Kevin Villanueva
Partner
CISA, CISSP, CCSFP, PCI QSA, HITRUST CCSFP

Biography

Kevin has been in the information technology field since 1997 and leads the firm’s IT infrastructure and security practice. He specializes in government, not-for-profit, private entity, higher education, and health care clients. His areas of practice include IT security assessments; penetration testing; PCI DSS assessments; HIPAA compliance auditing; HITRUST readiness and validation assessments, strategic technology planning; disaster recovery and business continuity planning; policies, procedures, and documentation development; and project management. In addition, he has designed and conducted technology assessments based on the internationally recognized ISO/IEC 27001/2, NIST, and COBIT standards, and has served as technical counsel on hundreds of technology security projects.

Selected Publications

  • "Protect Patient Data by Executing Best Practices and Controls with the HITRUST CSF" (Moss Adams Insight, July 2017)
  • "Evaluating Healthcare IT Security: A Holistic Approach" (California Healthcare News, August 2016)
  • "Assess Your IT Security to Creat a Competitive Advantage" (Moss Adams Insight, May 2016)
  • "Stay Ahead of Cybersecurity Breaches and Off the Media’s Radar" (Moss Adams Insight, June 2015)
  • "Cybersecurity: Net Threats Rise" (North Bay Business Journal, January 2015)
  • "The SEC’s New Focus on Cybersecurity for Broker-Dealers and RIAs" (Moss Adams Insight, May 2014)

Selected Speaking Engagements

  • Five Challenges Every Chief Information Officer Faces
    (Moss Adams Webcast, October 2017)
  • IT You Can Use: Third-party Cloud Risks
    (Moss Adams Webcast, June 2017)
  • Protecting Health Care IT: Understanding the Benefits of HITRUST Certification
    (Moss Adams Webcast, April 2017)
  • Cybersecurity Best Practices for Casino Operations
    (National Indian Gaming Association, Indian Gaming Tradeshow & Convention, April 2017)
  • Cybersecurity: Fraud Prevention and Cybersecurity
    (Maritime Commerce Club, February 2017)
  • Disaster Recovery
    (Northwest Association of Financial Professionals, February 2017)
  • The Internet of Things - Smart Devices, Not So Smart Technology
    (University of San Diego, Not-For-Profit Governance Conference, January 2017)
  • Cybersecurity: A Defense Strategy
    (Moss Adams Webcast, December 2016)
  • Cyber Attacks: Spear Phishing, Ransomware and the Internet of Things (IoT)
    (Moss Adams Webcast, August 2016)
  • Cybersecurity in Healthcare: Strategies for Mitigating Attacks and Protecting Your Organization
    (Foley & Lardner seminar, May 2016)

Professional Affiliations

  • Member, Information Systems Audit and Control Association

Education

  • BS, business administration, Pepperdine University