All Articles

Weekly CISO Podcast Pick: Why Technical CISOs Matter and How AI Is Shaping Security Ops - David Cross on Leading Security

Posted by Biswajit Banerjee on December 3, 2025 at 6:59pm in Blog

Member Contribution • Weekly CISO Podcast Pick

This Week’s Pick by David B. Cross (CISO, Atlassian)

Series curated by the CISO Platform community. Spotlighting practical listens for security leaders and their teams.

From Navy Cockpits to CISO: David B. Cross on AI, Security Operations and Breaking into Cyber

A candid conversation from the Security Repo podcast where David B. Cross traces his journey from US Navy aviation and electronic warfare to leadership roles at Microsoft, Google and Oracle and now CISO at Atlassian. Along the way he talks about staying technical as a CISO, how AI is changing security operations, and what it really takes to break into the industry today.

 
Featuring: David B. Cross, CISO, Atlassian
Why this pick: Real world leadership lessons across military, Big Tech and SaaS plus a grounded view of how AI will reshape security work without replacing security professionals.
⏱ ~21 min Focus: CISO career paths • security operations • AI in the SOC • technical leadership • breaking into cyber

Why this episode matters

  • Shows a realistic CISO journey. From reading Applied Cryptography on deployment to earning certs and taking a consulting role just to get a foot in the door at Microsoft.
  • Clarifies what “security operations” actually covers. Not just a SOC – but monitoring, detection, vulnerability management, red teaming and close collaboration with engineering and infrastructure.
  • Frames why CISOs must stay technical. In an AI heavy world you cannot lead security if you do not understand LLMs, prompt injection and how these systems fail in practice.
  • Gives a practical view of AI in the SOC. AI reduces alert fatigue and speeds triage yet still needs human oversight for actions that carry real risk or business impact.
  • Offers concrete career advice. From portfolios and GitHub repos to writing whitepapers and blogs that show what you can really do, instead of only listing certifications.
  • Highlights veterans as a talent pool. Discipline, playbook driven execution and operating under pressure map directly to tier one SOC and incident response work.

Copy paste takeaways for your team

  • Make “stay technical” an explicit expectation for security leaders – especially around AI, automation and cloud native architectures.
  • Define security operations clearly for your org: which parts sit with the CISO function and which remain in platform or infra engineering.
  • Treat AI as a force multiplier in the SOC: use it for summarization, enrichment and correlation while keeping humans in the decision loop for changes and containment.
  • Build structured partnerships with engineering and operations instead of throwing vulnerabilities over the wall – agree criteria, SLAs and shared priorities in advance.
  • When hiring, look for candidates who are self critical and aware of their own liabilities, not just eager to talk about their strengths.
  • For entry level roles, value portfolios (labs, code, blogs, writeups) at least as much as certificates – they show how people think and execute.

Standout ideas discussed

  • Title is not the goal – the challenge is. David took the Oracle CISO role not for the label but because it was a hard, interesting problem that matched his skills.
  • CISOs must align deeply with the business. Understanding products, infrastructure and how the company makes money is non negotiable if you want your program to matter.
  • AI will not replace tier one SOC – it will augment it. The real win is better triage, fewer false positives and faster reporting rather than full auto remediation on day one.
  • Human in the loop is here to stay. David compares AI operations to modern aircraft: a lot can be automated but humans still authorize actions that carry serious risk.
  • The worst advice: let AI write and ship all your code without human review. In David’s view the future is AI generated code with humans doing the hard validation and QA.
  • The best advice: do not judge security from a distance. Get hands on with tools, code and systems before calling something secure or insecure.
  • Portfolios beat buzzwords for new entrants. Blogs, GitHub projects and public writeups make it much easier for hiring managers to understand how someone thinks and works.
  • Veterans bring battle tested habits into cyber. Integrity, attention to detail and comfort with playbooks under pressure translate directly into reliable security operations.

Try this in the next 7 days

  1. Security operations map: Draw a simple diagram of how security operations work in your company today. Mark who owns monitoring, detection, response, patching, vulnerability management and identity. Note any gaps or overlaps.
  2. AI in the SOC experiment: Pick one narrow use case – for example summarizing incidents or clustering alerts – and run a small AI assisted pilot with a human firmly in the approval loop.
  3. Leadership technical health check: Ask each manager in your security org to list one AI or automation topic they will learn in the next quarter and how it ties back to your roadmap.
  4. Portfolio challenge for juniors: Encourage early career team members and interns to publish one small project or blog post that they would be proud to show in a future interview.
  5. Veteran talent review: If your company hires in regions with strong military communities, talk to HR about making sure veteran candidates are considered for SOC, IR or operations roles.
 

About David B. Cross

David B. Cross is Chief Information Security Officer at Atlassian. Before Atlassian he held senior security leadership roles at Microsoft, Google and Oracle and began his career in US Navy aviation and electronic warfare. His work focuses on building engineering centric security programs, scaling security operations and helping the next generation of practitioners build meaningful careers.

 

Want your pick featured next?

We are building a rotating slate of member recommendations from USA, Middle East and India. If you are a CISO or security leader, submit a link and 3 bullets on why it matters for other security teams.

Submit your recommendation (Members)

How we choose

  • Short, actionable outcomes for CISO teams
  • No product pitches
  • Useful beyond one region or vertical
  • Clear ideas that help security leaders explain risk, influence stakeholders and grow their teams
 

Share this with your team

 
 

 

Views: 10
Tags: david cross, weekly podcast, ciso
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by Biswajit Banerjee

Community Manager, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

Jun 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
Virtual
  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

6 City Round Table On "New Guidelines & CISO Priorities for 2025" (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

Dec 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
India
  • Description:

    We are pleased to invite you to an exclusive roundtable series hosted by CISO Platform in partnership with FireCompass. The roundtable will focus on "New Guidelines & CISO Priorities for 2025"

    Date: December 1st - December 31st 2025

    Venue: Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata

    >> Register Here

  • Created by: Biswajit Banerjee

Fireside Chat With Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.)

Jan 10, 2026 from 4:30pm to 5:00pm
Online
  • Description:

    We’re excited to bring you an insightful fireside chat with Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.) and Erik Laird (Vice President - North America, FireCompass). 

    About Sandro:

    Sandro Bucchianeri is an award-winning global cybersecurity leader with over 25…

  • Created by: Biswajit Banerjee
  • Tags: ciso, sandro bucchianeri, nab