Kevin Villanueva
Partner
CISA, CISSP, CCSFP, PCI QSA, HITRUST CCSFP

Biography

Kevin has been in the information technology field since 1997 and leads the firm’s IT infrastructure and security practice. He specializes in government, not-for-profit, private entity, higher education, and health care clients. His areas of practice include IT security assessments; penetration testing; PCI DSS assessments; HIPAA compliance auditing; HITRUST readiness and validation assessments, strategic technology planning; disaster recovery and business continuity planning; policies, procedures, and documentation development; and project management. In addition, he has designed and conducted technology assessments based on the internationally recognized ISO/IEC 27001/2, NIST, and COBIT standards, and has served as technical counsel on hundreds of technology security projects.

Selected Publications

  • "FSA Updates Cybersecurity Compliance FAQs" (Moss Adams Insight, May 2018)
  • "Safeguard Sensitive Patient Data with HITRUST CSF Controls" (Puget Sound Business Journal, May 2018)
  • "How to Improve Cybersecurity and Protect Your Organization" (Moss Adams Insight, October 2017)
  • "Protect Patient Data by Executing Best Practices and Controls with the HITRUST CSF" (Moss Adams Insight, July 2017)
  • "Evaluating Healthcare IT Security: A Holistic Approach" (California Healthcare News, August 2016)
  • "Assess Your IT Security to Creat a Competitive Advantage" (Moss Adams Insight, May 2016)
  • "Stay Ahead of Cybersecurity Breaches and Off the Media’s Radar" (Moss Adams Insight, June 2015)

Selected Speaking Engagements

  • Red Team Penetration Testing: Taking the offensive in cybersecurity
    (Moss Adams Webcast, June 2018)
  • Why You Got Hacked (and how to make sure it does not happen again)
    (Healthcare Financial Management Association Webinar, May 2018)
  • Emerging Cyber Threats to Casinos
    (National Indian Gaming Conference, April 2018)
  • Internal Controls: Top Reasons Your Tribe Got Hacked
    (Native American Finance Officers Association Conference, April 2018)
  • Five Challenges Every Chief Information Officer Faces
    (Moss Adams Webcast, October 2017)
  • IT You Can Use: Third-party Cloud Risks
    (Moss Adams Webcast, June 2017)
  • Protecting Health Care IT: Understanding the Benefits of HITRUST Certification
    (Moss Adams Webcast, April 2017)
  • Cybersecurity Best Practices for Casino Operations
    (National Indian Gaming Association, Indian Gaming Tradeshow & Convention, April 2017)
  • Cybersecurity: Fraud Prevention and Cybersecurity
    (Maritime Commerce Club, February 2017)
  • Disaster Recovery
    (Northwest Association of Financial Professionals, February 2017)
  • The Internet of Things - Smart Devices, Not So Smart Technology
    (University of San Diego, Not-For-Profit Governance Conference, January 2017)

Professional Affiliations

  • Member, Information Systems Audit and Control Association

Education

  • BS, business administration, Pepperdine University