Kevin Villanueva


Kevin has been in the information technology field since 1997 and leads the firm’s IT infrastructure and security practice. He specializes in government, not-for-profit, private entity, higher education, and health care clients. His areas of practice include IT security assessments; penetration testing; PCI DSS assessments; HIPAA compliance auditing; HITRUST readiness and validation assessments, strategic technology planning; disaster recovery and business continuity planning; policies, procedures, and documentation development; and project management. In addition, he has designed and conducted technology assessments based on the internationally recognized ISO/IEC 27001/2, NIST, and COBIT standards, and has served as technical counsel on hundreds of technology security projects.

Selected Speaking Engagements

  • Are You Ready to Deal With a Cyberattack?
    (OGFOA 2018 Fall Conference, Salem, October 2018)
  • Why You Got Hacked (and how to make sure it doesn't happen again)
    (Healthcare Financial Management Association Webinar, May 2018)
  • Emerging Cyber Threats to Casinos
    (National Indian Gaming Conference, April 2018)
  • Internal Controls: Top Reasons Your Tribe Got Hacked
    (Native American Finance Officers Association Conference, April 2018)
  • Cybersecurity Best Practices for Casino Operations
    (National Indian Gaming Association, Indian Gaming Tradeshow & Convention, April 2017)
  • Cybersecurity: Fraud Prevention and Cybersecurity
    (Maritime Commerce Club, February 2017)
  • Disaster Recovery
    (Northwest Association of Financial Professionals, February 2017)
  • The Internet of Things - Smart Devices, Not So Smart Technology
    (University of San Diego, Not-For-Profit Governance Conference, January 2017)

Professional Affiliations

  • Member, Information Systems Audit and Control Association


  • BS, business administration, Pepperdine University

Insights from Kevin Villanueva