Holland & Knight and SECond Opinions Welcome Camelia Lopez Shoemaker
Please allow us to introduce you, our readers, to new Holland & Knight Partner Camelia Lopez Shoemaker. Camelia joins us from a long and distinguished career at the U.S. Department of Justice (DOJ), where she most recently served as the sole global attorney advisor for dark web and cryptocurrency matters in the Office of Overseas Prosecutorial Development, Assistance and Training. Prior to this role, Camelia served in the U.S. Attorney's Office for the Eastern District of Texas, where her roles spanned from attorney in charge (deputy criminal chief) to senior counselor to the U.S. Attorney. She also served as the district's Computer Hacking & Intellectual Property attorney and National Security Cyber Specialist. Camelia joined our Dallas office earlier this month and took time from her busy schedule to answer a few questions about her practice.
Jessica B. Magee: Camelia, we are thrilled to welcome you to Holland & Knight! I know you had a lot of opportunities as you were leaving DOJ – what drew you to our firm, and are you settling in alright? As you continue onboarding, what tips or considerations would you suggest others have in mind if they consider a lateral move out of public service?
Camelia Lopez Shoemaker: Thank you for the warm welcome! Dallas certainly offers a lot of opportunity for lawyers, but what made Holland & Knight stand out for me was the people (some I knew already and many I met during the interview process), the wide variety of experience the firm offers its clients and the chance to grow in a totally new environment. My new colleagues and Holland & Knight's stellar integration and marketing team helped me feel supported enough to make the jump, which has also made settling in pretty fun and very busy. I can honestly say it felt like my professional home from Day One. While I don't have any advice for how to get that lucky, I would offer that for anyone considering such a move from public service, I highly recommend spending time figuring out how their skills and experience transfer to the private sector and get that elevator pitch about your target clientele down early! It's a big mind shift from the government role where new cases literally fall into your hands every day.
JBM: For folks who don't yet know you, your bio provides a great summary of your impressive background at DOJ – more than 20 years of public service, including in various domestic and international-facing leadership roles, more than 90 trials, and subject matter knowledge investigating and litigating matters involving financial services, cybersecurity, blockchain and digital assets and more. Can you dive a little deeper and tell us a bit more about some of your most memorable experiences and how they inform your plan for representing clients, whether they need advice involving corporate compliance or law enforcement matters?
CLS: I count myself fortunate to have enjoyed so many interesting and varied cases while at DOJ, and I think it's due to my saying yes to every opportunity during my first few years. For example, as a new white-collar attorney (and the only Spanish-speaking attorney in our office at the time), I said yes to supporting an international narcotics trafficking case by traveling to Colombia to meet with our U.S. Drug Enforcement Administration team, the DOJ attaché and the Colombian National Police in order to create our district's plan for evidence sharing, arrest and extradition pursuant to the applicable treaties. I ended up having a delightful tea with their minister of defense while also seeing firsthand the brave work our agents were doing to root out cocaine growers and distributors.
When I was asked to handle terrorism cases, I ended up with a 17-year-old planning an ISIS-inspired public attack, only to have the U.S. Supreme Court issue an opinion that gutted our jurisdictional hook to try the target as an adult in federal court – mere days before we were set to present the indictment at grand jury. Of course, the clock was ticking and the attack was still being planned, so I called on my former colleagues who were senior officials in the Collin County District Attorney's Office, and they agreed to take the case (17 is an adult in Texas) as long as I still led the prosecution as a Special Assistant DA. With many complicating factors and discovery challenges attendant to these types of cases, we (meaning my amazing state colleagues, the FBI team and I) had to devise and implement a new system with the court that would also ensure we met our obligations under Texas' expansive discovery rules, all while constantly battling stakeholders in Washington, D.C., who were unsure about our untested approach. With the public safety at risk, I am so proud that we persisted and prevailed.
The last case I led while at the U.S. Attorney's Office required every bit of the 20-plus years of experience my team members and I each had, and we were still learning. This was an emerging cyber threat powered by what the FBI estimated to be the largest single network of infected computers (a botnet) on record at the time. I led a dream team of agents from the Defense Criminal Investigative Service and FBI and, together with my colleagues from Main Justice and the U.S. Attorney's Office, we found ourselves in The Hague meeting with Polish and Swiss delegations about how the criminal activity was impacting their countries and later in Thailand and Singapore to meet with law enforcement officials to work out comparative law, arrest, asset seizure and extradition issues. For at least two years, my team met every week to strategize how to take down the botnet, preserve evidence and track down our globetrotting target at the same time.
These examples, while seemingly different, share a common thread along with most of the cases I handled: To be successful, I had to find common ground with each of the relevant stakeholders and then tap into my network, ask questions and approach the challenge from all angles. More often than not, the stakeholders were businesses or government entities that were victims or witnesses to the offense or had other significant equity in the outcome. I understood early how sensitive businesses are to working with law enforcement, meaning that while they were supportive of the public safety mission, they also had a duty to their clients and/or shareholders and to their data and resources, and all of those issues needed addressing. In every case, it was always just as important that I got what I needed from the organization in order to prove our case as it was to earn and maintain their trust. It is with this background that I will tackle problems that companies find themselves facing, and I am eager to bring the same level of representation, advocacy and responsiveness to Holland & Knight's clients.
JBM: Focusing a bit more on your cybersecurity work – what are some of the biggest risks and challenges companies are facing operationally, and what steps can they be taking to be proactive, not reactive, and demonstrate good faith and reasonable efforts if they find themselves under investigation whether by the SEC, DOJ, or other state or federal (or international) agencies?
CLS: Companies are facing threats from every direction, both external and internal. Looking externally, it's important for a business of any size to assume that it will be breached. Having regular security assessments, staying current with National Institute of Standards and Technology standards and recommendations, segregating systems that contain sensitive data and restricting their access to only employees with a need to know are just some of the infrastructure protections that can help stonewall an intrusion. Employee education and strict Bring Your Own Device policies are also basic practices to implement and, along the same lines, messages to customers as appropriate (such as the warnings you get when you initiate an online transfer from your bank) and securely retaining only the customer information that you absolutely need. Businesses also need to have an incident response plan in place that includes current contacts for law enforcement and a designated point of contact for the company. Tabletop exercises are great to practice the response, and I know the FBI special agents I worked with encouraged forming the relationship before a crisis hit.
Internally, companies that employ remote information technology workers need to be particularly careful when vetting an applicant and monitoring their access. DOJ is seeing a rising trend of workers, many from North Korea, either using fraudulent credentials to gain employment or taking advantage of a legitimate employee who is willfully outsourcing his or her own job to a third person unknown to the company. It's worth the effort to verify the physical identity, background and location of the person you are interviewing and conduct periodic in-person meetings. Not only does this impostor pose a security threat to the company, but they could also potentially expose the company to sanctions if the impostor is coming from a country with which doing business is prohibited.
JBM: During your time with DOJ, you also worked on elder fraud matters. SEC has made clear that it is focused on rooting out fraud affecting retail investors, including those targeting the elderly who are often caught up in schemes involving crypto, artificial intelligence (AI), unsuitable investment products and more. Tell us a bit more about your work in this space, a few basic principles to keep in mind to protect oneself against elder fraud risks and what a reader can do if she or someone she knows may be the victim of an elder fraud scheme.
CLS: Those cases were so heartbreaking. As if the financial impact wasn't devastating enough, what I saw was that the victims were left feeling more scared and vulnerable than ever and were often so ashamed of falling for the scam that they wouldn't talk about it to their own families, much less to law enforcement. What these victims had in common was a basic desire to connect with someone. Staying home and alone most of the day with their computers made them a captive audience. Add a sudden psychological stress such as a call from a supposed grandchild in trouble or finding out your savings are in jeopardy and boom – reason and common sense go out the window. Infatuation has the same effect, hence the scourge of "romance scams." While banks in Texas are shielded from liability if they block a customer from sending money they suspect was induced by fraud, I am not sure how often this happens. The scammers coach their victims in how to respond to questions from bank tellers or clerks ringing up gift cards, often keeping them on the phone during such purchases. Just openly talking about these scenarios with loved ones is important. There are tons of online resources and videos describing the scams and warning signs that are available online from AARP and the Federal Trade Commission, among countless others. If you suspect a loved one may be in trouble locally, the Senior Source of Dallas or Adult Protective Services may be able to assist. I recommend having candid conversations now with your loved ones, and the online videos offer a great starting point. We can all appreciate how easy it is to be fooled by AI these days, and we need to make those warnings as regular as we do our warnings to kids about stranger-danger.
JBM: 2026 is flying already – we are halfway through January, and that means the government is already into Q2 of fiscal year 2026 (which began October 1, 2025). As 2026 proceeds, what are you expecting – or maybe even hoping – to see from DOJ, SEC, or other state and federal agencies?
CLS: [pulls sleeve to polish crystal ball] Well, it's certainly an interesting time for government enforcement, but as we saw in the DOJ Criminal Chief's May 12, 2025, memo to DOJ attorneys and affirmed by Deputy Attorney General Todd Blanche in December – each briefed by Holland & Knight – white collar criminal enforcement is still a priority, although with more focus on individual actors and more protections available regarding corporate accountability. That being said, from a macro perspective I think we can still expect investigative requests to any entity that receives federal or state funding and is suspected to have taken any action that is inconsistent with the administration's priorities. I know it's vague and may change on a whim, but that's where we are. The good news is that the memo essentially gives us a road map to effectively advocate for our corporate clients. I think that the recent creation of DOJ's Division of National Fraud Enforcement, and the fact that it is led by an executive appointed special counsel rather than an existing leader within DOJ, demonstrates that the administration intends to move quickly this year to enforce its stated priorities. There will be pressure on the new division to produce results, and so we should be ready to mobilize a rapid response for our clients that get served with (likely broad) subpoenas. It may also be prudent to engage clients in a proactive thought exercise about potential areas of exposure, and Holland & Knight's guidance can be particularly helpful in that regard.
One additional topic that I think applies to every sector: crypto. Of course, newly issued tokens received a lot of attention in 2025, and with enthusiastic adoption from the White House coupled with open support for business innovation, many businesses are naturally interested in how digital assets can benefit them, too. Given that basically anyone with internet access can mint a coin, there is a perfect storm brewing of new issuances potentially running afoul of existing regulations. I expect that the SEC and DOJ will continue to be active in policing new issuances that result in losses for their investors, consistent with the May 2025 memo.
JBM: Camelia, thank you for sharing such valuable information with our readers. We look forward to your work with Holland & Knight on behalf of clients, as well as your contributions to the SECond Opinions blog.