Splunk’s Kirsty Paine on Resilience, AI, and Empowering the Next Generation of Woman in Cyber

We sat down with Kirsty Paine, Field CTO & Strategic Advisor at Splunk, a Cisco Company, and the 2025 Women in Cyber Leader of the Year winner, to discuss her journey from mathematician to cybersecurity leader and trusted advisor on global resilience.

Paine also shares how she’s helping shape the next generation of women in cyber, while driving innovation and resilience across the evolving security landscape. What first inspired your interest in cybersecurity, and what continues to drive your passion for the security industry today?

I fell into this career a little bit by accident. I was (still am) a big mathematics nerd and I ended up at the National Cyber Security Centre, where I focused on cryptography and broadened out to cyber security more generally, focusing on privacy, AI and internet tech. My background in cryptography and data analysis still shapes how I tackle today's security challenges.

I thrive on tackling tough problems and finding creative fixes by thinking differently - that's what keeps me passionate about security. I’m proud to work for Splunk; I see the difference it makes to our customers and how we are advancing the status quo in security as a market leader. Splunk is the heartbeat of so many SOCs and IT teams, allowing them to leverage data to take the best actions, with fast detection, investigation, and response.

Looking back on your career, is there a particular project or professional experience that has been especially meaningful or fulfilling for you?

I immediately thought of building the world’s first international standard for consumer IoT device security: EN 303 645. That’s truly raising the cyber hygiene baseline across the globe, which must make it a career highlight, and something I never thought I’d be able to do (especially not in my 20s, relatively early in my career).

Since then, I’ve realised we can really move the needle in security if we have the right people, direction and engine power. Working with CISOs and regulators across Europe has positioned me as a trusted advisor at the crossroads of policy, practice, and innovation – which is a privilege and an honour that I take very seriously.

Recently, I’ve been breaking new ground through collaborating with the World Economic Forum on reports like The Cyber Resilience Compass, which is a collection of best practices for our industry, and publishing new ideas like “demand chain security”. Now, I’m preparing to launch a toolkit with the Forum for measuring cyber resilience. You can’t know what you don’t measure! So, this will give security leaders a tangible way to benchmark progress, because cyber resilience (not only cyber security) is what we aspire to build.

  In your role at Splunk, how have you helped to accelerate innovation and strengthen the company’s impact across the EMEA region?

My job is perhaps the coolest job; I get to meet with our most strategic security customers all over EMEA and listen to them. Hearing their problems, sharing our vision and direction, and getting their feedback is so rewarding, interesting and downright fun. Security isn’t short-term, so our customers need confidence and trust in Splunk for their futures, which I’m building with them. I’ve elevated Splunk’s presence and messaging across EMEA, inspiring our customers by drawing lessons from sectors such as Formula 1 where constant innovation means survival. I have spearheaded security briefings, co-authored the State of Security and CISO Reports, spoken on stage, and helped to shape Splunk’s security strategy by sharing what our customers are asking for. I help build the trust and credibility that keeps Splunk ahead.

From your perspective, how have you seen the cybersecurity landscape evolve in recent years, and where do you think it’s heading next?

It’s only getting tougher out there, but we have a game-changer with the widespread adoption of AI. It’s reshaping cyber security on both sides, bringing new defences and new risks, but also new challenges like, how do you reward your people and talent when they are AI-enabled? What do your L1 analysts do if AI can do all of their work? Do we need a L4 analyst role to be created in the SOC?

  As emerging technologies like quantum computing advance, what potential impact do you foresee them having on the future of cybersecurity?

Quantum computing is advancing, but a bigger push is the government advice around it. It’s prompting organisations to assess the impact of quantum computing in their organisation and make plans to address it. Organisations are challenging their vendors on their roadmaps and simultaneously recruiting for post-quantum cryptography knowledge.

Because this change programme will be multi-year, it’s important to designate a person with longevity (such as someone on the board) to have oversight and make sure that clear steps towards preparedness are being taken, rather than kicking the can down the road. Developing a clear strategy will be critical as the field evolves.

A phased, risk-based approach – with calm, not panic – is the best approach to plan for the quantum threat. What advice would you give to women aspiring to build their careers in cybersecurity or join pioneering organizations like Splunk?

If you are curious and into solving problems, cyber security is for you! For women, don’t ever feel like you don’t belong, because you do. You have a network of people just waiting to work with you, who will be inspired by what you bring and who you can learn a lot from too. If you’re looking to join any particular organisation, make sure they have a good culture, because everything else you can build or fix – but it has to start with culture. I’ve always found Splunk is fantastic for its culture, collaboration, and humour.

And, in this high-pressure field, a healthy sense of humour and perspective is essential! Not just for growth, but for not burning out too. There’s always more to do but you must protect your brain and rest properly. If you can show up as the best version of yourself, you can easily square up to the complex challenges we have in this industry.