The team behind 2PSECURE

Specialists in cryptographic security for the financial sector.

We are not a generalist consulting firm that learned about payments along the way. We come from the sector — from implementing and operating the systems that protect financial-institution transactions across LatAm.

A specialist firm. Not a generalist provider learning on the job with your budget.

2PSECURE solves cryptographic security problems in the payments ecosystem for financial institutions in Peru, LatAm and Europe. We only accept engagements where we can commit to a verifiable outcome — and we turn down those that don't fit, even when it means not billing that quarter.

Why clients hire us

Three reasons, in order of frequency

1. To close a finding

An audit flagged something cryptographic: keys, ceremonies, PIN handling, or PKI. And there's a deadline. The conversation starts with a date already on the calendar.

2. To unblock a launch

A new card, a new channel, an integration with an acquirer that demands technical requirements your team doesn't yet master. The project is approved but stuck in the cryptographic layer.

3. To leave the team able to operate

The previous generation retired or rotated, and no one wrote the procedures down. The organization wants to regain control over something that today works "because it works," without anyone knowing why.

Leadership

Who's in your next meeting

2PSECURE engagements are run by our core leadership. The relationship with your institution is not delegated to junior profiles once the contract is signed. What you see in the first conversation is what operates the project.

Mario Egoavil

Director of Technical Cybersecurity

CISA · CISM · ISO 27001 Lead Auditor · PMP

Over 15 years in cybersecurity across IT and OT environments. Specialist in PCI DSS controls implementation, cryptographic management for payment systems, EMV technology evaluation and rollout, and security maturity assessments for financial institutions. Experience in international regulatory frameworks including NIS2 and ISO 27001 applied to critical infrastructure and industrial environments in Europe and LatAm.

Silvio Ríos

General Manager — CEO

Administrator URP · MBA UPC + UPC Catalonia · Master in Marketing EOI Spain

Administrator from URP, holds an MBA from UPC and the Universitat Politècnica de Catalunya, plus a Master's in Marketing Management and Commercial Strategy from EOI Spain. Over 15 years of experience in the payments and telecommunications industry.

Luis Urbina

Director of Operations

Industrial Eng. U. Lima · MSc Operations & Logistics UPC · Master UPC Catalonia

Industrial Engineer from Universidad de Lima, with a Master's in Operations and Logistics Management from UPC and a Master's degree from the Universitat Politècnica de Catalunya. Strong experience in productive operations of goods and services for payments in the financial and telecommunications sectors.

Angélica Vela

Head of Administration

Business Administrator

Business Administrator with over 14 years of experience in the technology and financial sectors, specialized in payments, financial cards and commercial management. Has led business-development and strengthening initiatives, driving sales, optimizing processes and managing strategic client relationships. Solid experience in public-sector tenders and contracting, as well as in coordinating commercial teams focused on hitting goals. Her background in sales, customer service, talent management and process improvement complements a strategic vision focused on results.

Direct experience in regulatory frameworks across Peru, LatAm and Europe — including NIS2, ISO 27001 and the main international standards applied to the financial sector and critical infrastructure. No subcontracting, no intermediaries.

How we work with your people

Four convictions visible in every project

No overselling

If your case doesn't fit what we do, we say so in the first meeting and suggest who to contact. There's no way 2PSECURE wins by projecting capabilities we don't have.

Continuous transfer

Knowledge is transferred during execution. Your operators run ceremonies under our supervision; your developers write code against real environments. By the time we close, they've already done it themselves several times.

Dual documentation

Every delivery includes two manuals: one for whoever operates the platform and another for whoever consumes it from applications. Written in plain language, with examples, with no assumption the reader was in the project.

Vendor independence

Platform decisions are justified by fit with your case, not commission. We've operated the five leading platforms in the sector. If your institution already chose one, we work on that one.

What we don't do

Saying it upfront avoids long conversations with predictable endings

  • General IT consulting: cloud, infrastructure unrelated to payment security, service desks.
  • Application development outside cryptographic security.
  • Hardware or software reselling without a professional-services component.
  • Independent formal audits: we're part of the working team, not external auditors.