Troy Hawes
Managing Director
CISSP, CISM, CISA, PCI QSA, CCSFP, CHQP
troy.hawes@mossadams.com
(206) 302-6529
My Profile

Industry Expertise

Communications & Media Government Services Higher Education Hospitality Tribal & Gaming

Practice Focus

CybersecurityHealth Care ConsultingIT ComplianceIT ConsultingSOC Audits

Biography

Troy has been providing IT consulting services since 2001. Troy serves clients in a variety of industries including communications and media, utilities and critical infrastructure, health care, and higher education. He is adept at working with the specialty IT compliance and security needs of SEC registrants, private businesses, government and tribal entities.

Troy has extensive experience managing and leading technology security and compliance assessments using a number of different security frameworks including NIST Cybersecurity Framework, NIST Special Publication 800-53, ISO 27002, Cloud Controls Matrix, HIPAA Privacy and Security Rules, Payment Card Industry Data Security Standards (PCI DSS), and others.

He also has deep experience managing and leading IT security audits and assessments, social engineering campaigns and penetration testing, PCI DSS audits, HIPAA security and privacy assessments, disaster recovery planning, alternatives analysis, network design and implementation, IT co-sourcing, and SOC audits. He frequently leverages his security expertise to determine areas of potential security weakness and infrastructure needs.

Troy is a frequent speaker and highly published thought leader on IT compliance and cybersecurity topics.

Selected Speaking Engagements

  • Why IT Compliance Isn’t Enough to Keep Your Organization Safe
    (Moss Adams Webcast, October 2020)
  • Cybersecurity for CFOs
    (Moss Adams Webcast, October 2020)
  • Disaster Planning: Five Steps to Protect Your Operations
    (Moss Adams Webcast, November 2019)
  • Preventing Cyber Attacks: How to Deter Top-Trending Threats
    (Moss Adams Webcast, May 2019)
  • Current State of Cybersecurity
    (Annual Business Owners & Accounting Professionals, Bellingham, November 2018)
  • Are You Ready to Deal with a Cyberattack?
    (Oregon Government Finance Officers Association (OGFOA) 2018 Fall Conference, October 2018)
  • All You Need to Know about Cybersecurity
    (International Association of Independent Accounting North America Conference, August 2018)
  • Are You Ready for GDPR?
    (International Association of Independent Accounting North America Conference, August 2018)
  • Integrating Cyber Security and Business Continuity to Ensure Continued Operations
    (NTCA 2018 Finance & Accounting Conference, August 2018)
  • Emerging Cyber Threats to Casinos
    (National Indian Gaming Conference, April 2018)
  • GDPR Disruption: Are You Prepared for the Impact and Changes?
    (Dallas Chapter Technology CFO Series, April 2018)
  • Internal Controls: Top Reasons Your Tribe Got Hacked
    (Native American Finance Officers Association Conference, April 2018)
  • Cybersecurity Best Practices Using the NIST Framework
    (Western Telecommunications Alliance Spring Conference, March 2018)
  • SOC for Cybersecurity: Check Your Threat Management Program
    (Moss Adams Webcast, January 2018)
  • Understanding the EU’s General Data Protection Regulation
    (Moss Adams Webcast, December 2017)

Professional Affiliations

  • Member, Cloud Security Alliance
  • Member, Health Information Trust Alliance
  • Member, Information Systems Audit and Control Association
  • Member, International Information Systems Security Certification Consortium
  • Member, Payment Card Industry Security Standards Council

Insights from Troy Hawes

Article
Protect Health Data: SOC Controls, HIPAA, and HITRUST Compliance Intersect
Health care organizations can leverage System and Organization Controls (SOC), HIPAA, and HITRUST frameworks to maintain security and compliance.
Article
Article
HITRUST CSF Version Update and New Assessment Types
Ready to upgrade your HITRUST certification? Check out the new information for HITRUST assessments and version 11 here.
Article
Article
The 6 Intangible Costs of a Cyberbreach
Breaches can cost more than just lost data or access to systems. Learn tips to protect your organization.
Article
Article
Overview of APIs: Value, Benefits, and How to Avoid Vulnerabilities
Application Programming Interfaces offer quick transfer of information, but need to be properly inventoried. Learn details.
Article
Article
How to Identify Top Cybersecurity Threats and Protect Your Organization
Learn to protect your organization with a more stringent cybersecurity strategy.
Article
Article
How Security Governance Can Help Protect You from Cyberthreats
Create a framework that can protect and secure your organization’s most valuable asset—its data.
Article
Article
Prepare for Emergencies with Business Continuity and Disaster Recovery Plans
Business continuity and disaster recovery plans can help your company prepare for and resume business after an unexpected event.
Article
Article
Cybersecurity Impacts on M&A: The Importance of Due Diligence During COVID-19
Cybersecurity due diligence is always a key M&A factor, but COVID-19 disruption makes it even more important. Learn more.
Article
Article
Protect Your Tribal Entity Against Increased Email Fraud During COVID-19
Email fraud has increased by 300% during COVID-19. Learn steps to identify fraudulent emails and thwart an attack.
Article
Article
HIPAA Safe Harbor Law Requires HHS to Incentivize Cybersecurity
The HIPAA Safe Harbor Law incentivizes cybersecurity best practices for health care entities. Learn more.
Article
Alert
What to Know About the Microsoft Exchange Hack
Learn details of the high-profile attack and steps your organization can take if impacted as well as other cybersecurity measures.
Alert
Article
CCPA and GDPR: Consumer Privacy Policy Requirements and Steps to Stay Compliant
Learn about consumer privacy requirements that could impact your company and crucial compliance steps to prevent penalties.
Article
Article
Why Existing Compliance Programs Won’t Always Protect You from IT Risk
Don’t rely on a check-the-box strategy to mitigate threats and vulnerabilities. Bolster existing compliance programs.
Article
Article
Telehealth Cybersecurity Risks During COVID-19
The use of telehealth platforms has led to more cyberattacks. Learn how you can manage the increased risk and bolster security.
Article
Article
3 Tips to Stay Compliant with the California Consumer Privacy Act
Most companies with operations or customers in California will need to comply with new rules for collecting consumer information. Learn how to prepare.
Article
Article
Five Tips to Protect Your Company from Data Breaches
Learn how to identify and protect your company’s sensitive data through employee training, user access reviews, response plans, and more.
Article
Article
Stay Ahead of Cybersecurity Breaches and Off the Media’s Radar
Stolen data is extremely profitable. As cyberattacks become more prolific and publicized, it’s easy to conclude that the question becomes not if, but when information will be compromised. Moss Adams can help you stay one step ahead.
Article
Article
What You Need to Know About Cybersecurity before Starting Due Diligence
Learn how technology companies planning for an exit can benefit from strengthening their cybersecurity efforts prior to a due-diligence review.
Article
Article
How to Improve Cybersecurity and Protect Your Organization
A stringent cybersecurity strategy helps prevent breaches, which are often the result of improperly secured systems and lack of awareness.
Article
Article
SOC for Cybersecurity: How to Check the State of Your Cyberrisk Program and Build Stakeholder Confidence
Mitigate cyber threats and build stakeholder confidence with a SOC for Cybersecurity audit.
Article
Article
Preparing for Compliance with the General Data Protection Regulation
An overview of the General Data Protection Regulation and key considerations for organizations needing to be compliant.
Article
Article
Protect Patient Data by Executing Best Practices and Controls with the HITRUST CSF
Learn why health care organizations are vulnerable to cyberthreats and how best practices with the HITRUST CSF can help protect valuable data.
Article
Article
Stay Ahead of Cybersecurity Breaches and Off the Media’s Radar
Stolen data is extremely profitable. As cyberattacks become more prolific and publicized, it’s easy to conclude that the question becomes not if, but when information will be compromised. Moss Adams can help you stay one step ahead.
Article