Kevin Villanueva
Partner
CISA, CISSP, CCSFP, PCI QSA, HITRUST CCSFP, CDPSE
kevin.villanueva@mossadams.com
(206) 302-6542
My Profile

Industry Expertise

E-Commerce Government Services Higher Education Hospitals Not-for-Profit

Practice Focus

CybersecurityIT ComplianceIT Consulting

Biography

Kevin has been in the information technology field since 1997 and leads the firm’s IT infrastructure and security practice. He specializes in government, not-for-profit, private entity, higher education, and health care clients. His areas of practice include IT security assessments; penetration testing; PCI DSS assessments; HIPAA compliance auditing; HITRUST readiness and validation assessments, strategic technology planning; disaster recovery and business continuity planning; policies, procedures, and documentation development; and project management. In addition, he has designed and conducted technology assessments based on the internationally recognized ISO/IEC 27001/2, NIST, and COBIT standards, and has served as technical counsel on hundreds of technology security projects.

Selected Speaking Engagements

  • Are You Ready to Deal With a Cyberattack?
    (OGFOA 2018 Fall Conference, Salem, October 2018)
  • Why You Got Hacked (and how to make sure it doesn't happen again)
    (Healthcare Financial Management Association Webinar, May 2018)
  • Emerging Cyber Threats to Casinos
    (National Indian Gaming Conference, April 2018)
  • Internal Controls: Top Reasons Your Tribe Got Hacked
    (Native American Finance Officers Association Conference, April 2018)
  • Cybersecurity Best Practices for Casino Operations
    (National Indian Gaming Association, Indian Gaming Tradeshow & Convention, April 2017)
  • Cybersecurity: Fraud Prevention and Cybersecurity
    (Maritime Commerce Club, February 2017)
  • Disaster Recovery
    (Northwest Association of Financial Professionals, February 2017)
  • The Internet of Things - Smart Devices, Not So Smart Technology
    (University of San Diego, Not-For-Profit Governance Conference, January 2017)

Professional Affiliations

  • Member, Information Systems Audit and Control Association

Education

  • BS, business administration, Pepperdine University

Insights from Kevin Villanueva

Alert
Updates to the GLBA Safeguards Rule for Higher Education
New Gramm-Leach-Bliley Act (GLBA) Safeguards Rule requirements for institutions of higher education take effect June 9, 2023.
Alert
Article
5 Tips for Wineries to Protect Their Business Against a Cyberattack
Explore five strategies to protect your assets and customers’ data, including employee training, penetration tests, and more.
Article
Article
How to Identify Top Cybersecurity Threats and Protect Your Organization
Learn to protect your organization with a more stringent cybersecurity strategy.
Article
Article
How to Integrate Cybersecurity with Your IT and Internal Audit Teams
Learn how IT and internal audit teams can better collaborate with one another to help strengthen cybersecurity.
Article
Article
How to Prepare Your Organization for the CMMC by End of Year
Get answers to commonly asked questions about the Cybersecurity Maturity Model Certification (CMMC) requirements and timelines.
Article
Article
Use a 5-Stage Strategic Plan to Implement New Technology
Learn the 5 stages of strategic technology planning along with considerations and questions for each stage to help breakdown the process.
Article
Article
Why Cyberthreats Are So Dangerous for the Oil & Gas Industry
Learn how the rise of digitization created unique hacker threats and how you can lower risks of a cyberattack.
Article
Article
Help Protect Your Winery from Cyberthreats Using These Key Strategies
Help your winery reduce damage caused by top-trending cyberthreats by following these key steps.
Article
Article
Stay Ahead of Cybersecurity Breaches and Off the Media’s Radar
Stolen data is extremely profitable. As cyberattacks become more prolific and publicized, it’s easy to conclude that the question becomes not if, but when information will be compromised. Moss Adams can help you stay one step ahead.
Article
Article
Assess Your Cybersecurity to Create a Competitive Advantage
IT security assessments aren’t only useful for warding off potential breaches and hackers.
Article
Article
FSA Updates Cybersecurity Compliance FAQs
The Federal Student Aid senior advisor of cybersecurity updated the Cybersecurity Compliance FAQs.
Article
Article
How to Improve Cybersecurity and Protect Your Organization
A stringent cybersecurity strategy helps prevent breaches, which are often the result of improperly secured systems and lack of awareness.
Article
Article
Protect Patient Data by Executing Best Practices and Controls with the HITRUST CSF
Learn why health care organizations are vulnerable to cyberthreats and how best practices with the HITRUST CSF can help protect valuable data.
Article
Article
Stay Ahead of Cybersecurity Breaches and Off the Media’s Radar
Stolen data is extremely profitable. As cyberattacks become more prolific and publicized, it’s easy to conclude that the question becomes not if, but when information will be compromised. Moss Adams can help you stay one step ahead.
Article