All Articles

Weekly CISO Podcast Pick: SaaS Sprawl, Sessions & Resilience

Posted by pritha on October 16, 2025 at 2:56am in Podcast
Member Contribution • Weekly CISO Podcast Pick

This Week’s Pick by David Cross (CISO, Atlassian)

Series curated by the CISO Platform community. Spotlighting practical listens for security leaders and their teams.

Professional CISO Show — Joe Sullivan on SaaS, Identity & Resilience

David’s take: “Clear-eyed on the SaaS sprawl → identity mess, why long-lived sessions bite us, and what resilient orgs actually look like.”

 
Recommended by: David Cross, CISO, Atlassian
Why this pick: actionable identity + SaaS lessons, not vendor fluff.
⏱ ~1 hr 28 min Focus: SaaS app sprawl • IAM • Session risk • AppSec talent • Resilience

Why this episode matters

  • SaaS ≠ just the primary vendor. Risk surface is Salesforce plus every add-on & support workflow.
  • Sessions & tokens are the soft underbelly. Long-lived cookies and loose device binding make takeover cheap.
  • Identity isn’t “set and forget.” SSO isn’t secure if session hygiene is weak; rotate & scope relentlessly.
  • Resilience is the north star. Ask “can we operate tomorrow?”, not just “did data leave?”.
  • AppSec builders are pivotal. Engineers who speak code carry your AI/product security ramp.

Copy-paste takeaways for your team

  • Reduce session lifetimes for critical SaaS to ≤24h; enable device checks.
  • Hunt support tickets for pasted secrets/tokens; revoke and lint future submissions.
  • Forward SaaS audit logs (Salesforce, Google Workspace, etc.) to your SIEM.
  • Pilot a SaaS security tool for forensics, not just posture scores.
  • Open an AppSec Builder role (or upskill one engineer) for AI/product security.

Standout ideas discussed

  • SaaS sprawl & identity blind spots: “Salesforce issue” → tokens/support data chaining into other systems.
  • Hard keys over weak MFA: mandate hardware-backed second factors for admin/prod access.
  • Passkeys UX caution: pilot first; avoid confusing multi-provider prompts.
  • AI in practice: treat AI as “human problems at hyperspeed.” Visibility first; then guardrails.
  • Org resilience: practice business-down scenarios; security keeps operations moving, not just data safe.

Try this in the next 7 days

  1. Session hygiene sprint: pick 2 critical SaaS → cut session TTL, add device checks, re-auth on privilege use.
  2. Support token hunt: scan last 90 days of tickets for secrets/tokens; revoke and block future paste-ins.
  3. Tabletop “operations offline”: 60-min drill with IT/Finance/Ops: how do we operate if core SaaS is down?
 

About David Cross

David is CISO at Atlassian and a long-time community member at CISO Platform. His weekly picks are short-listed for practical signal—conversations that sharpen how we lead, not just what we deploy.

 

Want your pick featured next?

We’re building a rotating slate of member recommendations from USA, Middle East, and India. If you’re a CISO or security leader, submit a link and 3 bullets on why it matters.

Submit your recommendation (Members)

How we choose

  • Short, actionable outcomes for CISO teams
  • No product pitches
  • Useful beyond one region or vertical
 

Share this with your team

 
 
Views: 55
Tags: ciso, cybersecurity, saassecurity, ai, cyberresilience, professionalciso
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by pritha

Community Head, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

Jun 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
Virtual
  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

6 City Round Table On "New Guidelines & CISO Priorities for 2025" (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

Dec 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
India
  • Description:

    We are pleased to invite you to an exclusive roundtable series hosted by CISO Platform in partnership with FireCompass. The roundtable will focus on "New Guidelines & CISO Priorities for 2025"

    Date: December 1st - December 31st 2025

    Venue: Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata

    >> Register Here

  • Created by: Biswajit Banerjee

Fireside Chat With Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.)

Jan 10, 2026 from 4:30pm to 5:00pm
Online
  • Description:

    We’re excited to bring you an insightful fireside chat with Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.) and Erik Laird (Vice President - North America, FireCompass). 

    About Sandro:

    Sandro Bucchianeri is an award-winning global cybersecurity leader with over 25…

  • Created by: Biswajit Banerjee
  • Tags: ciso, sandro bucchianeri, nab