Thomas O’Malley - Fighting Cybercrime Head-On: Expert Solutions for a Secure Future

Critical Stats

LinkedIn: https://www.linkedin.com/in/thomas-o-malley-591b329b

Started their cybersecurity journey in: 2009

Most passionate about: Consumer protection from identity fraud, account takeover, and scams

Favorite zero-day: None

Favorite song: No answer; this is a KBA [knowledge-based authentication] phishing question.

Introduction

Thomas founded FrozenPii.com, a public service website for free new accounts and government ID protection. His core mission is to help make it easy for people to take control of their identity for free, before or after criminals attempt to use their stolen identities to commit identity fraud. This includes breaking up the "Identity Theft Protection Racket" of lifetime credit monitoring services.

Before FrozenPii, he was a prosecutor for the U.S. Department of Justice (DOJ). He was an Assistant U.S. Attorney with the DOJ in the Southern District of Florida. Later, he joined the U.S. Attorney's Office in the Western District of North Carolina. While in the Western District of North Carolina, he became a Computer Hacking and Intellectual Property and an Identity Fraud prosecutor. He specialized in investigating and prosecuting criminals engaged in cybercrime, intellectual property theft, and identity fraud offenses.

Thomas is a cyber vanguard

We selected Thomas because he is a cyber vanguard! After a highly successful career prosecuting criminals, he is still helping protect those who need protection with his work via FrozenPii. Who better to honor than someone who has dedicated his life to helping others?

Without further ado, we asked Thomas our standard set of 5 questions to rule them all, and here are his responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

Data breaches significantly threaten consumers, especially those that target personally identifiable information (PII).

2. How can we address the growing number of threats organizations face?

Encrypt PII at the application level, not just at rest and in transit.  As of December 20, 2023, 2,611 organizations and 85 million to 89 million individuals have been victims of the Zero-Day attack on Progress Software’s MOVEit file transfer program (an example of a digital supply chain threat), which encrypts data only at rest and in transit. Progress Software faces dozens of class action lawsuits and an SEC investigation.

3. What are three actions a CEO can take to protect their company from cyberattacks?

1. Encrypt sensitive data and communications at the application level.

2. Don’t use unencrypted email for sensitive communications or sharing unencrypted files containing sensitive information. Use alternative secure communication platforms for sensitive communications and file sharing.

3. Compel company-wide use of multi-factor authentication on all accounts that could harm the company, employees, customers, and partners if there were criminal account takeovers.

4. What are the best resources for learning more about cybersecurity?

1. LinkedIn - I curate feeds of non-promotional, informative cybersecurity news.

2. Krebs on Security - Brian Krebs offers excellent investigative reporting on cybercriminals and their modus operandi.

3. Maine Attorney General’s Data Breach Notification List - It’s a weekly reminder of how large and small companies fail to protect PII, which is later used for other cybercrimes, including identity fraud, account takeover, and scams.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

Don’t do it unless you love it. If you love it, you’ll have a career. There’s not enough time in the day to do your work when you have a career.  If you have a job, there’s too much time in the day. I am paraphrasing Chris Rock. 

I was a state and federal prosecutor for 37 years because I loved the challenge of solving complex crimes, trying over 200 jury trials, and securing justice to make communities safer. I had a career, and so should you.

 It's not about the money. It's about sending a message. And what better way to send a message than to share this article?!

Are you looking to go to a persona page?

Cyber 101 | The Solopreneur | SMB | BoD