Troy Hawes


Troy has been providing IT consulting services since 2001. He serves clients in a variety of industries, including government entities, communications and media organizations, various critical infrastructure sectors, health care organizations, publicly traded entities, private businesses, and higher education institutions.

Troy has extensive experience managing and leading technology security and compliance assessments using a number of different security frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework, NIST Special Publication 800-53, ISO 27002, Cloud Controls Matrix, HIPAA Privacy and Security Rules, Payment Card Industry Data Security Standards (PCI DSS), and the HITRUST Common Security Framework, among others. He has extensive experience managing and leading IT security audits and assessments, social engineering campaigns and penetration testing, PCI DSS audits, HIPAA and HITRUST security and privacy assessments, disaster recovery planning, alternatives analysis, network design and implementation, IT co-sourcing, and SOC audits. In addition, Troy frequently leverages his security expertise to help clients determine areas of potential security weakness and infrastructure needs.

Selected Publications

  • "What You Need to Know About Cybersecurity before Starting Due Diligence" (Moss Adams Insight, May 2018)
  • "Safeguard Sensitive Patient Data with HITRUST CSF Controls" (Puget Sound Business Journal, May 2018)
  • "So you think you’re HIPAA compliant…is that enough in the event of a data breach?" (Moss Adams Insight, May 2018)
  • "SOC for Cybersecurity: How to Check the State of Your Cyber Risk Program and Build Stakeholder Confidence" (Moss Adams Insight, January 2018)
  • "How to Improve Cybersecurity and Protect Your Organization" (Moss Adams Insight, October 2017)
  • "Preparing for Compliance with the General Data Protection Regulation" (Moss Adams Insight, October 2017)
  • "Protect Patient Data by Executing Best Practices and Controls with the HITRUST CSF" (Moss Adams Insight, July 2017)
  • "Stay Ahead of Cybersecurity Breaches and Off the Media’s Radar" (Moss Adams Insights, June 2015)

Selected Speaking Engagements

  • Emerging Cyber Threats to Casinos
    (National Indian Gaming Conference, April 2018)
  • GDPR Disruption: Are You Prepared for the Impact and Changes?
    (Dallas Chapter Technology CFO Series, April 2018)
  • Internal Controls: Top Reasons Your Tribe Got Hacked
    (Native American Finance Officers Association Conference, April 2018)
  • Cybersecurity Best Practices Using the NIST Framework
    (Western Telecommunications Alliance Spring Conference, March 2018)
  • SOC for Cybersecurity: Check Your Threat Management Program
    (Moss Adams Webcast, January 2018)
  • Understanding the EU’s General Data Protection Regulation
    (Moss Adams Webcast, December 2017)
  • IT You Can Use: Third-Party Cloud Risks
    (Moss Adams Webcast, June 2017)
  • Protecting Health Care IT: Understanding the Benefits of HITRUST Certification
    (Moss Adams Webcast, April 2017)
  • Who Has the Keys to Your Castle? Protecting Customer Data
    (CNIGA 22nd Annual Western Indian Gaming Conference, February 2017)
  • Cybersecurity Panel
    (Western Telecommunications Alliance Fall Meeting, September 2016)
  • Cybersecurity Panel: Insurance and Legal Ramifications of Poor Cyber Hygiene
    (Western Telecommunications Alliance Fall Meeting, September 2016)
  • Casino Cyber Risks
    (Moss Adams CFO Roundtable, September 2016)
  • Creating a Data-Centric Business Continuity and Disaster Recovery Plan
    (NTCA Finance & Accounting Conference, August 2016)
  • Cybersecurity: It's Not Just About IT
    (Institute of Internal Auditors Gaming and Hospitality Conference, April 2016)
  • NIST Cyber Security Framework Panel
    (Western Telecommunications Alliance Spring Meeting, April 2016)
  • IT for Regulators Panel
    (Western Indian Gaming Conference, February 2016)
  • Proactive Steps to Secure Credit Card Data
    (Moss Adams Webcast, October 2015)
  • Protecting Patron Data
    (Indian Gaming Conference, April 2015)

Professional Affiliations

  • Member, Cloud Security Alliance
  • Member, Health Information Trust Alliance
  • Member, Information Systems Audit and Control Association
  • Member, International Information Systems Security Certification Consortium
  • Member, Payment Card Industry Security Standards Council