The role of the CSO is continuing to evolve and becoming more distant from being a technologist as the IT C-suite becomes one with the business, according to EMC CSO Dave Martin.
Martin has being in the CSO role at EMC for 10 years.
Speaking to CIO Australia during the RSA/EMC Asia Pacific & Japan conference, Martin said that CSOs, like CIOs, need to understand what the business is trying to do and the value they can create.
For example, Martin said he is always looking to find ways to be a business enabler, rather than blocking technology or social media that can help EMC and RSA staff do their jobs.
"The [EMC] business units have individual governance and compliance risk committees. Members of my team participate with these committees and that gives us the ability to teach them about technical and data risk."
Martin added that the committees can tell him what security risks are most important to the business instead of him "just guessing".
"Sometimes I sit in these [committee] meetings and say, 'Wait a minute, I shouldn't be talking before realising what is better. The people who own the business are now talking about risks, some of which I have never thought of," he said.
In addition, Martin reports to EMC's board and audit committee. He also spends time talking to other company's boards about the risk questions they should be asking their security teams.
"One of the key things I tell company boards is that if you're asking the CSO how secure you are, you're probably asking the wrong person. You should ask a business person who is in the room with me to make sure we have the same answers."
When Martin isn't presenting to boards, he is looking at new threats posed by the Internet of Things (IoT).
"My concern with all these home automation things is that you can have over 100 smart devices in your house. Who's got time to figure out how many lightbulbs need a firmware push? Should all those lightbulbs be on the same network as the [smart] fridge?"
According to Martin, busy mums and dads can't be expected to take on the role of home network firewall admin. "These devices need to organise in logical ways that's self defending," he said.
Hamish Barwick travelled to RSA Conference APAC & Japan as a guest of RSA