guardrails are ranges, not absolutes. GenAI is probabilistic, so governance must evaluate behavior thresholds—not deterministic rules.
  • Cost matters. Token burn and model choice directly impact ROI and operational efficiency.

Copy-paste takeaways for your team

  • Log agent plans, reflections and reasoning steps to detect loops or misalignment.
  • Ensure all agents run under unique identities with defined entitlements.
  • Adopt model routing to balance cost and accuracy.
  • Monitor tool interactions to ensure safe execution.
  • Track performance metrics such as task success rate, escalations and cost per task.

Standout ideas from the episode

  • Observability is the new trust model. Plans and evaluations must be visible.
  • Govern both design-time and run-time. Developers and agents both need oversight.
  • Multiple monitoring layers. Cognitive, tool interactions, memory, guardrails and performance all matter.
  • Agents are digital workers. They need performance reviews like human employees.

Try these in the next 7 days

  1. Plan tracing: Enable reasoning/plan logs for one agent and review for loops or drift.
  2. Identity audit: Validate that every model invocation runs under a verifiable identity.
  3. Model routing pilot: Use small models for simple tasks and evaluate cost savings.
  4. Tool interaction telemetry: Log what external actions were taken and why.
  5. Performance scorecard: Track success rate, cost per task and human escalations.
 

About David B. Cross

David B. Cross is Chief Information Security Officer at Atlassian. Before Atlassian he held senior security leadership roles at Microsoft, Google and Oracle and began his career in US Navy aviation and electronic warfare. His work focuses on building engineering centric security programs, scaling security operations and helping the next generation of practitioners build meaningful careers.

 

Want your pick featured next?

We are building a rotating slate of member recommendations from USA, Middle East and India. If you are a CISO or security leader, submit a link and 3 bullets on why it matters for other security teams.

Submit your recommendation (Members)

How we choose

  • Short, actionable outcomes for CISO teams
  • No product pitches
  • Useful beyond one region or vertical
  • Clear ideas that help security leaders explain risk, influence stakeholders and grow their teams
 

Share this with your team

 
Views: 5
Tags: weekly podcast, david cross
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by Biswajit Banerjee

Community Manager, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

Jun 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
Virtual
  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

6 City Round Table On "New Guidelines & CISO Priorities for 2025" (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

Dec 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
India
  • Description:

    We are pleased to invite you to an exclusive roundtable series hosted by CISO Platform in partnership with FireCompass. The roundtable will focus on "New Guidelines & CISO Priorities for 2025"

    Date: December 1st - December 31st 2025

    Venue: Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata

    >> Register Here

  • Created by: Biswajit Banerjee

Fireside Chat With Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.)

Jan 10, 2026 from 4:30pm to 5:00pm
Online
  • Description:

    We’re excited to bring you an insightful fireside chat with Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.) and Erik Laird (Vice President - North America, FireCompass). 

    About Sandro:

    Sandro Bucchianeri is an award-winning global cybersecurity leader with over 25…

  • Created by: Biswajit Banerjee
  • Tags: ciso, sandro bucchianeri, nab