CIO Influence Interview with Kirsty Paine, Field CTO & Strategic Advisor of Splunk

Kirsty Paine, Field CTO & Strategic Advisor at Splunk discussed the process of implementing zero-trust security models, how to balance innovation with risk management when deploying AI-driven security solutions, and more about predictive analytics and threat intelligence in this Interview with CIO Influence…

——–

Hi Kirsty, welcome to the CIO Influence interview series. Walk us through your career journey from being a strategic advisor to now being a field CTO at Splunk.

I started in cyber security while working for the UK National Cyber Security Centre, NCSC, where I worked for several years. I started at the NCSC as a mathematician, focused on cryptography. From there, I moved around in the organisation doing interesting maths work – machine learning and AI, before it was popular! – but I eventually ended up in a role that was focused on looking at technologies that might affect the security of the UK in the next 5 to 10 years. The topics I focused on during my time at NCSC, such as AI, IoT, and quantum, are now a huge part of the cybersecurity conversation and my current role as a field CTO at Splunk. This has allowed me to pair what I learned in academia and government to my current role, which helps Splunk and its customers better understand the security impact of emerging technology.  

Zero Trust is no longer just a concept but a necessity. How does Splunk support organizations in implementing zero-trust security models effectively? 

Adopting a Zero Trust security model is not just adopting a new technology; it’s much more involved. It demands real-time visibility, automation, and an integrated security strategy. Based on CISA’s Zero Trust Maturity Model, Splunk uses Zero Trust capabilities, including visibility and analytics, automation and orchestration, and governance, to help our customers effectively monitor environments. These help our customers to respond to emerging threats with speed and precision. 

At Splunk, we also work to integrate security and IT operations data, which gives organisations a comprehensive view of their infrastructure. We know the operational importance of breaking down silos that previously separated datasets. By doing so, we’re able to help teams make more informed decisions when faced with any kind of digital incident, from cyber threats to operational disruptions. When we think about Zero Trust at Splunk, we don’t necessarily think about restricting access. It’s more about ensuring that every interaction is completely verified so that teams can securely access the data they need to act. 

Also Read: CIO Influence Interview with Carl Perry, Head of Core Services, Snowflake

AI and automation are reshaping security operations. How should organizations balance innovation with risk management when deploying AI-driven security solutions? 

Some of this problem is really old – many AI risks can be addressed with previous practices, such as robustly managing the supply chain or following decent software development guidelines. We can also learn a lot from our lessons in cloud adoption in this space. But AI is also setting a new paradigm in terms of pace of innovation and scale of adoption, so there are some specific actions we can take.

Holding a strong foundation of governance should be the first priority for organisations. Working with AI can only be done right if it aligns with organisational values, security policies, and regulatory requirements. Since risk management must play a large role in deploying AI, it’s important to think of it as part of the lifecycle, not an afterthought. Establishing clear processes for risk assessment and documentation is a critical way to do this. However, to go beyond governance, organisations need to understand the context in which AI is being deployed. AI should be used for specific purposes with an intended outcome, which will make it easier to understand any broader risks. 

One way to consistently manage the risk is through using frameworks, such as NIST’s AI Risk Management Framework, which outlines an approach on how to govern, map, measure, and manage AI risks. Integrating an effective framework enables organisations to operate efficiently while consistently applying a standard methodology to assess and reduce risks.

Testing is also a key part. Organisations need to ensure that AI is routinely and deliberately tested for security and safety violations, including any biases and accuracy concerns. This is particularly important if AI-driven decisions are starting to form a key part of your business logic. 

How is Splunk incorporating predictive analytics and threat intelligence into its security offerings to help organizations shift from reactive to proactive security postures? 

We help organisations move from reactive to proactive security, and the way we’re doing that is by integrating our predictive analytics and threat intelligence capabilities into our Splunk Enterprise platform. Our predictive analytics dashboard leverages the Machine Learning Toolkit (MLTK) to enable security teams to detect and analyse anomalies in their data with better accuracy. Through these capabilities, security experts can better anticipate threats before they get identified.

Splunk Enterprise Security also works to integrate this threat data from various sources, which gives security teams the tools to anticipate threat indications with real-time events. We believe it’s important to combine threat intelligence with predictive analytics so that SOCs can stay ahead of emerging threats to strengthen their security posture. One way Splunk does this is through MITRE ATT&CK mappings to help analysts find attackers earlier in their journey, meaning analysts (or automation) can take remedial actions before attackers can do any real harm”

Additionally, Splunk customers can now directly leverage Cisco Talos’ threat intelligence through Cisco Talos Intelligence for Enterprise Security, the Cisco Talos Intelligence connector for Splunk SOAR, and as a globally enabled feature in Splunk Attack Analyzer. With these integrations, we’re providing even more efficient threat detection, investigation, and response processes to swiftly identify and mitigate risks. 

Also Read: CIO Influence Interview with Ari Weil, Vice President of Product Marketing, Akamai

Quantum computing is often discussed in the context of breaking encryption. How should security teams prepare for a post-quantum future? 

The first step is to know what data you have, how it is currently secured, and how long you need it to remain secret. Maintaining an up-to-date asset inventory, including the planned lifetime of those assets, will aid in making the transition to quantum much easier. But it’s also good security practice! In truth, we don’t know if a cryptographically relevant quantum computer will ever exist, so doing activities that harden your security posture anyway is only a good thing.

The best thing we can do now is wait for standards around quantum to be established (NIST has standardised the cryptographic algorithms and primitives, but not put them into implementation space).

In parallel, the cryptography community is working to test and refine more algorithms that are still in the NIST process, so introducing solutions today could be premature as a more suitable algorithm may later be standardised. By staying informed on any updates and following good security practices, practitioners can be prepared to implement when these new standards are established – and if the threat of a quantum computer ever exists.

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]