The CSO should also be an impartial assessor and evaluator of the IT environment. Accordingly, the CSO should conduct vulnerability and risk assessments, as well as audit the security measures implemented by the CIO. Charles Schwab has a CSO with a staff of more than 20 people who constantly assess and monitor internal and external network traffic operations.