Organizations are leveraging artificial intelligence to power security innovations and scale enterprise cyber operations; however, the human factor is still the biggest concern in the AI age, according to Kirsten Davies, chief information officer of the Department of War.
As discussions continue over how to use AI and cybersecurity to strengthen agencies’ security and portfolios, government officials like CIO Davies are shaping the conversation around execution, supply chains and future programs. Find out more at the Potomac Officers Club’s 2026 Digital Transformation Summit on April 22, where Davies will deliver a keynote speech and accept her 2026 Wash100 Award.
In a podcast interview, Davies, a veteran technology and cybersecurity executive whose career spans global leadership roles across the private sector and national security community, noted that AI is being used to combat cyberthreats such as whaling and spear phishing and to strengthen digital identity defense.
How Has AI Become Important in the Work of a CISO, CIO?
With AI being used to wreak digital havoc in organizations’ IT systems and the proliferation of modern cyber hacking methods such as whaling and spear phishing, Davies said there is an incentive to use AI for security operations.
“I think, on the attacker side, AI is being used very smartly, very smartly. The sophistication of whaling, spearfishing…is very strong and it’s bypassing a lot of those traditional filters that we had back in the day.
I think there are some practical uses of AI on the defense side that are more effective than others. We really need to be upping our game on the defense side when it comes to multifactor authentication, when it comes to voice ID verification, video identification. We’re behind already, and AI hasn’t really been mainstream for that long.”
However, Davies noted that she finds encouragement in the fact that the human factor still reigns supreme even in the digital age.
“I think what gives me encouragement is: everything old is new again. It still goes back to relationships with people. It still goes back to good, old-fashioned communication capability.”
“We still need to build alliances and coalitions and partnerships in defense for collective defense. We still need each other,” she added.
How Can AI Play a Role in Helping Protect Citizens’ Data?
Davies said AI can help in providing security to everyday tools like work email, mobile phones and tablets and online accounts. It could also be used to identify patterns of behavior and strengthen endpoint detection and response and predictive analytics.
What Are Some Best Practices for CISOs, CIOs?
Davies mentioned that some companies might encounter challenges when it comes to scaling.
“I realize that that’s probably one of the biggest lessons for organizations to learn is just because you have a great idea doesn’t mean that you understand what it takes to scale to the size of the prize that you’re actually after.”
She also noted the importance of clearly defining the company culture and identity before endeavoring to make big changes.
“Number one, super important to understand what your culture is, whether it’s a build versus a buy versus a, you know, like a smart source or a blended service model, that kind of a thing.
Number two out of that is you have to understand where your strengths and where your gaps are…You may have the greatest idea in the world knocking on your door, and you even implemented it at several other organizations, and you walk it in the door in this new organization where you’re ready to serve, and it may not be fit for purpose for where you are.”
What Is the Main Characteristic of a Person Who Works in Cybersecurity?
Davies said cybersecurity practitioners have in their nature a tendency to protect.
“I have yet to meet a person in cybersecurity who’s stayed in cyber, that doesn’t have that innate desire to protect or defend. I don’t think necessarily that’s something that’s been fostered, like something you can learn necessarily. I think it’s something that you have, that you nurture.”
Prior to her federal service, Davies served as chief information security officer at consumer goods enterprise Unilever. She also held technology and cyber roles at The Estée Lauder Companies, Barclays-Africa Group, Hewlett Packard Enterprises and Siemens.
Kirsten Davies has won her first Wash100 Award this year for cyber resilience and IT modernization leadership, reflecting both her deep cybersecurity expertise and her clear strategic vision for transforming defense IT into a mission-enabling capability. She will keynote POC’s 2026 Digital Transformation Summit on April 22. Sign up now to hear her views on large-scale IT transformation initiatives.
