🎙️ Ep. 139, From MyCase to Claude: Building a Secure, AI-Ready Tech Stack for Solo and Small Law Firms.

My next guests are Gabriela “Gabby” Cubeiro, Senior Vice President of Product at 8am — the powerhouse behind MyCase, LawPay, CASEpeer, and DocketWise — and Majo Castro, founder and managing attorney at CastroMand Legal in Austin, Texas. 🌟 Gabby is a 16-year legal tech veteran who co-founded CASEpeer and now drives product strategy across one of the most widely adopted law practice management platforms in the country. Majo is a Venezuelan-born cybersecurity and AI attorney whose solo firm helps growing companies navigate AI implementation, data management, and cybersecurity — and she writes about all of it on her Substack, The Cyber Law Gal. 🛡️ This is a no-fluff, peer-to-peer conversation about the exact workflows that separate a modern LPM from a liability, why the Data Processing Agreement is the most important acronym in your practice right now, and what your employees are almost certainly already doing with AI — whether you've approved it or not.

Join Gabriela “Gabby” Cubeiro, Majo Castro, and me as we discuss the following three questions and more!

  1. What are the top three integrations or workflows a solo, small, or midsize firm should expect from a modern cloud-based LPM platform like 8am — and what's missing that signals a real red flag around efficiency, cash flow, or security?

  2. As AI gets baked into cloud LPM tools like 8am, what are the top three day-to-day tasks that will change most for solo and small firm lawyers — and what basic security or ethical guardrails should they put in place to use those AI features without putting client data at risk?

  3. For solo and small firms without a CISO or CTO, what are the top three cybersecurity mistakes you see over and over again?

In our conversation, we cover the following:

  • [00:00:00] 🪝 Show Hook — Gabby's critical warning: if your firm hasn't "adopted" AI, your employees probably already have — on free consumer tools

  • [00:00:00] Title read — Episode 139

  • [00:01:00] Host intro: why this conversation goes tactical on AI, security, and LPM workflows

  • [00:02:00] Guest introductions — Gabriela “Gabby” Cubeiro (8am/MyCase) and Majo Castro (CastroMand Legal / The Cyber Law Gal)

  • [00:03:00] Majo celebrates 1.5 years as a solo practitioner 🎉

  • [00:03:00] Ad: Five-star review request for The Tech-Savvy Lawyer.Page

  • [00:03:30] Tech setups — Gabby's MacBook Air (M4 chip), iPhone Max, Slack, Zoom, Google Drive, Claude Enterprise

  • [00:06:00] Gabby's portable USB-C external monitor for travel (Amazon, highest-rated)

  • [00:09:00] Majo's MacBook Pro 14" M4 (16GB RAM), performance issues, upgrade path discussion

  • [00:10:00] Michael recommends Onyx (free Mac maintenance utility); Michael's Mac Studio M3 Ultra with 256GB

  • [00:11:00] Mac Mini and Mac Studio as desktop alternatives; MacRumors Buyer's Guide tip

  • [00:13:00] Apple Business Account benefits — small discounts + white-glove service

  • [00:15:00] Majo's full setup: iPhone 16 Pro Max, Google Workspace + Gemini (team account with DPA), DJI Osmo Pocket 3, Hollyland wireless mic

  • [00:16:00] Q1: Top three LPM workflows — intake, secure client communication (client portal), and getting paid (trust accounting + automated invoicing)

  • [00:19:00] Majo on switching from QuickBooks to MyCase after discovering QuickBooks mishandles trust accounting

  • [00:20:00] 🎉 Gabby announces: AI case summary features are now LIVE in 8am/MyCase

  • [00:21:00] Cloud vs. local access debate — SaaS uptime, SLAs, and asking vendors for proof

  • [00:23:00] Michael's redundant backup strategy: Backblaze + Dropbox + local Mac Mini

  • [00:25:00] Cautionary tale: ransomware attack converts a server-based firm to the cloud overnight

  • [00:28:00] Majo's Google Drive third-party backup with 2-hour recovery window

  • [00:29:00] Q2: How AI changes daily workflows — drafting, case summaries, surfacing critical info fast

  • [00:30:00] Why reading vendor Terms of Service and activating Data Processing Agreements (DPAs) is non-negotiable

  • [00:31:00] 8am's SOC 2 Type 2 compliance; updated AI terms and opt-in controls coming

  • [00:32:00] SOC 2, HIPAA, end-to-end encryption as baseline vendor security requirements

  • [00:34:00] AI as the great equalizer — leveling the playing field for solo firms vs. BigLaw

  • [00:35:00] Majo's real data: ~12 hours saved last month across 27 consultations using Gemini for proposals

  • [00:36:00] Plaud and Pocket AI recording devices — data retention, PII, and DPA concerns

  • [00:37:00] Majo's stance on wearable AI recorders; Apple Watch comparison; one-party vs. two-party consent

  • [00:39:00] Plaud's terms say no AI training — but it's not a DPA; terms can change without notice 🚨

  • [00:40:00] Google Workspace DPA must be manually activated — most users don't know; creating user friction around protection

  • [00:41:00] Q3: Top cybersecurity mistakes — shadow AI, no MFA, undertrained employees

  • [00:42:00] Majo's checklist: DPA + no model training on client data + enterprise/team-tier subscriptions + MFA

  • [00:43:00] Gabby: employees are the #1 security risk; fractional IT and CISO options for small firms

  • [00:44:00] AI-powered phishing attacks on law firms will only intensify

  • [00:45:00] Majo's training method: positive AI policies + 45-second staff video explainers 🎬

  • [00:46:00] 🚨 Gabby's shadow AI reminder (Show Hook callback): audit your tech stack — your team already has

  • [00:47:00] Episode originally recorded at ABA Techshow; re-recorded after a technical snafu 😅

  • [00:47:00] Where to find Gabby: LinkedIn, X, 8am.com, Kaleidoscope conference (September — banner at 8am.com)

  • [00:48:00] Where to find Majo: LinkedIn (Majo Castro), CastroMand Legal, Substack: The Cyber Law Gal

  • [00:48:30] Outro — michaeldj@thetechsavvylawyer.page | next episode in ~two weeks

RESOURCES

Connect with Gabriela “Gabby” Cubeiro

Connect with Majo Castro

Mentioned in the Episode

Hardware Mentioned

Words of the Week: “ANTHROPIC” VS. “AGENTIC”: UNDERSTANDING THE DISTINCTION IN LEGAL TECHNOLOGY 🔍

lawyers need to know the difference anthropic v. agentic

The terms "Anthropic" and "agentic" circulate frequently in legal technology discussions. They sound similar. They appear in the same articles. Yet they represent fundamentally different concepts. Understanding the distinction matters deeply for legal practitioners seeking to leverage artificial intelligence effectively.

Anthropic is a company—specifically, an AI safety-focused organization that develops large language models, most notably Claude. Think of Anthropic as a technology provider. The company pioneered "Constitutional AI," a training methodology that embeds explicit principles into AI systems to guide their behavior toward helpfulness, harmlessness, and honesty. When you use Claude for legal research or document drafting, you are using a product built by Anthropic.

Agentic describes a category of AI system architecture and capability—not a company or product. Agentic systems operate autonomously, plan multi-step tasks, make decisions dynamically, and execute workflows with minimal human intervention. An agentic system can break down complex assignments, gather information, refine outputs, and adjust its approach based on changing circumstances. It exercises judgment about which tools to deploy and when to escalate matters to human oversight.

"Constitutional AI" is an ai training methodology promoting helpfulness, harmlessness, and honesty in ai programing

The relationship between these concepts becomes clearer through a practical scenario. Imagine you task an AI system with analyzing merger agreements from a target company. A non-agentic approach requires you to provide explicit instructions for each step: search the database, extract key clauses, compare terms against templates, and prepare a summary. You guide the process throughout. An agentic approach allows you to assign a goal—Review these contracts, flag risks, and prepare a risk summary—and the AI system formulates its own research plan, prioritizes which documents to examine first, identifies gaps requiring additional information, and works through the analysis independently, pausing only when human judgment becomes necessary.

Anthropic builds AI models capable of agentic behavior. Claude, Anthropic's flagship model, can function as an agentic system when configured appropriately. However, Anthropic's models can also operate in simpler, non-agentic modes. You might use Claude to answer a direct question or draft a memo without any agentic capability coming into play. The capability exists within Anthropic's models, but agentic functionality remains optional depending on your implementation.

They work together as follows: Anthropic provides the underlying AI model and the training methodology emphasizing constitutional principles. That foundation becomes the engine powering agentic systems. The Constitutional AI approach matters specifically for agentic applications because autonomous systems require robust safeguards. As AI systems operate more independently, explicit principles embedded during training help ensure they remain aligned with human values and institutional requirements. Legal professionals cannot simply deploy an autonomous AI agent without trust in its underlying decision-making framework.

Agentic vs. Anthropic: Know the Difference. Shape the Future of Law!

For legal practitioners, the distinction carries practical implications. You evaluate Anthropic as a vendor when selecting which AI provider's tools to adopt. You evaluate agentic architecture when deciding whether your specific use case requires autonomous task execution or whether simpler, more directed AI assistance suffices. Many legal workflows benefit from direct AI support without requiring full autonomy. Others—such as high-volume contract analysis during due diligence—leverage agentic capabilities to move work forward rapidly.

Both elements represent genuine advances in legal technology. Recognizing the difference positions you to make informed decisions about tool adoption and appropriate implementation for your practice. ✅