Juan M. Vasquez - Director of Information Security & Audit Services

Juan M. Vasquez, CISM, CISA

Director of InfoSec & Audit Services

Juan has over ten years of experience in Information Security, Cybersecurity, Information Technology (IT), Operational Technology (OT), IT Audit, and IT Risk & Controls. As the Director of Information Security & Audit Services, Juan is responsible for overseeing Technology Risk & Controls for Quandary Peak Research and various clients in the Financial, Pharmaceutical, Manufacturing, Healthcare, and Insurance industry. Along with his corporate experience, Juan has served 16 years in the military. He serves as an IT Operations Manager and Exercise Planner in the United States Marine Corps Reserve.

Juan effectively combines technical and business acumen to coordinate system reviews and risk assessments with security, development, and operations teams. He is a collaborative and hands-on leader with excellent communication and interpersonal skills to build rapport with key stakeholders to deliver service excellence and ensure optimal security with operational efficiency and regulatory compliance. Juan has experience with the planning, coordinating, and executing security, privacy, Audit, regulator, and compliance advisory engagements. He has a wealth of knowledge and experience in the private sector focusing on Fintech, Digital Health, Medical Device Technology, Biotech, and the government sector focusing on the Food and Drug Administration (FDA) and the Department of Defense (DoD), and the military.

Juan holds multiple degrees including a Master of Cyber Forensics and Security. A Bachelor of Science in Information Security and Risk Management, Management of Information Systems, and Finance. In addition to his formal education, Juan has completed Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA) certifications.

Summary of Qualifications

  • Holds a Master of Cyber Forensics and Security from Illinois Institute of Technology, and a B.S. in Information Security and Risk Management from Lewis University.
  • Certified Information Security Manager (CISM) – Certification #1839862
  • Certified Information Systems Auditor (CISA) – Certification #17138762
  • Has lead security and audit engagements all over the world in various technologies such as AWS Cloud, Internet of Things (IoT) to include Medical Device software and hardware, and Manufacturing Operational Technology.
  • Has lead technology risk and controls audits on two-way, cloud-based telehealth software connectivity platforms. The scope of the audit included understanding, reviewing, and identifying gaps in the governance strategy, the AWS Cloud Infrastructure Architecture and Design, the Application SDLC and Secure DevOps Controls, the Application Operations and Support model to include Maintenance and Threat Management processes, the review of critical Third Parties, and the review of implemented GDPR Data Privacy controls.
  • Has planned and executed Manufacturing Plant Cyber Risk Assessments with the objective to address the growing concern over the cyber readiness of manufacturing facilities. The scope of the assessments included gaining a full understanding of the plants operational technology (OT) and information technology (IT) environments; and providing the plants with the cybersecurity tools and processes to effectively protect the plant assets and intellectual property.
  • Has lead assessment on Medical Device Cybersecurity Programs with the responsibility to identify and remediate gaps. The scope of the assessment included understanding and remediating assessment observations in the control’s framework, governance processes, architecture and design methods, control portfolio, threat management activities, maintenance processes, coordinated response plans, third party risk management, and training and awareness.
  • Over ten years of experience supporting multiple government and civilian agencies in the development, testing, and implementation of military defense software.
  • Over 16 years of IT C4I Systems experience, including managing C2 Systems in the fields of Operations, Emplacement, Networking, and Troubleshooting.

Areas of Expertise

  • Information Security and Privacy Regulations

    Including GDPR, CCPA, HIPAA, HITRUST, NAIC-MAR, PCI, FIPS, NIST, ISO, SANS 20 CSC, OWASP, COSO, SOX, SOC 2, SOC 1, and COBIT 5.

  • A wealth of knowledge and experience assessing technology risk and implementing controls in the private sector focusing on Fintech, Digital Health, Medical Device Technology, Biotech, and Financial Reporting Systems.
  • Extensive experience assessing technology regulatory and compliance requirements imposed by the government sector focusing on the Office of the Comptroller of the Currency (OCC), the Federal Reserve System (FRS), the Federal Deposit Insurance Corp. (FDIC), the Food and Drug Administration (FDA), the National Association of Insurance Commissioners (NAIC), and the Department of Defense (DoD).

Litigation Experience

  • Cryptocurrency Pre-litigation Investigation


    Case Number: N/A
    Jurisdiction: US District Court of Texas
    Counsel: Todd & Weld LLP
    Retained By: Counsel
    Nature of Suit: Computer Fraud, Wire Fraud
    Services Provided: Code Review, Breach Review, Security Audit Review
    Technology: Algorand Blockchain, Tinyman Smart Contracts

  • Vound Colorado, LLD & Vound Colorado, LLC v. E-Hounds, Inc.


    Case Number: 1:21-CV-00849-UNA
    Jurisdiction: US District Court of Delaware
    Counsel: Marshall Dennehey Warner Coleman & Goggin
    Retained By: E-Hounds
    Nature of Suit: Trademark Infringement & Breach of Contract
    Services Provided: Code Review & Contract Review
    Technology: While-label software, HASP Licensing

Technical Due Diligence

  • ThirdwaveRx


    Startup M&A
    Technologies: .NET, CSHTML, JavaScript, Angular, Typescript, SQL, Azure Cloud
    Technology Focus Areas: Source Code Evaluation, SDLC Assessment, Architecture Assessment, Post-Merger Integration, Data Engineering, Application Performance & Monitoring, OSS License Analysis, and Key Team Member Interviews
    Information Security & Privacy Focus Areas: OSS Vulnerability Analysis, InfoSec & Privacy Program Review, Tech Resiliency Controls, and I&AM Controls

Meet Some of Our Experts

Sam Malek - Software Expert Witness

Sam Malek, PhD

Senior Computer Scientist Los Angeles

Sam Malek is a Professor in the School of Information and Computer Sciences at the University of California at Irvine. Dr. Malek has testified as an expert witness in a variety of software-related legal matters, including patent cases, IPRs…

Litigation Senior Testifying Expert
Brad Ulrich - Software Expert Witness

Brad Ulrich

VP of Health IT & Audits Nashville

Brad Ulrich has a diverse career as a computer scientist, software engineer, technology manager, and entrepreneur. His experience spans software design, programming, patent management, healthcare, mobile devices, startups, technology…

Litigation Senior Testifying Expert
Focus Area Software & Standards
Area of Expertise Health IT & Standards
Jason Frankovitz - Software Engineering Expert

Jason Frankovitz

Director of Software Class Actions Los Angeles

As a developer and CTO, Jason Frankovitz has been in the trenches of technology for 30 years. He has worked as a programmer, software development manager, technical analyst, CTO, and mentor in a wide variety of industries including social…

Litigation Senior Testifying Expert
Area of Expertise Web Applications
George Edwards - Software Expert Witness

George Edwards, PhD

President & Principal Computer Scientist Los Angeles

Dr. George Edwards has more than a decade of experience as a scientist, engineer, and technical consultant to academic research labs, government agencies, and technology companies, and he has served as a software expert in various…

Litigation Senior Testifying Expert
Area of Expertise Mobile Devices & Apps
Shahzad Ahmad

Shahzad Ahmad

Senior Biomedical and Health IT Consultant Chicago

Shahzad Ahmad has a deep background in healthcare IT as a technical project manager and product owner. His 8+ years of experience includes implementation of EHR systems across the nations top healthcare institutions, owning the SDLC of…

Focus Area EHR & Biomedical Product Design
Alicia Morton Farlese - Health IT Regulations Expert and Government Affairs Specialist

Alicia Farlese, DNP, RN-BC

Healthcare Regulations Expert Nashville

Alicia Morton Farlese is a retired Captain serving twenty-six years in the United States Navy Nurse Corps, and was a senior leader in national health IT policy at the US Dept. of Health and Human Services. Dr. Farlese assists clients in…

Focus Area Compliance & Government Affairs