Thomas assists organizations of all sizes in identifying, evaluating, and managing complex information security, privacy and compliance risks.

He has guided hundreds of companies across various industries through high-stakes cyber incidents, such as ransomware, wire fraud, vendor compromises, and other technologically sophisticated attacks. Beyond managing legal and reputational consequences, Thomas believes the best and most effective incident response plan prioritizes pragmatic solutions tailored to a client's unique business operations and objectives.

Thomas routinely interfaces with executive leadership and information security teams as part of an organization’s general cybersecurity risk management strategy by conducting incident preparedness tabletop exercises, overseeing security risk assessment audits, and preparing as well as reviewing policies and procedures.  

He also works closely with clients to develop privacy programs that revolve around the collection, use, and transfer of sensitive information. He has experience protecting client interests through the evaluation and drafting of third-party agreements, privacy notices and terms of use agreements, and regulatory counseling on numerous comprehensive state privacy laws, HIPAA, GLBA, COPPA, FCRA, TCPA, and the FTC Act.

When not running in one of the many beautiful parks around Nashville or reading the next NYT bestseller, Thomas spends his free time chasing after his two kids with his wife.