Who we are

A cybersecurity firm built for Puerto Rico's regulated businesses

We started SecTYCS because regulated SMBs in Puerto Rico were underserved — caught between enterprise security firms that were too expensive and IT vendors that lacked the compliance expertise the regulations actually require.

Why we exist

Healthcare providers, CPA firms, financial institutions, and retailers across Puerto Rico operate under real federal regulations — HIPAA, the FTC Safeguards Rule, GLBA, PCI-DSS. Those regulations require documented security programs, not just good intentions or a firewall from an IT vendor.

When your cyber insurance carrier adds 40 new questions to your renewal, or your examiner asks for a risk analysis document, or a client asks for your information security policy — you need someone who understands both the technical controls and the regulatory framework they have to satisfy.

That's the gap we fill. We're not a managed IT provider. We're not a compliance checkbox service. We do the work that gets your security posture to a place you can actually defend — in front of an auditor, a carrier, or a board.

The team

SecTYCS is led by two founders with complementary expertise — one on the compliance and training side, one on the technical and operations side.

Yarelis Lozada

Co-founder & CEO

CISM, CDPSE, ITIL, MCP — ISACA Authorized Trainer

Yarelis leads all client engagements, security program design, and regulatory compliance work. As an ISACA Authorized Trainer, she has trained security professionals across Puerto Rico in CISM and CRISC frameworks. She brings practitioner-level expertise in HIPAA, FTC Safeguards, PCI-DSS, and GLBA — and the credentials auditors recognize.

Teddy Quiñones

Co-founder & CTO

20+ years across help desk, sysadmin, security analysis, and IT security supervision

Teddy leads technical architecture, infrastructure assessment, and IT security operations. His career spans the full stack of IT — from help desk and systems administration to security analysis and supervisory roles. He translates what the regulation requires into what the technology actually needs to do, and makes sure both sides align.

Photos coming soon.

Credentials and affiliations

CISM

Certified Information Security Manager — ISACA's management-level security credential, recognized by auditors and regulators across financial, healthcare, and government sectors.

CDPSE

Certified Data Privacy Solutions Engineer — ISACA credential focused on privacy by design and data protection controls, directly applicable to HIPAA and FTC Safeguards compliance.

ISACA Authorized Trainer

Authorization to deliver official ISACA training in CISM and CRISC frameworks. One of a limited number of authorized trainers operating in Puerto Rico.

ITIL

IT Infrastructure Library certification — foundational framework for aligning IT service management with business requirements and regulatory obligations.

How we work

Remote-first, on-site when needed

Most assessment and advisory work is conducted remotely. When on-site access is required — for physical controls review, network equipment inspection, or sensitive documentation — we come to you. We serve clients across Puerto Rico from Aguadilla to Humacao.

Fixed scope, no retainer traps

Every engagement starts with a written scope and a fixed price. We don't sign clients to open-ended retainers without defined deliverables. Monthly maintenance engagements are priced and scoped before they start, and renewed annually by mutual agreement.

Deliverables you can actually use

Every report, policy, and analysis we produce is written for its intended audience — business owners, insurance underwriters, and regulators. Not internal security documents full of jargon that sits in a folder and does nothing.

Want to know if we're the right fit?

Start with a consultation. No proposal, no pitch — just a conversation about your business and what compliance actually requires for your sector.

Schedule your security consultation