My next guests are Gabriella "Gabby" Cabero, Senior Vice President of Product at 8am — the powerhouse behind MyCase, LawPay, CASEpeer, and DocketWise — and Majo Castro, founder and managing attorney at CastroMand Legal in Austin, Texas. 🌟 Gabby is a 16-year legal tech veteran who co-founded CASEpeer and now drives product strategy across one of the most widely adopted law practice management platforms in the country. Majo is a Venezuelan-born cybersecurity and AI attorney whose solo firm helps growing companies navigate AI implementation, data management, and cybersecurity — and she writes about all of it on her Substack, The Cyber Law Gal. 🛡️ This is a no-fluff, peer-to-peer conversation about the exact workflows that separate a modern LPM from a liability, why the Data Processing Agreement is the most important acronym in your practice right now, and what your employees are almost certainly already doing with AI — whether you've approved it or not.

Join Gabriella Cabero, Majo Castro, and me as we discuss the following three questions and more!

What are the top three integrations or workflows a solo, small, or midsize firm should expect from a modern cloud-based LPM platform like 8am — and what's missing that signals a real red flag around efficiency, cash flow, or security?
As AI gets baked into cloud LPM tools like 8am, what are the top three day-to-day tasks that will change most for solo and small firm lawyers — and what basic security or ethical guardrails should they put in place to use those AI features without putting client data at risk?
For solo and small firms without a CISO or CTO, what are the top three cybersecurity mistakes you see over and over again?

In our conversation, we cover the following:

[00:00:00] 🪝 Show Hook — Gabby's critical warning: if your firm hasn't "adopted" AI, your employees probably already have — on free consumer tools
[00:00:00] Title read — Episode 139
[00:01:00] Host intro: why this conversation goes tactical on AI, security, and LPM workflows
[00:02:00] Guest introductions — Gabriella Cabero (8am/MyCase) and Majo Castro (CastroMand Legal / The Cyber Law Gal)
[00:03:00] Majo celebrates 1.5 years as a solo practitioner 🎉
[00:03:00] Ad: Five-star review request for The Tech-Savvy Lawyer.Page
[00:03:30] Tech setups — Gabby's MacBook Air (M4 chip), iPhone Max, Slack, Zoom, Google Drive, Claude Enterprise
[00:06:00] Gabby's portable USB-C external monitor for travel (Amazon, highest-rated)
[00:09:00] Majo's MacBook Pro 14" M4 (16GB RAM), performance issues, upgrade path discussion
[00:10:00] Michael recommends Onyx (free Mac maintenance utility); Michael's Mac Studio M3 Ultra with 256GB
[00:11:00] Mac Mini and Mac Studio as desktop alternatives; MacRumors Buyer's Guide tip
[00:13:00] Apple Business Account benefits — small discounts + white-glove service
[00:15:00] Majo's full setup: iPhone 16 Pro Max, Google Workspace + Gemini (team account with DPA), DJI Osmo Pocket 3, Hollyland wireless mic
[00:16:00] Q1: Top three LPM workflows — intake, secure client communication (client portal), and getting paid (trust accounting + automated invoicing)
[00:19:00] Majo on switching from QuickBooks to MyCase after discovering QuickBooks mishandles trust accounting
[00:20:00] 🎉 Gabby announces: AI case summary features are now LIVE in 8am/MyCase
[00:21:00] Cloud vs. local access debate — SaaS uptime, SLAs, and asking vendors for proof
[00:23:00] Michael's redundant backup strategy: Backblaze + Dropbox + local Mac Mini
[00:25:00] Cautionary tale: ransomware attack converts a server-based firm to the cloud overnight
[00:28:00] Majo's Google Drive third-party backup with 2-hour recovery window
[00:29:00] Q2: How AI changes daily workflows — drafting, case summaries, surfacing critical info fast
[00:30:00] Why reading vendor Terms of Service and activating Data Processing Agreements (DPAs) is non-negotiable
[00:31:00] 8am's SOC 2 Type 2 compliance; updated AI terms and opt-in controls coming
[00:32:00] SOC 2, HIPAA, end-to-end encryption as baseline vendor security requirements
[00:34:00] AI as the great equalizer — leveling the playing field for solo firms vs. BigLaw
[00:35:00] Majo's real data: ~12 hours saved last month across 27 consultations using Gemini for proposals
[00:36:00] Plaud and Pocket AI recording devices — data retention, PII, and DPA concerns
[00:37:00] Majo's stance on wearable AI recorders; Apple Watch comparison; one-party vs. two-party consent
[00:39:00] Plaud's terms say no AI training — but it's not a DPA; terms can change without notice 🚨
[00:40:00] Google Workspace DPA must be manually activated — most users don't know; creating user friction around protection
[00:41:00] Q3: Top cybersecurity mistakes — shadow AI, no MFA, undertrained employees
[00:42:00] Majo's checklist: DPA + no model training on client data + enterprise/team-tier subscriptions + MFA
[00:43:00] Gabby: employees are the #1 security risk; fractional IT and CISO options for small firms
[00:44:00] AI-powered phishing attacks on law firms will only intensify
[00:45:00] Majo's training method: positive AI policies + 45-second staff video explainers 🎬
[00:46:00] 🚨 Gabby's shadow AI reminder (Show Hook callback): audit your tech stack — your team already has
[00:47:00] Episode originally recorded at ABA Techshow; re-recorded after a technical snafu 😅
[00:47:00] Where to find Gabby: LinkedIn, X, 8am.com, Kaleidoscope conference (September — banner at 8am.com)
[00:48:00] Where to find Majo: LinkedIn (Majo Castro), CastroMand Legal, Substack: The Cyber Law Gal
[00:48:30] Outro — michaeldj@thetechsavvylawyer.page | next episode in ~two weeks