GW: I'm no different [from] other CIOs. For example, we are currently planning to migrate our call management system. There are a couple of reasons for that: one is to potentially increase our revenue by ensuring customers are happy with our services, secondly is to do things more efficiently and effectively, to drive down expenses.

The other thing we do within RSA is that we act as an extension of the engineering department, specifically for the quality assurance group, as we test our products internally before [they're] shipped to the customers. We can see how the products actually work to provide advice and raise problems we see to engineers. This is the unique value we see for the company. Many CIOs in technology companies would do the same as well.

My role, like a lot of CIOs, has changed over the years. It's less about managing the infrastructure and more being a business partner. It's actually the part of the job that I enjoy the most.

Any good security policy depends on three things, people, process and technology. The typical role of a CIO is to go out and get that technology. But what makes the difference between success and failure is hiring good strong people who understand the technology as well as policies and procedures.

CWHK: You have a background in business, before shifting sides to become an IT professional. How does that help your role as a CIO?