The Role of Managed Service Providers for Cybersecurity with Thomas DeMayo

In this episode of CHATTINN CYBER, Marc Schein interviews Thomas DeMayo, Principal in the Cyber Risk Management group with PKF O’Connor Davies, LLP. Thomas is the lead Cyber Risk Adviser and Auditor for the firm. He is responsible for implementing and designing the Firm’s Cyber Security service offerings, audit programs, and testing procedures. Thomas consults in IT governance, information security, threat and vulnerability management, privacy, and IT compliance. Today, he shares his backstory of getting into cybersecurity and what he’s learned from his journey so far.

Even as a kid, Thomas had a fascination for computers. After graduation, he ended up taking a job in network engineering at PKF O’Connor. Later on, he was asked to check on the firm’s systems, IPS, and calculations. That led him to shift to cybersecurity. And around 2006-2007, he already had clarity on what he was supposed to do going forward.

Thomas talks about the client benefits of partnering up with someone who has both cybersecurity resources and tax intellect. They can advise clients on a more cyber-specific path and help control their program. That’s invaluable to a lot of clients.

Towards the close of the conversation, Thomas talks about the future of a hybrid work environment. Hybrid working may or may not persist for a long time. But it is something that is not going to go away any time in the near future.


“Even as a kid, I was kind of always fascinated with getting the computer to do what I wanted.”

“We are those trusted advisors who are able to come in and say, yes, we can help you, we could advise you on a more cyber-specific path and help you control your program. That’s invaluable to a lot of clients.”

“When we’re helping them, we’re advising them on what they need, and that’s what matters; that’s the key thing.”

“You have to challenge them to make you understand what their cybersecurity program is, or at least ask them, show us what your basic cybersecurity policy looks like. I think that’s going to start to help you understand you even have a level of formality.”

“As the world wakes up and really starts to focus on this, they’ll start to look at that supply chain risk.”

“Some businesses based on their business model will realize that this really does work. Our employees are happier and are still productive; we don’t need to be in the office to do certain things.”


[01:43] – Thomas explains how he got into the field of cybersecurity.

[03:58] – The benefits of partnering up with someone who has both cybersecurity resources and tax intellect.

[08:33] – Reasons why more clients are engaging in services related to cybersecurity.

[10:10] – Questions clients should be asking their Managed Service Provider.

[13:25] – Where do you see this hybrid work environment going in the next 18 months?

Connect with Thomas: