Juan M. Vasquez - Director of Information Security & Audit Services

Juan M. Vasquez, CISM, CISA

Director of Information Security & Audit Services

Juan has over ten years of experience in Information Security, Cybersecurity, Information Technology (IT), Operational Technology (OT), IT Audit, and IT Risk & Controls. As the Director of Information Security & Audit Services, Juan is responsible for overseeing Technology Risk & Controls for Quandary Peak Research and various clients in the Financial, Pharmaceutical, Manufacturing, Healthcare, and Insurance industry. Along with his corporate experience, Juan has served 16 years in the military. He serves as an IT Operations Manager and Exercise Planner in the United States Marine Corps Reserve.

Juan effectively combines technical and business acumen to coordinate system reviews and risk assessments with security, development, and operations teams. He is a collaborative and hands-on leader with excellent communication and interpersonal skills to build rapport with key stakeholders to deliver service excellence and ensure optimal security with operational efficiency and regulatory compliance. Juan has experience with the planning, coordinating, and executing security, privacy, Audit, regulator, and compliance advisory engagements. He has a wealth of knowledge and experience in the private sector focusing on Fintech, Digital Health, Medical Device Technology, Biotech, and the government sector focusing on the Food and Drug Administration (FDA) and the Department of Defense (DoD), and the military.

Juan holds multiple degrees including a Master of Cyber Forensics and Security. A Bachelor of Science in Information Security and Risk Management, Management of Information Systems, and Finance. In addition to his formal education, Juan has completed Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA) certifications.

Summary of Qualifications

  • Holds a Master of Cyber Forensics and Security from Illinois Institute of Technology, and a B.S. in Information Security and Risk Management from Lewis University.
  • Certified Information Security Manager (CISM) – Certification #1839862
  • Certified Information Systems Auditor (CISA) – Certification #17138762
  • Has lead security and audit engagements all over the world in various technologies such as AWS Cloud, Internet of Things (IoT) to include Medical Device software and hardware, and Manufacturing Operational Technology.
  • Has lead technology risk and controls audits on two-way, cloud-based telehealth software connectivity platforms. The scope of the audit included understanding, reviewing, and identifying gaps in the governance strategy, the AWS Cloud Infrastructure Architecture and Design, the Application SDLC and Secure DevOps Controls, the Application Operations and Support model to include Maintenance and Threat Management processes, the review of critical Third Parties, and the review of implemented GDPR Data Privacy controls.
  • Has planned and executed Manufacturing Plant Cyber Risk Assessments with the objective to address the growing concern over the cyber readiness of manufacturing facilities. The scope of the assessments included gaining a full understanding of the plants operational technology (OT) and information technology (IT) environments; and providing the plants with the cybersecurity tools and processes to effectively protect the plant assets and intellectual property.
  • Has lead assessment on Medical Device Cybersecurity Programs with the responsibility to identify and remediate gaps. The scope of the assessment included understanding and remediating assessment observations in the control’s framework, governance processes, architecture and design methods, control portfolio, threat management activities, maintenance processes, coordinated response plans, third party risk management, and training and awareness.
  • Over ten years of experience supporting multiple government and civilian agencies in the development, testing, and implementation of military defense software.
  • Over 16 years of IT C4I Systems experience, including managing C2 Systems in the fields of Operations, Emplacement, Networking, and Troubleshooting.

Areas of Expertise

  • Information Security and Privacy Regulations

    Including GDPR, CCPA, HIPAA, HITRUST, NAIC-MAR, PCI, FIPS, NIST, ISO, SANS 20 CSC, OWASP, COSO, SOX, SOC 2, SOC 1, and COBIT 5.

  • A wealth of knowledge and experience assessing technology risk and implementing controls in the private sector focusing on Fintech, Digital Health, Medical Device Technology, Biotech, and Financial Reporting Systems.
  • Extensive experience assessing technology regulatory and compliance requirements imposed by the government sector focusing on the Office of the Comptroller of the Currency (OCC), the Federal Reserve System (FRS), the Federal Deposit Insurance Corp. (FDIC), the Food and Drug Administration (FDA), the National Association of Insurance Commissioners (NAIC), and the Department of Defense (DoD).

Litigation Experience

  • Vound Colorado, LLD & Vound Colorado, LLC v. E-Hounds, Inc.


    Case Number: 1:21-CV-00849-UNA
    Jurisdiction: US District Court of Delaware
    Counsel: Marshall Dennehey Warner Coleman & Goggin
    Retained By: E-Hounds
    Nature of Suit: Trademark Infringement & Breach of Contract
    Services Provided: Code Review & Contract Review
    Technology: While-label software, HASP Licensing

Meet Some of Our Experts

Shahzad Ahmad

Shahzad Ahmad

Senior Biomedical and Health IT Consultant Nashville

Shahzad Ahmad has a deep background in healthcare IT as a technical project manager and product owner. His 8+ years of experience includes implementation of EHR systems across the nations top healthcare institutions, owning the SDLC of medical devices, as well as bioengineering research of early detection technologies for debilitating diseases.

Focus Area EHR & Biomedical Product Design
Brad Ulrich - Software Expert Witness

Brad Ulrich

VP of Health IT & Audits Nashville

Brad Ulrich has a diverse career as a computer scientist, software engineer, technology manager, and entrepreneur. His experience spans software design, programming, patent management, healthcare, mobile devices, startups, technology licensing, regulatory compliance, and risk management.

Litigation Senior Testifying Expert
Focus Area Software & Standards
Area of Expertise Health IT & Standards
Anna Mathias - Project Coordinator

Anna Mathias

Project Manager, Health IT Nashville

Anna Mathias is a Health IT Project Manager with a focus in organizing, supporting, and contributing to work products related to Electronic Health Record (EHR) software quality, regulatory, and patient safety assessments.

Focus Area Safety & Quality Assessments
Mahdi Eslamimehr - Senior Software Consultant

Mahdi Eslamimehr – PhD, MBA

Senior Computer Scientist Los Angeles

Dr. Mahdi Eslamimehr is an award-winning scientist and a senior tech executive in the software product and service industry. He has years of experience in leading tech companies around the world, including Ericsson R&D Center, Samsung Electronics R&D Labs, SAP Research Lab, Y Combinator Research, and Clarity Global.

Litigation Testifying and Consulting Expert
Area of Expertise Program Analysis
Ajit Dhavle

Ajit Dhavle, Pharm.D, MBA

VP of Health IT, Audits & Life Sciences Nashville

Ajit Dhavle is a healthcare technologist, clinician, entrepreneur and a problem solver with 15+ years of experience in digital health, quality, e-medications, Health IT standards, and patient safety.

Focus Area Health IT & Life Sciences
Ray Chiang

Ray Chiang

Software Consultant and Code Analyst Los Angeles

Ray Chiang is a software engineering expert involved in technologies related to system engineering, digital media, embedded system, consumer electronics, industry-standard development, and various areas.

Litigation Consulting Expert
Focus Area Software Quality & Source Code