Thomas assists organizations of all sizes in identifying, evaluating, and managing complex information security, privacy and compliance risks.
He has guided hundreds of companies across various industries through high-stakes cyber incidents, such as ransomware, wire fraud, vendor compromises, and other technologically sophisticated attacks. Beyond managing legal and reputational consequences, Thomas believes the best and most effective incident response plan prioritizes pragmatic solutions tailored to a client's unique business operations and objectives.
Thomas routinely interfaces with executive leadership and information security teams as part of an organization’s general cybersecurity risk management strategy by conducting incident preparedness tabletop exercises, overseeing security risk assessment audits, and preparing as well as reviewing policies and procedures.
He also works closely with clients to develop privacy programs that revolve around the collection, use, and transfer of sensitive information. He has experience protecting client interests through the evaluation and drafting of third-party agreements, privacy notices and terms of use agreements, and regulatory counseling on numerous comprehensive state privacy laws, HIPAA, GLBA, COPPA, FCRA, TCPA, and the FTC Act.
When not running in one of the many beautiful parks around Nashville or reading the next NYT bestseller, Thomas spends his free time chasing after his two kids with his wife.
-
University of Tennessee College of Law
Juris Doctor
University of Tennessee
Bachelor of Arts, Political Science
Bar Admission
Tennessee
-
Presenter, “AI Readiness Webinar Series: Preparing Your Company for What’s Next,” ProTech Services Group (Oct. 2025)
Presenter, “Beyond Playbooks: Develop a Resilient Incident Response Plan for Real-World Chaos,” 2025 InfoSec Nashville Conference (Sept. 23, 2025)
Guest Article “Protect Your Organization from RaaS Raiders,” Healthcare IT Today (Sept. 18, 2025), https://www.healthcareittoday.com/2025/09/18/protect-your-organization-from-raas-raiders/
Presenter, “Cyber Incident Response Planning and Response: Legal, Operational, and Reputational Risks and Considerations,” Nashville CIO Council (June 13, 2025)
Podcast Participant, “Cyber Survivor with Dan Dodson,” Episodes 4 and 8, Fortified Health Security, https://fortifiedhealthsecurity.com/cyber-survivor/
Presenter, “Ransomwares, Breaches and Student Data Privacy,” Tennessee Educational Technology Association (Apr. 2, 2025)
Presenter, “Cybersecurity Incident Tabletop Exercise for Board Members,” Nashville NACD Chapter (Feb. 18, 2025)
Podcast Participant, “Exploring Legal Landmines in Incident Response,” Exploring Information Security (Nov. 12, 2024), https://www.exploresec.com/eis/213
Presenter, “5 Legal Landmines of Incident Response,” 2024 InfoSec Nashville Conference (Sept. 12, 2024)
Presenter, “Anatomy of a Ransomware and Legal Preparedness,” NTC Cyber Security Executive Peer Group (July 29, 2024)
Podcast Participant, “Lawyers, Breaches and CISOs,” Episodes 190 and 191 of CISO Tradecraft (July 22, 2024)
Presenter, “International Perspectives on Ransomware,” Tennessee Bar Association (Oct. 2023)
Presenter, “The Current State of Regulatory Affairs” with the Tennessee Attorney General, 2023 InfoSec Nashville Conference (Sept. 27, 2023).
Presenter, “What You Need to Know About Cybersecurity,” Colorado Roofing Association (Oct. 5, 2022)
Presenter, “Ethical Obligations in Protecting Client Information,” Tennessee Attorney General Office (Oct. 2, 2020)
Presenter, “Big Data in the Dawn of the Privacy Reformation, Nashville Technology Council’s Analytics Summit 2020 (Sept. 20, 2020)