I work in this space. The article does a poor job of explaining exactly what this role does - but they allude to it with Chris Peake's comments.

> Peake, a former CISO, said a lot of the skills from his previous role have translated into his current one. However, he said the CTrO role differs from the CISO role because it operates more on the “business level,” as the work done by a CTrO can directly impact revenue generation, contract negotiation, and onboarding new customers.

In my view, it's a role that sits between Sales and Security. A major part of the role is getting customers and prospects information about your business and security controls to validate their own needs (e.g. compliance requirements). It's still a semi-technical role, but isn't necessarily focused on the nut-and-bolts of ground-level security.

Sounds like a Chief Compliance Officer but with applicability to less-regulated industries/markets.

Kind of. I think Compliance and Security officers have historically been considered an inward facing role.

The Trust officer is an outward-facing role.

Basically. But the issue is, in a lot of enterprises, the decisionmakers won't chat with anyone who doesn't have an exec title.

Thats what i was thinking. The lack of regulations limits opportunity because customers are scared of getting screwed, so the companies have to make their own rule to comply with, after assessing what safety customers want

The corpos yearn for regulations

This could be something to watch out for.

Always look at who is requesting more regulation. Make sure they’re doing it for the right reasons and not simply to build moats that small companies can no longer cross. It can be a form of regulatory capture to propose the regulations in the first place.

Or like a Chief Risk Officer, but with extra customer facing responsibilities

Well, it also helps to spread the responsibility and when you get hacked you can either promote one and fire the other one, or just fire both to show that you are doing something.

Eh, not really. There's pretty clearly lines of responsibility here.

The nuts-and-bolts security still falls to a CISO. This role is more about bridging the gap between security teams and customers. The Trust officer might have influence over high level roadmap items ("our customers are asking about X"), but the actual implementation will still land with the CISO.

Sort of like Chief AI officers. Or Chief Happiness Officers. We all wanna tell ppl we are at the forefront of some hot new trend… that isnt really a trend

I see myself as the CDE (Chief Delusion Enabler) for the managers I work with

Chief Executive Nerd checking in!

I am the Chief Apology Officer.

"We're really sorry it broke again, it wont happen again.. again"

The dirtiest management trick I know is get a manager to make a promise to employees, fire the manager, and then refuse to honor the promise, because the organization is not accountable for honoring promises made by its representatives (which is bullshit but we haven’t cracked how to push back).

The way to push back is to leave for a company that doesnt pull this bullshit*

(*requires healthy economy)

And why do you have 4 companies in 2 years on your resume here, here, and here?

CWB checking in. We should talk.

It does seem like at many places this person will be in charge of managing optics, rather than getting the workers training and priorities straight for making trustworthy software.

For one it’s always been easier to not get caught than to do the work. And even people who do the work will generally agree with that. It’s not about easy it’s about looking yourself in the mirror.