About Us

Thomas Nohs, CISSP, CCA, CCP - CMMC 2.0 Serving Long Island, New York



Cybersecurity Consultant



  • C3PAO - CMMC Certified Third-Party Assessor Organization
  • CMMC-AB Registered Practitioner (RP) 2021
  • CMMC-AB, CAICO Certified CMMC Professional (CCP) 2023
  • Certified Information Systems Security Professional (CISSP) 2018

Professional Organizations

LIPN, LIEN, ILTA, InfraGard, (ICS)2, NY Chapter of (ICS)2, Long Island Chapter (ICS)2, and CMMC-AB.

Trained and Certified Information Cybersecurity Professional.

Serving Long Island, New York Area

Information Technology Specialist for over 35 years in the small business and mid-tier market.  The last 15 years have been dedicated to implementing and practicing good cyber hygiene with many small and mis-size companies.  I have worked with the FBI and high-profile cybersecurity forensic companies on cyber events like Ransomware, highjacked account, malware, compromised email accounts, advanced persistent threats, etc.…  Unique experience in dealing with Ransomware and Cyber Insurance.

Our goal and my company’s goal are to prepare companies for cyber events as well preventing it from happening.  It is called the “Left of Boom”.  Boom is the cyber event; Left is the preparation or prevention of a cyber event.

DataSoftNow is a consulting company focused solely on Cybersecurity.  We work with several Managed Service Providers (MSP) both on Long Island and Manhattan in varying degrees of both compliance and certification for their company as well as their clients.  With newly released regulations; HIPAA, New York SHIELD Act, ISO 27001 preparation, Part 121 (Education, NIST Cybersecurity Framework 1.1), DoD NIST SP 800-171 Compliance; now certification, and NY DFS Part 500 there have been an increase in Third-Party security audits.

Over the past few years DataSoftNow has worked with many DoD contractors with their NIST SP 800-171 assessments.  In November 2020 DoD contractors were required to file their NIST SP 800-171 along with a POAM or risk not being awarded contracts.  Starting in 2023 DoD contractors will now be requiring CMMC 2.0 certifications to be awarded contracts.  In response to this we registered as a candidate for a Level 2 CMMC-AB assessor.   We also registered and passed the exam to become a Registered Practitioner which allow us to work with DoD contractors prepare for the CMMC-AB certifications.  As a Registered Practitioner and performing Readiness Reviews which are an essential step in preparing for the certification.  Registered Practitioners are trained by the CMMC-AB specifically to help contractors with their preparedness.    Recently passing the DoD CMMC CCP training and exam, I have been awarded the distinct certification as a Certified CMMC Professional (CCP).

2017 – Certified Information System Security Professional (CISSP) from the (ICS)2, the world largest and most prestigious cybersecurity organization in the world.

2021 – Registered Practitioner (RP), Department of Defense run organization, CMMC-AB (Cyber-AB).

2023 – Certified CMMC Professional (CCP), Department of Defense run organization, CMMC-AB (Cyber-AB).

DataSoftnow is a candidate Certified Third-Party Assessor Organization (C3PAO) with the Department of Defense (Cyber AB).   The organization is pursuing to be able to perform the CMMC NIST SP 800-171A (CMMC 2.0) Certifications.

Information Technology Certified Network Engineer (CNE 3.1 – 4.1) 1989 – 1999

Worked with the Port Authority of New York and New Jersey as a consultant in preparation of migration of COBAL applications that were used at the three major airport (JFK, Newark, and LaGuardia) to a new application that was Y2K complaint.  This included internet connectivity, web applications, client server applications and infrastructure.  

Information Technology Manager 1994 – 1998

Worked in the technology industry as a CNE for a major New York City international law firm.  I was quickly move up as the IT Manager for one of the firm’s office.  A major project that I was instrumental in getting proposed, budgeted, and implemented was the upgrade from all Microsoft DOS computers to Windows 95 fully networked.  Because of my work and expertise with database application design I was the principle in change of migrating our WANG (COBAL) accounting and document management system to a windows-based SQL server and accounting application as well as the migration of all documents from the WANG system to Micrososft Word.   The system incorporated over 800 computers, 200 Servers supporting 750 t0 1000 users.

Firm Information Technology Manager 1998 – 2003

Working in the legal space for a major New York City International Law Firm I was move to the firm wide position of Operations & Technology Manager.  Here again managing many upgrade to infrastructure and systems.  


Director of Information Technology 2004 – 2016

As the Director of Information Technology, my role was to manage both IT capital and operational budgets.  Our annual capital budgets were between 3.8 to 7.5 million dollars.   One major project that was implemented was on time and under budget.  This was the implementation of a firmwide Cisco infrastructure upgrade to support a new Cisco IP Telephony phone system.   I managed over 60 IT professionals and supervised 8 IT managers.  We were also managing over 45 capital and operational leases.  Tracking EOL equipment with full term leases.   Managing the leases and maintenace costs required a 3-year budget plan and carrying them year-over-year.

Information technology in law firms took a major turn in 2008.  Born was the Advanced Persistent Threat.  Working with the firm and understanding the threats the firm was facing; the IT department had to change in the new world of Cybersecurity.  All projects now included our internal cybersecurity expert.  Working hand-in-hand with one of the most prestigious cybersecurity firm in the world at that time, we rebuilt our entire infrastructure leaving no stone unturned.


President and CISO of DataSoftNow 2017 – Present

DataSoftNow is a Cybersecurity company with its main focus on the NIST SP 800-171A Certification and compliances, NIST Cybersecurity Framework 1.1 Compliance, ISO 27001 Preparedness. 

In performing these cybersecurity frameworks, we work with our clients in performing the tasks required to maintain a good cyber-hygiene.   Below is a list partial of periodic cyber tasks that are documented and performed:

  1. Annual Risk Assessment (NIST RMF)
  2. Bi-Annual Tabletop Exercises:    
  3. Incident Response
  4. Disaster Recovery
  5. Annual Full Disaster Recovery
  6. Quarterly User Account Review:
  7. Administrative Account Review
  8. User account review
  9. Bi-annual Authorized Device Review
  10. Monthly Change Management Review
  11. Monthly review of the Weekly Event Management
  12. Annual Review (Policies, Procedures, and Plans)
  13. Ad-hoc Review when cyber incidents occur.
  14. Incident Handling review
  15. Annual Security Assessment
  16. Software Inventory Review
  17. Monthly Vulnerability Scan review