CISO Confidential Podcast: Lessons in Real-Time Risk Leadership from Ben Smith

In a crisis, quantitative thinking, cross-functional alignment define effective CISOs

By Jeff Copeland

In this episode of CISO Confidential, SAFE CEO Saket Modi debriefs Ben Smith, SVP and CISO at Optimum, for a firsthand account of crisis-driven leadership during one of the most volatile periods in modern enterprise security: the onset of COVID-19. 

Watch this episode of CISO Confidential now.

Smith was leading security for a hospital organization when he received a 12:30 AM call reporting the first confirmed COVID case. By 6 AM, he had convened his team and begun planning for rapid operational relocation, field hospitals, and emergency infrastructure.

What followed was a case study in real-time, applied risk management. Smith quickly ordered seven “networks in a box” — a decision that proved prescient when supply chains froze weeks later — and established six dedicated war rooms covering domains from telephony to hardware. “Getting all those folks together and driving toward a common goal is absolutely what cybersecurity is all about,” he explains. 

The reality on the ground was far from polished: Teams were “wrapping Cat 5 around light poles” in parking lots to connect clinical staff. Preparation, not perfection, was the goal.

A central theme of Saket’s conversation with Ben is maturity in risk thinking. Early-stage programs often chase individual technical risks, but Smith argues that long-term effectiveness comes from understanding the complexity of risk factors and their business impact. As organizations mature, discussions shift toward financial exposure, investment trade-offs, and quantified scenarios — conversations that resonate strongly with CFOs and boards.

Smith also highlights the growing influence of external forces accelerating quantitative risk practices. Insurers and frameworks such as FAIR are increasingly defining required controls and cost drivers, making risk more defensible and less subjective. “It’s much harder to argue,” he notes, “when someone says you won’t be insured unless you address these factors.”

The takeaway is clear: Strong CISOs are distinguished not by perfect foresight, but by their ability to interpret complexity, prioritize under pressure, and translate uncertainty into decision-grade insight. As Smith puts it, understanding the layers of risk “is what’s going to make you a good CISO long term.”

View more CISO Confidential podcast episodes.