Troy Hawes
Senior Director


Troy has been providing IT consulting services since 2001. Troy serves clients in a variety of industries including communications and media, utilities and critical infrastructure, health care, and higher education. He is adept at working with the specialty IT compliance and security needs of SEC registrants, private businesses, government and tribal entities.

Troy has extensive experience managing and leading technology security and compliance assessments using a number of different security frameworks including NIST Cybersecurity Framework, NIST Special Publication 800-53, ISO 27002, Cloud Controls Matrix, HIPAA Privacy and Security Rules, Payment Card Industry Data Security Standards (PCI DSS), and others.

He also has deep experience managing and leading IT security audits and assessments, social engineering campaigns and penetration testing, PCI DSS audits, HIPAA security and privacy assessments, disaster recovery planning, alternatives analysis, network design and implementation, IT co-sourcing, and SOC audits. He frequently leverages his security expertise to determine areas of potential security weakness and infrastructure needs.

Troy is a frequent speaker and highly published thought leader on IT compliance and cybersecurity topics.

Selected Publications

  • "Why Existing Compliance Programs Won’t Always Protect You from IT Risk" (Moss Adams Insight, October 2020)
  • "Telehealth Cybersecurity Risks During COVID-19” " (Moss Adams Insight, April 2020)
  • "Prepare for Emergencies with Business Continuity and Disaster Recovery Plans" (Moss Adams Insight, December 2019)
  • "How to Identify Common Cybersecurity Threats and Protect Your Organization" (Moss Adams Insight, November 2019)
  • "Five Tips to Protect Your Company from Data Breaches - Healthcare" (Moss Adams Insight, June 2019)
  • "Stay Ahead of Cybersecurity Breaches and Off the Media’s Radar" (Moss Adams Insight, August 2018)
  • "Protect Your Company from Cyberthreats with Information Security Governance" (Moss Adams Insight, June 2018)
  • "What You Need to Know About Cybersecurity Before Starting Due Diligence" (Moss Adams Insight, May 2018)
  • "Safeguard Sensitive Patient Data with HITRUST CSF Controls" (Puget Sound Business Journal, May 2018)
  • "So you think you’re HIPAA compliant…is that enough in the event of a data breach?" (Moss Adams Insight, May 2018)
  • "SOC for Cybersecurity: How to Check the State of Your Cyber Risk Program and Build Stakeholder Confidence" (Moss Adams Insight, January 2018)
  • "How to Improve Cybersecurity and Protect Your Organization" (Moss Adams Insight, October 2017)
  • "Preparing for Compliance with the General Data Protection Regulation" (Moss Adams Insight, October 2017)

Selected Speaking Engagements

  • Why IT Compliance Isn’t Enough to Keep Your Organization Safe
    (Moss Adams Webcast, October 2020)
  • Cybersecurity for CFOs
    (Moss Adams Webcast, October 2020)
  • Disaster Planning: Five Steps to Protect Your Operations
    (Moss Adams Webcast, November 2019)
  • Preventing Cyber Attacks: How to Deter Top-Trending Threats
    (Moss Adams Webcast, May 2019)
  • Current State of Cybersecurity
    (Annual Business Owners & Accounting Professionals, Bellingham, November 2018)
  • Are You Ready to Deal with a Cyberattack?
    (Oregon Government Finance Officers Association (OGFOA) 2018 Fall Conference, October 2018)
  • All You Need to Know about Cybersecurity
    (International Association of Independent Accounting North America Conference, August 2018)
  • Are You Ready for GDPR?
    (International Association of Independent Accounting North America Conference, August 2018)
  • Integrating Cyber Security and Business Continuity to Ensure Continued Operations
    (NTCA 2018 Finance & Accounting Conference, August 2018)
  • Emerging Cyber Threats to Casinos
    (National Indian Gaming Conference, April 2018)
  • GDPR Disruption: Are You Prepared for the Impact and Changes?
    (Dallas Chapter Technology CFO Series, April 2018)
  • Internal Controls: Top Reasons Your Tribe Got Hacked
    (Native American Finance Officers Association Conference, April 2018)
  • Cybersecurity Best Practices Using the NIST Framework
    (Western Telecommunications Alliance Spring Conference, March 2018)
  • SOC for Cybersecurity: Check Your Threat Management Program
    (Moss Adams Webcast, January 2018)
  • Understanding the EU’s General Data Protection Regulation
    (Moss Adams Webcast, December 2017)

Professional Affiliations

  • Member, Cloud Security Alliance
  • Member, Health Information Trust Alliance
  • Member, Information Systems Audit and Control Association
  • Member, International Information Systems Security Certification Consortium
  • Member, Payment Card Industry Security Standards Council