CISO Blog

Approaching AI, Identity, and Scale

April 2, 2025
Share this blog post
Approaching AI, Identity, and Scale

On the 26th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Kirsten Davies, former Chief Information Security Officer at Estée Lauder and Unilever and founder of The Institute for Cyber. Kirsten's storied career has given her a front-row seat to understanding the complexities of securing global organizations. In this conversation, Kirsten shares insights on the scale of enterprise cyber operations, the hidden challenges of AI-powered security innovation, and how human risk is still the biggest concern in the age of AI.

Kirsten doesn't see cybersecurity as just a job—it's a personal calling. "I have yet to meet a person in cybersecurity who's stayed in cyber that doesn't have that innate desire to protect or defend," she says. "The ones that run to the fire, that say, hey, if you need somebody, it's me, I'm going to step into the gap." That mindset has guided her across some of the most complex digital environments in the world. She's held leadership roles at companies like Hewlett Packard Enterprise, Siemens, Barclays Africa Group, Unilever, and Estée Lauder, overseeing global security operations spanning dozens of countries and thousands of employees. These weren't isolated environments or clean-sheet tech stacks—they were sprawling, layered, and highly targeted. Her work has involved modernizing legacy systems, integrating global regulatory requirements, and leading enterprise-wide transformations that touch everything from manufacturing to retail to critical infrastructure. Her instincts for defense were shaped even before she entered the corporate world. "I used to be in the music industry…I had a couple of stalkers," she recalls. "I would change my name at hotels and publish a false itinerary because I had some real creep following me." That experience taught her how to think like an attacker, always anticipating where danger might lie. "It feeds into our innate nature in security, which is to protect other people. It could be just to protect ourselves initially…but I think it's much more than that." That deep-rooted desire to protect others drives Kirsten's leadership style today. And it’s also what gives her credibility when she speaks about what it takes to secure an enterprise—because she’s done it, again and again, at a global scale.

Having led security functions across consulting, manufacturing, and consumer goods, Kirsten has learned that good ideas aren’t always enterprise-ready. She recounts a story of championing a promising Israeli startup at Hewlett Packard Enterprise, only to watch their technology collapse during a trial run. “We put them inside a sandbox, and they failed miserably,” she says. “But they went back, re-architected their solution, and became incredibly successful.” The lesson wasn’t to avoid startups altogether. Instead, Kirsten believes innovation should be tested and introduced with a complete understanding of the organization’s structure and appetite for change. “Understand what your culture is—build vs. buy vs. blend—before introducing innovation,” she advises. When evaluating new tools, leaders must decide whether to push for change or work with what's already in place. “You need to know whether you're going to die on the hill of getting new technology in place or if what’s already there is ‘good enough.’” These strategic decisions are becoming even more critical, particularly as the threat landscape shifts from infrastructure to identity.

As Kirsten sees it, modern attacks are no longer limited to networks or endpoints. They’re targeting people—employees, executives, and everyday users—using smarter and faster tools than anything the industry has faced before. “The sophistication of whaling, spear phishing—AI is being used very smartly, and it’s bypassing traditional filters,” she says. These threats are no longer theoretical. Kirsten shares a striking example: “A colleague of mine used AI to spoof his own voice and bypass voice authentication on his utility account. That was nine months ago.” Criminals now have access to capabilities once reserved for nation-states and are moving fast. “Everything is faster now. Criminals are in and out before you even realize there’s been a breach.” Rather than give up hope, Kirsten is focused on how defenders can adapt. “There’s enormous opportunity in silent AI, learning patterns, flagging abnormal behavior, and defending systems before humans even see it,” she says. With machine identities far outpacing human ones, AI-powered support is increasingly essential. “Identity management has exploded,” she notes. “There are more service accounts than people.”

Kirsten doesn’t promise a finish line in cybersecurity. “I don’t think we’ll ever be done with this battle… for as long as there’s internet and as long as there’s digital,” she says. But she’s not discouraged. What gives her hope isn’t a single product or algorithm—it’s people. Whether building awareness, forging partnerships, or leaning into new AI-powered security solutions that learn and adapt beneath the surface, she believes the future of defense will always be a mix of human instinct and machine intelligence. “It still goes back to relationships, to good old-fashioned communication, to walking alongside others and saying, 'Let me show you a couple of new tricks,’” she says. For the next generation of defenders, her message is simple and compelling: “This is the most exciting field I have ever been a part of… and for those who love challenges, who want purpose, and who are already thinking about legacy—this is the field for you.”

Listen to Kirsten's episode here and read the transcript here.