"We're [CSOs] all focused on this balance of being able to reduce risk while enabling the business," says Lionbridge CSO & CPO Doug Graham. But, he adds, "There's no real hard-and-fast rules about how much risk and what that recipe is." For Graham, the most concerning part about the CSO role isn't that there aren't any hard-and-fast rules about the right recipe for risk; instead, it's "making sure you've presented all the options and you haven't missed something…. Am I presenting the balance right to the rest of the leadership team so we that can make sensible decisions that are right for the company?" As for how Graham makes sure he's getting the most out of his security technology investment, "it's a case of defining our controls, measuring their coverage, and measuring their effectiveness," he says. "And I think that gives you two very simple metrics. What's my coverage? And what's the effectiveness of my controls?"