All Articles

Weekly CISO Podcast Pick – Views From the Top: Interview with David Cross, CISO, Atlassian

Posted by Biswajit Banerjee on January 20, 2026 at 5:58pm in Blog

Member Contribution • Weekly CISO Podcast Pick

This Week’s Pick by David B. Cross (CISO, Atlassian)

Series curated by the CISO Platform community. Spotlighting practical listens for security leaders and their teams.

Security leadership in an AI-first world

As enterprises rush to embed AI into every workflow, CISOs are being pulled into a new role. Security is no longer just about control and prevention. It is becoming an architectural discipline that determines how platforms, data and identities are designed from the start.

Featured conversation — David Cross (CISO, Atlassian)
A practical discussion on AI, agentic identities, data oversharing, insider risk and the realities CISOs face today.
Full interview • Atlassian CISO on AI, identity and modern security
⏱ ~15 min read Focus: AI security • agent identities • data protection • insider risk

Why this matters to CISOs

  • AI is now baseline. Security leaders can no longer treat AI as optional or experimental.
  • Permissions are the real risk. AI exposes existing access and data hygiene failures.
  • Agents change identity models. Non-human actors do not fit cleanly into existing IAM patterns.
  • Supply chain risk is accelerating. Open-source and CI/CD pipelines are primary attack surfaces.
  • Insider risk is resurfacing. Remote work and AI-assisted hiring create new threat models.

Executive-ready takeaways

  • AI security starts with identity and data, not tools.
  • Oversharing is a bigger problem than unauthorized access.
  • Agent identities require governance, not bolt-on products.
  • Context matters more than raw vulnerability counts.
  • Security programs must adapt to non-developers building software.

Standout ideas from the conversation

  • AI has an ROI problem. Not every use case is worth the compute and operational cost.
  • Agentic AI is the next identity crisis. Neither human nor service account models apply cleanly.
  • Supply chain security is immature. Reachability and exploit paths matter more than inventory.
  • DLP is back. AI-driven data leakage has made data protection relevant again.
  • Logs are exploding. CISOs must optimize what is collected, stored and analyzed.

What CISOs can do in the next 7 days

  1. Audit AI access: Identify what data AI tools can currently see.
  2. Map agent identities: List where autonomous workflows already exist.
  3. Review data classification: Validate labels before expanding AI usage.
  4. Assess supply chain exposure: Go beyond package presence to exploitability.
  5. Revisit insider risk programs: Focus on signal correlation, not single indicators.
 

About David Cross

David Cross is Chief Information Security Officer at Atlassian, responsible for the company’s global security strategy. He has previously held senior security leadership roles across large-scale technology environments and is known for building engineering-driven security programs that scale with cloud and AI-first platforms. 

 

Want your pick featured next?

We are building a rotating slate of member recommendations from USA, Middle East and India. If you are a CISO or security leader, submit a link and 3 bullets on why it matters for other security teams.

Submit your recommendation (Members)

How we choose

  • Short, actionable outcomes for CISO teams
  • No product pitches
  • Useful beyond one region or vertical
  • Clear ideas that help security leaders explain risk, influence stakeholders and grow their teams

 

Share this with your leadership team

 
Views: 15
Tags: weekly podcast, david cross, security leadership
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by Biswajit Banerjee

Community Manager, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

Atlanta Chapter Meet: Build the Pen Test Maturity Model (Virtual Session)

Jan 14, 2026 at 7:30pm to Feb 25, 2026 at 9:00pm
Online
  • Description:

    The Atlanta Pen Test Chapter has officially begun and is now actively underway.

    Atlanta CISOs and security teams have kicked off Pen Test Chapter #1 (Virtual), an ongoing working series focused on drafting Pen Test Maturity Model v0.1, designed for an intel-led, exploit-validated, and AI-assisted security reality. The chapter was announced at …

  • Created by: Biswajit Banerjee
  • Tags: ciso, pen testing, red team, security leadership