This division of labor dramatically lowers the barrier to entry for cybercriminals. Attackers no longer need deep technical expertise to carry out an operation. Many tools and services can now be purchased directly from underground marketplaces. As a result, cybercrime has become more opportunistic, more scalable, and more accessible than it was even a few years ago.

However, defenders also have access to AI driven capabilities. Security teams already collect enormous amounts of telemetry through logs, network monitoring, and endpoint detection tools. AI systems can analyze this data to detect anomalies, identify emerging threats, and automate parts of the defensive workflow. Over time, this access to large datasets may give defenders a strategic advantage.

The conversation also explores how cybersecurity challenges differ between traditional IT environments and operational technology environments. Industrial systems often prioritize operational availability and safety above all else. Many devices run for decades and cannot easily be patched or modified. This creates a different security model where monitoring, segmentation, and deception technologies play a more important role than frequent system updates.

Haon’s work focuses on automated AI red teaming. Instead of relying only on human testers, AI driven attacker agents can simulate thousands of potential attacks against an AI model or service. This allows organizations to identify vulnerabilities earlier and test whether guardrails and policies are functioning correctly.

One of the most significant emerging risks involves physical AI systems. Autonomous vehicles, drones, and robotics rely on multimodal inputs such as images, audio, and sensor data to interpret their environment. If attackers manipulate these inputs, they may influence how the system behaves. As AI systems move from digital environments into the physical world, the consequences of security failures could extend beyond data breaches and into real world harm.

Across both conversations, a consistent theme emerges. The cybersecurity landscape is expanding in both scale and complexity. Attackers are accelerating their operations through automation and specialization, while defenders must also learn how to secure the new technologies they are building. Organizations that fail to address AI related risks early may discover vulnerabilities that traditional security frameworks were never designed to handle.

Cybercrime has evolved from isolated attackers into a structured ecosystem. Initial access brokers focus on gaining entry into networks and selling that access. Ransomware developers create tools and services. Other groups handle negotiations and payment collection. Individuals no longer need to build tools or conduct complex research themselves. They can purchase the components they need and focus only on one stage of the attack chain. As a result, cybercrime has become more scalable and more opportunistic.

Key Question: If cybercrime now operates like a supply chain, are organizations preparing for attacks that can be launched faster and at greater scale?

Artificial intelligence allows attackers to automate tasks that previously required time and expertise. The result is not necessarily more sophisticated attacks, but faster ones. AI enables threat actors to iterate quickly and scale their operations. This speed advantage allows attackers to experiment and adapt before defenders have time to respond.

Key Question: If attackers can move faster with AI, how quickly can your security teams detect and respond?

While AI gives attackers speed, defenders may hold the long term advantage because of data. Security operations centers collect vast volumes of telemetry from networks, endpoints, and infrastructure. This data provides the foundation for AI driven detection and analysis. When AI systems analyze behavioral patterns across these datasets, they can identify anomalies and emerging threats earlier than manual processes. Over time, this combination of large scale telemetry and AI driven analysis may strengthen defensive capabilities.

Key Question: Are organizations using the data they collect to strengthen detection, or simply storing it without extracting insight?

Industrial and operational technology environments operate under different priorities than traditional IT systems. Many devices run for decades and cannot be patched frequently. Because of this, security teams must rely on monitoring, segmentation, and deception techniques rather than constant updates. Security practices that work in IT environments often require significant adaptation in OT systems.

Key Question: Are security strategies designed specifically for operational technology environments, or are IT security practices being applied without adjustment?

As enterprises deploy AI systems across their operations, these systems introduce new attack surfaces. AI models may have access to internal company data, business processes, and automated workflows. If attackers manipulate inputs or exploit vulnerabilities, they may influence how these systems behave. AI systems can affect business decisions, automate internal processes, and interact with users. Without proper guardrails and testing, vulnerabilities in these systems may lead to operational or reputational damage.

Key Question: How are organizations validating the security of AI systems before deploying them at scale?

The next phase of AI deployment will involve physical systems such as autonomous vehicles, drones, and robotics. These systems rely on multimodal inputs such as visual data, audio signals, and sensor information to interpret their environment. If attackers manipulate these inputs, they may influence how the system behaves. Unlike traditional cybersecurity incidents, failures in physical AI systems could result in real world harm. As AI becomes embedded in physical infrastructure, cybersecurity risks may extend beyond digital environments.

Key Question: Are organizations preparing for security risks that affect both digital systems and the physical world?

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

He explains why encryption in transit was prioritized, why signing remains harder than key exchange, and how Store Now, Decrypt Later risk justified early action.

The discussion moves beyond theory into operational friction: cache misses triggered by heap allocation behavior, lifecycle blind spots revealed by inventory tools, and the difficulty of prioritizing thousands of signing keys without ownership context.

Stefan’s core message is simple but powerful: PQC is not a one-time upgrade. It is an opportunity to fix key management. Organizations that treat migration as an agility exercise rather than an algorithm swap, will be the ones able to adapt when standards evolve again.

What You’ll Learn

About Stefan Kölbl

Stefan Kölbl is an Information Security Engineer at Google, where he has been deeply involved in the company’s internal post-quantum cryptography rollout. His work spans early hybrid deployments, encryption-in-transit migration, key lifecycle management, and performance validation at hyperscale.

Stefan brings an operator-level perspective to quantum-safe migration, focusing on crypto agility, secure-by-default developer frameworks, and scalable key management architecture. His experience includes navigating PQC implementation prior to final NIST standardization and addressing real-world constraints such as signing lifecycles, hardware-bound keys, and system-level performance interactions.

Stefan reframes the PQC conversation. Updating code can be abstracted. Libraries and APIs can shield most developers from algorithm changes. The real operational challenge lies in key material. If you cannot rotate keys cleanly, you cannot switch algorithms cleanly.

Poor key management surfaces quickly under PQC pressure. Migration becomes difficult not because the math is hard, but because lifecycle ownership was unclear. Crypto agility, in practice, means being able to rotate without disruption.

Key Question: If you needed to rotate every key today, how much friction would you encounter?

Stefan emphasizes that PQC should not be framed as a one-off cryptographic event. It is a forcing function. Organizations already thinking about PQC have an opportunity to improve rotation practices, lifecycle tracking, and resilience more broadly. If you use this moment to institutionalize automated, reliable key rotation, you strengthen your posture against future threats beyond quantum.

Key Question: Are you treating PQC as a compliance task or a resilience upgrade?

For Google, “Store Now, Decrypt Later” is not a theoretical concern. The possibility that encrypted traffic captured today could be decrypted in the future helped justify early hybrid deployments, even before final NIST standards were published. Prior Chrome experiments provided the confidence to move forward, while hybrid designs ensured that introducing post-quantum mechanisms would not weaken existing security protections.

Key Question: If encrypted traffic were harvested today, how confident are you in its long-term confidentiality?

Encryption in transit is comparatively easier to migrate because protocols like TLS 1.3 already support cryptographic agility, allowing new key exchange mechanisms to be introduced without major system redesign. Signing infrastructure, however, is far more rigid. Firmware signatures, hardware roots of trust, and long-lived devices often rely on keys that are embedded in hardware or tied to decade-long lifecycles. In many cases, these keys cannot be rotated easily and the devices cannot be upgraded after deployment, which makes signing systems the long-tail risk in post-quantum migration.

Key Question: Which of your signatures are tied to hardware or decade-long lifecycles?

Dashboards provide visibility, but visibility alone does not create prioritization. A list of RSA or ECC signing keys tells you nothing about ownership, business criticality, rotation feasibility, or lifecycle exposure. Without context, inventory becomes paralysis. True progress requires integrating lifecycle intelligence, ownership mapping, and automation.

Key Question: Does your crypto inventory tell you what to fix first - or just how much you have?

Benchmarking does not always capture how systems behave in real-world environments. In one rollout, a PQC implementation caused unexpected cache misses because of how it allocated heap memory. The algorithm itself was fast, but its memory patterns disrupted system performance. This was not a cryptographic failure; it was a systems interaction issue. At scale, migrations often surface these kinds of edge cases that are difficult to anticipate during initial testing.

Key Question: Do you have regression testing capable of catching subtle systemic performance impacts?

Episode Resources

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn

Darren Bender is a US litigation attorney with a dual background in law and IT automation. He serves as Managing Attorney at Zwicker & Associates and is Co-Founder and Chief Litigation Officer in the post-quantum cryptography sector for a newly formed UK advisory firm, ProtecQC. Before practicing litigation, Darren spent nearly a decade as a business systems analyst at First American, where he designed and automated complex, high-volume, data-sensitive workflows across national production systems. His work today sits at the intersection of law, governance, and cryptographic risk, with a focus on how emerging technical threats translate into real legal exposure.

Darren’s point is not that new laws suddenly create responsibility. It’s that responsibility shows up once a risk is widely known. In the US, courts do not wait for regulators to spell everything out. They look at whether a reasonable organization should have known about a risk and whether it had the ability to act. With public guidance, global coordination, and expert consensus now in the open, post-quantum risk is no longer obscure. Choosing to wait is still a choice, and courts will ask why that choice made sense at the time.

Key Question: If harm surfaces years from now, can you show why inaction was reasonable then?

Quantum risk does not look like a normal breach. There may be no alarm, no visible damage, and no clear moment of failure. Data can be copied quietly today and only become dangerous years later when it is decrypted. Darren explains that this stretches negligence across time. Courts may not focus on when harm finally appeared, but on earlier moments when data was taken and no action followed. Each year of delay becomes part of the story.

Key Question: If a court looks back year by year, what would your decisions show?

Darren stresses that foreseeability does not mean knowing exactly when quantum breaks encryption. It means having credible signals that risk is coming. Courts already rely on expert forecasts and probability in many cases. Public quantum threat timelines and expert surveys fall squarely into that category. They are not fringe opinions. From a legal view, this turns quantum risk from speculation into something measurable. Ignoring that evidence does not create flexibility. It creates exposure.

Key Question: Are you treating expert forecasts as real input, or hoping uncertainty protects you?

Darren uses the Learned Hand test to explain when delay stops being defensible. The idea is simple. If the cost of fixing a problem is lower than the damage likely to come from ignoring it, doing nothing no longer looks reasonable. For PQC, that comparison depends on what data you hold, how long it stays valuable, and how hard it is to migrate. Once expected harm outweighs migration cost, waiting stops looking like judgment and starts looking like neglect.

Key Question: If someone did the math today, would waiting still make sense?

Financial services sits right at the edge. Data sticks around long enough to be valuable to attackers, but not so long that action today is pointless. Losses are measurable. Regulators pay attention. Most importantly, starting now can still prevent real harm. Darren contrasts this with healthcare, where records last decades and prevention may already be too late. Where harm could still have been avoided, courts are far less forgiving of delay.

Key Question: If Q-day arrives on schedule, will delay be your weakest point?

Darren warns that claiming quantum readiness without doing the work is worse than staying quiet. Public claims create expectations, and expectations create liability. From there, risk spreads across vendors, cloud providers, and integrators. When something fails, plaintiffs follow the money under joint and several liability. Courts won’t expect perfection. They will expect proof you took the issue seriously. That means inventories, real risk analysis, board awareness, documented decisions, and regular follow-ups. This is legal hygiene, not panic.

Key Question: If everything was laid out in court, would your records help you or hurt you?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn

Jan Schaumann is Chief Information Security Architect at Akamai Technologies, where he guides cryptographic strategy, infrastructure security, and safe-change practices across one of the internet’s most critical platforms. He previously served as Principal Architect at Akamai and has held senior security roles at companies including Yahoo, Twitter, and Etsy. Jan is also an Adjunct Professor of Computer Science at Stevens Institute of Technology, where he has taught graduate-level systems and Unix programming since 2001. He is a long-time developer with the NetBSD Foundation and describes himself, accurately, as an actual human on the internet who refuses to grow up.

Jan pushes back on the idea that post-quantum cryptography requires quantum expertise or radical architectural change. In practice, he explains, PQC shows up as new key exchange mechanisms and ciphers layered into systems teams already operate. He points out that migrations like TLS 1.2 to TLS 1.3 were far more disruptive than enabling post-quantum key exchange inside TLS 1.3. The “quantum” label can help unlock executive attention, but it also intimidates engineers and customers who assume the work is experimental or fragile. Jan’s advice is to strip away the mystique early, frame PQC as disciplined crypto upgrade work, and focus teams on execution rather than theory.

Key Question: Are teams slowing themselves down by treating PQC as exotic instead of operational?

Jan is clear that PQC adoption stalls long before post-quantum algorithms become the issue. TLS-based PQC requires TLS 1.3, and many organizations are still running TLS 1.2 deep in their environments. While Akamai’s edge has supported TLS 1.3 for years, origin systems often lag. Jan describes why. Customers rely on legacy stacks, external vendors, embedded clients, and IoT devices that were never designed for frequent updates. In regulated industries, upgrade fear compounds the delay. Teams assume PQC is a simple cipher switch, then discover they must modernize entire origin environments first.

Key Question: Do you have full visibility into where TLS 1.2 still runs and why it has not moved?

Rather than treating PQC as a single migration, Jan explains how Akamai split the work into three distinct paths: client-to-edge, edge-to-origin, and internal traffic. Each path carries a different threat model, upgrade cost, and urgency. Client-to-edge protects the largest volume of traffic and addresses harvest-now-decrypt-later risks. Edge-to-origin depends heavily on customer readiness. Internal traffic faces a different attacker model altogether. By separating these paths, Akamai avoided all-or-nothing decisions and made progress measurable. This framing also helped customers understand where PQC delivered immediate value versus where it required longer-term planning.

Key Question: Are you prioritizing PQC by actual risk paths or treating everything as equally urgent?

Jan describes why Akamai chose opt-in deployment instead of flipping PQC on globally. Many customers operate in financial, healthcare, and government environments where untested change carries serious consequences. Akamai’s rollout relied on staged percentages, canary networks, and gradual expansion to validate behavior before wider exposure. While this pace can feel frustrating to engineers eager to ship, Jan notes it avoided outages and preserved customer trust. Moving slower also allowed Akamai to adapt as standards evolved, rather than locking in early assumptions. For Jan, resilience and safe change matter more than being first.

Key Question: Does your deployment model reward caution and validation or speed at any cost?

Jan explains how tracking standards activity closely prevented significant rework. Akamai began preparing for Kyber before NIST finalized selections, then watched the industry pivot quickly to standardized ML-KEM. Because the rollout was staged, Akamai avoided shipping Kyber only to replace it weeks later. Jan also discusses FIPS considerations and how early uncertainty around hybrid compliance nearly forced support for multiple key exchanges. When NIST clarified that hybrid ML-KEM with classical exchange met FIPS requirements, entire branches of planned work became unnecessary. Waiting just long enough reduced complexity without delaying progress.

Key Question: Are you building flexibility so standards changes remove work instead of creating it?

Jan closes with a broader lesson. PQC is not the last cryptographic transition organizations will face. Whether the trigger is quantum, regulation, or vulnerability discovery, change will come again. Teams that treat PQC as a one-off compliance task miss the opportunity. Jan urges organizations to invest in inventory, visibility, and repeatable upgrade processes so future transitions hurt less. Knowing where cryptography lives, how it is negotiated, and how to replace it safely becomes the real security win. PQC simply exposes whether those foundations already exist.

Key Question: Will this migration leave you better prepared for the next cryptographic shift?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Bill Buchanan explains how lattice-based cryptography enables new capabilities such as fully homomorphic encryption, where data remains encrypted even while being processed. This matters in modern environments shaped by cloud platforms, edge computing, and machine learning, where sensitive data is frequently exposed during computation.

Mamta Gupta highlights the growing mismatch between long hardware lifecycles and rapidly changing cryptographic requirements. Devices expected to remain in the field for a decade must soon meet post-quantum mandates, even as standards and certification frameworks continue to evolve. Locking in rigid choices today creates future risk.

Jeremy B focuses on the skills gap. Post-quantum migration requires experienced practitioners, structured discovery, and repeatable methods. Until those capabilities become widespread, organizations must treat PQC work as specialized and plan accordingly.

Adrian Neal delivers a warning about failure modes. New algorithms will not tolerate weak governance or poor implementation. The most dangerous outcome is silent failure, where systems appear secure but provide little real protection.

Yolanda Reid reframes the issue for leadership. This is not another Y2K-style event. Cryptography will continue changing for the lifetime of modern systems. Executives must understand the risk to their most valuable assets and support long-term operating models, not short-term fixes.

Bruno Couillard closes by challenging decades of assumptions. For thirty years, digital systems were built on the belief that cryptography should never change. That belief no longer holds. Security now depends on knowing what cryptography is used where, maintaining it continuously, and building teams capable of adapting as standards and threats evolve.

What You’ll Learn

Bruno Couillard opens with something that sounds obvious, but often gets ignored. There is no cybersecurity without cryptography. Everything else sits on top of it. When teams treat cryptography as background plumbing, they stop paying attention to where trust really comes from. Post-quantum work starts with knowing where cryptography shows up in your systems, why it was chosen, and what assumptions it depends on. If you don’t have that picture, every other security decision is built on guesswork.

Bill Buchanan points out a problem we’ve quietly accepted for years. We encrypt data when it’s stored and when it moves, but the moment we actually use it, we expose it. In cloud systems, analytics, and machine learning, that exposure happens all the time. Lattice-based cryptography changes what’s possible here. It allows data to stay encrypted even while being processed. That opens the door to systems that are private by design, not just protected at the edges.

Mamta Gupta explains why timing is such a headache. Devices are built to last five, ten, sometimes fifteen years. Meanwhile, threats, regulations, and algorithms change every few months. If you wait too long, you end up with systems that can’t be upgraded in time. If you lock things down too early, you risk betting on choices that won’t age well. The hard part is planning for both at once.

Jeremy B brings the focus to execution. PQC migration starts with discovery, not replacement. Most organizations do not know where cryptography lives until they actively map certificates, keys, protocols, vendors, and dependencies. Assurance schemes and consultants help add structure and confidence, especially early on, but they do not remove ownership. Someone inside the organization still needs to understand what exists today and what can change safely.

Adrian Neal explains why post-quantum algorithms raise the stakes. Older schemes often failed loudly. New ones do not. Weak governance or poor implementation can result in encryption that appears to work but provides little real protection. Discovery often exposes unknown certificates, unmanaged keys, and policy drift. In a PQC world, those gaps matter more than ever. Algorithm strength means nothing without disciplined implementation.

Yolanda Reid pulls the conversation out of IT and into the executive room. Post-quantum cryptography is not a one-time upgrade you fund, complete, and move past. Cryptography will keep changing for as long as digital systems exist. That puts core assets at stake, communications, financial systems, identity, and trust. Leaders need to understand that risk and back operating models built for continuous change, not short-term fixes.

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn

Sofia Celi is a Senior Cryptography and Security Researcher at Brave, where she focuses on practical deployment of privacy-preserving and post-quantum cryptography. Her work spans Private Information Retrieval (PIR), zero-knowledge proof integration, TLS attestation, and the real-world application of advanced cryptography beyond blockchain. She is a co-author of MAYO, a multivariate post-quantum signature scheme submitted to NIST’s second signature call, and has led efforts to bring privacy technologies such as PIR into production environments.

Sofia serves as WG/RG Chair and Ombudsperson at the IETF, where she co-chairs a working group shaping global post-quantum protocol standards. She is an IACR ePrint co-editor, a reviewer for BlackHat, a member of the Open Technology Fund Advisory Council, and previously worked as a Cryptography and Security Researcher at Cloudflare. Her career sits at the intersection of research, protocol design, and applied security, advancing cryptography from theory into widely deployed systems.

Sofia starts by drawing a line that many teams still blur: the confidentiality layer is already post-quantum, but authentication is not. At this point in the ecosystem, TLS confidentiality is protected through deployed hybrid post-quantum KEMs across major browsers and cloud providers. The motivation is clear: harvest-now-decrypt-later is possible today, and traffic that leaks in the future cannot be recovered. Authentication is a different story. TLS signatures, PKI, and privacy-preserving protocols still rely on classical schemes because PQ signatures remain large, slow, or difficult to compose. Treating these two domains as if they mature simultaneously creates the wrong expectations and timelines. A realistic roadmap begins with clarity on what needs immediate protection and what will evolve over several years.

Key Question: Which systems depend on long-term signature trust, and which only require encrypted traffic today?

Sofia discusses how the industry has already adopted hybrid KEMs, concatenating classical and PQ algorithms as a safety net. In theory, hybrid is temporary. In practice, she notes that once the industry migrates, many systems never fully transition again. We still see SHA-1 and TLS 1.2 in production for this exact reason. Hybrid provides resilience while researchers gain confidence in PQ schemes and watch for early attacks, but it also carries the risk of becoming the default state if teams do not set clear expectations. Proper planning requires acknowledging both realities: hybrid protects confidentiality today, but architecture leaders need a position on whether and when pure PQC becomes the long-term baseline.

Key Question: Is hybrid a waypoint in your roadmap, or is it quietly turning into your destination?

Referencing the TLS 1.3 rollout, Sofia explains how long real migrations take. TLS 1.3 required years of review, formal verification, and protocol hardening before large-scale deployment. Even now, many systems still use TLS 1.2 or older, and the IETF cannot enforce upgrades. This matters because TLS 1.3 is the prerequisite for PQC handshakes. If organizations have not completed their TLS 1.3 migration, PQC adoption stalls before it begins. Sofia highlights that the industry can only move as fast as the slowest dependency, and outdated protocol infrastructure remains a major blocker.

Key Question: Do you know exactly where TLS 1.2 still runs in your environment, and is there a plan to eliminate it?

Sofia explains why NIST opened a second call for PQ signatures: current lattice-based options are not enough. They are large, sometimes costly, and place all trust in a single mathematical family. If lattices were broken, both PQ key exchange and signatures would fall together. NIST now seeks independent mathematical foundations and smaller signatures that fit real-world authentication workflows. This includes bandwidth-limited clients, certificate chains, and protocols where signature size directly affects performance.

Key Question: Are you planning for an authentication ecosystem built on diverse algorithms, or is your strategy unintentionally tied to a single class?

Sofia introduces MAYO, a multivariate-quadratic signature scheme she co-authored. She details why the industry is watching multivariate candidates closely: they offer small public keys, compact signatures, and natural support for threshold cryptography. Threshold capability is particularly important as authentication workflows spread across distributed systems, cloud infrastructure, and delegated trust relationships. Rather than placing full control of a private key in one location, threshold schemes allow multiple parties to collaborate on a signature without exposing a complete key.

Key Question: Which of your authentication paths would benefit from compact signatures and built-in support for shared signing authority?

Sofia focuses on the two upgrades every organization can deploy immediately without waiting for the authentication ecosystem to mature. First, migrate fully to TLS 1.3, which is already supported across all major libraries. Second, enable hybrid KEMs to protect confidentiality against stored-traffic attacks. Authentication, signatures, and zero-knowledge tools need more time, more validation, and more stable standards. But confidentiality can be defended today with minimal cost and operational friction. Sofia frames this not as future-proofing, but as reducing an active risk window that grows every day organizations delay action.

Key Question: Do you have a scheduled project to deploy TLS 1.3 and hybrid PQC across your primary communication paths in the next 12 months?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn:

Konstantinos Karagiannis is the Director of Quantum Computing Services at Protiviti, where he leads efforts helping organizations develop real quantum use cases in optimization, machine learning, and simulation, and build realistic paths toward post-quantum cryptography migration. He has been with Protiviti for more than six years, serving previously as Associate Director of Quantum Computing Services. Before Protiviti, Konstantinos spent 13 years at BT, where he served as CTO of the Security Consulting Practice for BT Americas, and earlier as Global Technical Lead for Ethical Hacking, leading red-team operations and advanced cryptographic security testing.

He is the host of Protiviti’s “Post Quantum World” podcast, recently featured at DEFCON with his talk Post-Quantum Panic: When will the cracking begin, and can we detect it? His work focuses on building real quantum computing solutions today while preparing enterprises for the accelerating risks of Q-Day.

Konstantinos reframes quantum risk by challenging the narrow industry focus on harvest-now-decrypt-later (HNDL). Decrypting old emails years from now is far less damaging than the real threat: harvest-now-forge-later (HNFL), where attackers use quantum capability to forge identities, break code-signing foundations, and compromise the software supply chain. This shifts the threat from exposure of data to the collapse of trust. When an attacker becomes the authoritative sender such as Microsoft, Apple, a firewall vendor, or a banking platform, the attack scales instantly, bypasses controls, and moves invisibly. This is not about curiosity or espionage; it is about control and reach, where one forged update compromises millions of systems in minutes.

Key Question: Where does your organization implicitly trust signed updates or machine identities, and who validates the integrity of that trust boundary today?

Konstantinos introduces what he calls the Five-Day Rule, based on recent research suggesting that a cryptographically relevant quantum computer could break RSA-2048 using roughly 1,399 logical qubits in around five days. This turns timelines from theoretical decades into an operational window that security and architecture teams must model now. Five days changes the logic of risk, pushing leaders to assess which secrets, keys, and operational identities remain valuable within that timeframe. Financial transactions may expire quickly, but the keys protecting critical infrastructure, identity infrastructures, government systems, long-life intellectual property, or blockchain consensus remain valuable long after they are created.

Key Question: If a key protecting your most sensitive systems could be broken in five days, what response tempo, controls, and contingency paths would you rely on?

In his offensive-security perspective, Konstatinos explains that attackers will go after code-signing keys and update channels first, because those are the levers that unlock systemic access. Compromising a single vendor’s signing key turns a routine software update into a global breach. Unlike decrypting a single intercepted email, forging an update affects entire fleets of devices at once, laptops, networking gear, operational systems, and cloud workloads. Supply-chain attacks such as SolarWinds and ShadowHammer demonstrated the scale of trust-based compromise without any quantum capability. Quantum only removes the barrier of needing privileged access. The blast radius is not linear; it grows exponentially.

Key Question: If a major vendor in your environment silently lost control of its signing key, which systems would accept the update without verification, and how quickly would you detect the first signal of compromise?

Konstantinos expands the discussion beyond enterprise IT into blockchain and digital asset ecosystems. Vulnerable Bitcoin wallets using reused or exposed addresses could be drained by reversing private keys. More significantly, proof-of-stake networks such as Ethereum rely on BLS signatures to establish validator identity and consensus. Breaking those signatures enables attackers to hijack consensus, manipulate network governance, or destabilize price confidence. The consequences go far beyond theft. The damage includes global market volatility, reputational collapse, and loss of institutional trust. Even the credible announcement that such capability exists could move markets, without a full attack ever executing.

Key Question: Where is your organization exposed, directly or indirectly, to digital assets, transaction flows, or reputational dependence on market stability?

Konstantinos emphasises that preparing for post-quantum migration begins with security fundamentals: catalogue your cryptography, identify crown-jewel systems, evaluate exposure lifespans, and map relationships between systems, third parties, and identity flows. This reframes PQC from a cryptographic experiment into a disciplined cyber resilience program grounded in visibility and sequencing. Teams must understand what they protect, how long those assets remain valuable, and where control layers converge. This requires more than technical transition; it demands ownership, governance, and prioritisation. A successful roadmap depends on clarity of dependencies before cryptography is swapped.

Key Question: Can you produce a precise and current map of every key, certificate, algorithm, and dependency protecting your core services, and prioritise change based on exposure rather than convenience?

Third-party vendors are central to PQC readiness, but vague statements such as “investigating PQC” provide no protection. Konstatinos urges organizations to demand version-level commitments, timelines, supported PQC algorithms, and attestation paths. Roadmaps must include implementation dates, hybrid-mode support windows, and performance characteristics. Accountability now sits across the entire supply chain, and cryptographic dependencies extend far beyond internal engineering. This is a procurement, legal, and architectural negotiation that requires clarity and documentation, not aspiration. Silence is risk; specificity is control.

Key Question: Do your vendor agreements require measurable and dated PQC milestones, or do you rely on trust without validated evidence?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

How Microsoft’s Quantum Safe Program sets 2029 and 2033 milestones for migration readiness.

Why accountability and leadership drive progress more than technology alone.

How to identify and protect systems and data with long-term exposure risk.

Why global alignment through NIST, ISO, and IETF matters for interoperability.

How governments can accelerate national readiness through coordinated action.

Why post-quantum migration must include hardware, policy, and operations - not just software updates.

Practical first steps for organizations to begin their own quantum-safe transition today.

Kevin Reifsteck is the Director for Critical Infrastructure Protection at Microsoft, where he leads global strategy across cybersecurity policy, quantum-safe readiness, and public–private sector collaboration. His work bridges engineering and regulation, helping Microsoft’s product teams align with evolving post-quantum cryptography standards while advising governments on how to prioritize critical systems and national resilience. Before joining Microsoft, Kevin served as Director for Critical Infrastructure Cybersecurity at the National Security Council, The White House, where he shaped U.S. policy for securing essential services and modernizing cyber risk management. Today, Kevin plays a central role in driving Microsoft’s Quantum Safe Program, which sets clear timelines for transitioning products and services to post-quantum cryptography and helping customers worldwide prepare for the quantum era. Known for his strategic clarity and cross-sector insight, he continues to champion global alignment, government readiness, and responsible innovation in securing the foundations of the digital world.

[01:25] Step 1: Set Accountability and Direction –
Every successful migration begins with ownership. Kevin explains how Microsoft anchored its transition by naming accountable leaders and setting measurable goals across its entire product ecosystem. The company’s Quantum Safe Program unites engineering, policy, and compliance within one vision, ensuring that strategy translates into coordinated action. Each product group defines its own plan within shared milestones, creating focus without friction. This balance of central direction and local execution allows a company as large as Microsoft to move with precision. Leadership commitment is the engine that turns post-quantum awareness into measurable progress.

Key Question: Who owns your quantum-safe migration, and what milestones define success?

Microsoft’s roadmap defines clear signposts: customer-facing capabilities by 2029 and full transition across products and services by 2033. These dates are not abstract; they give structure to engineering priorities, regulatory engagement, and customer planning cycles. Kevin shares that transparency in scheduling helps align suppliers, cloud partners, and governments around a shared sense of urgency. It signals that the migration window is already open, and that early action reduces future cost and complexity. By publishing its timelines, Microsoft creates both accountability and confidence within the broader ecosystem. Timelines build trust, and trust accelerates adoption.

Key Question: Have you defined a clear migration timeline that aligns your teams, vendors, and customers?

Governments set the tempo of readiness. Kevin emphasizes that effective policy should create alignment, not administrative drag. Microsoft advocates for each nation to name a responsible authority, establish a post-quantum plan within its national cybersecurity strategy, and allocate the resources to act on it. Awareness programs and sector-specific guidance can turn compliance from a burden into an accelerator, especially for industries like healthcare and energy where expertise is scarce. The key is partnership; policymakers and private industry moving in rhythm toward the same standards and timelines. Well-crafted regulation builds the runway for secure innovation.

Key Question: How can your policy environment encourage rather than slow down quantum-safe adoption?

True migration reaches beyond code. Kevin outlines how large-scale infrastructures rely on encryption embedded deep within hardware, network layers, and operational systems that may run for decades. In cloud environments, encryption depends on specialized chips, data flow, and power efficiency, all of which must adapt to larger keys and new computational demands. In critical infrastructure, replacing or reconfiguring operational technology requires careful planning and years of lead time. Treating PQC as a systemic evolution ensures that migration strengthens, rather than disrupts, core services. Preparation today prevents technical and operational lock-in tomorrow.

Key Question: Which parts of your infrastructure demand more than a code update to achieve quantum resilience?

Some data loses value in weeks; other data must stay confidential for decades. Kevin draws attention to sectors where this matters most: finance, healthcare, and government, where exposure to “harvest-now, decrypt-later” attacks could have generational consequences. The first step is to identify which assets would still cause harm if exposed ten or fifteen years from now. Protecting those systems early not only reduces risk but avoids future regulatory and operational strain. Microsoft’s guidance encourages leaders to focus first on the information and services that define their long-term trust relationship with customers. Longevity determines priority in the quantum transition.

Key Question: Which information or systems in your organization will still matter a decade from now?

Quantum resilience depends on collaboration that crosses borders. Kevin explains how Microsoft works within NIST, ISO, and IETF to ensure that algorithms and protocols mature together, preventing regional fragmentation that could slow the entire ecosystem. When nations align on standards, organizations can innovate confidently, knowing their systems will interoperate securely worldwide. The goal is a consistent framework that supports both national security and commercial continuity. Alignment builds momentum, and momentum ensures no critical infrastructure is left behind. The post-quantum era will reward those who plan globally and execute locally.

Key Question: How well are your systems and partners aligned with emerging global post-quantum standards?

Want exclusive insights on quantum migration?

Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Thalia Laing is the Principal Cryptographer and Security Researcher at HP Security Lab, where she leads research and implementation initiatives in post-quantum cryptography, hardware-based security, and trusted computing. She has played a key role in HP’s development of quantum-safe Secure Boot for business PCs and printers, integrating hybrid RSA + LMS architectures that strengthen firmware integrity and protect devices throughout their lifecycle. Over nearly eight years at HP, she has contributed to advancing cryptographic standards, security innovation, and enterprise readiness for the quantum era.

Thalia holds a PhD in Cyber Security from Royal Holloway, University of London, where her research on enhanced threshold schemes explored the balance between security and efficiency in distributed cryptographic systems. A member of the NIST NCCoE Migration to PQC Project, she continues to collaborate across industry and academia to accelerate the adoption of quantum-resistant security technologies. Known for her rigour and clarity in applying cryptography to real-world engineering, Thalia focuses on designing security foundations that endure across generations of hardware and emerging post-quantum standards.

Quantum resilience begins where trust begins, which is in hardware. Thalia explains why HP started its post-quantum journey by redesigning the Secure Boot process, the first code executed when a device powers on. This verification chain is baked into silicon and cannot be patched in the field, making it the single most critical layer to protect against future quantum attacks. By introducing quantum-safe verification at this immutable level, HP ensured that even if traditional cryptography were compromised, the foundation of every PC would remain secure. The result is a hardware-anchored assurance model that outlasts software cycles and supports long-term device integrity.

Key Question: Which hardware-anchored components in your systems would compromise everything if their signatures failed?

Migration to post-quantum cryptography doesn’t mean abandoning what already works. HP adopted a hybrid RSA + LMS model to secure its business PCs, combining the certification maturity of RSA with the forward security of LMS. Both signatures must verify before a device will boot, and a nested design ensures consistency: the firmware is first signed with LMS, then the firmware and LMS signature are signed again with RSA. This dual chain preserves compatibility for existing customers while introducing quantum-safe protection seamlessly. It also satisfies regional and industry assurance requirements, an essential bridge between today’s standards and tomorrow’s mandates.

Key Question: Where could a hybrid model strengthen your cryptographic assurance without disrupting certification or performance?

LMS is powerful but operationally demanding. Thalia outlines how HP engineered its signing infrastructure to prevent state reuse, manage signature limits, and tune the Winternitz parameter, a key setting that trades verification speed for computational effort. Because firmware signing happens predictably and infrequently, HP could model the entire lifecycle of each key, ensuring that verification remains fast and the state never exhausts. Extensive cross-testing between the signing infrastructure and endpoint firmware teams helped find the optimal balance between performance and endurance. The result is a proven framework for implementing post-quantum signatures in live production environments.

Key Question: Have you built the operational discipline to manage state, limits, and parameters before scaling PQC deployments?

Visibility drives every successful migration, yet most crypto inventories overlook what’s embedded in hardware. Thalia emphasises that many scanning tools capture software libraries and network protocols but miss firmware-level cryptography entirely. Secure Boot keys, embedded verification logic, and hardware root certificates often sit outside conventional monitoring systems. HP encourages organisations to supplement automated scans with manual verification and vendor collaboration to document these hidden elements. Only by mapping cryptography end-to-end, from cloud to chip, can enterprises manage risk and sequence migration effectively.

Key Question: Does your cryptographic inventory capture the unseen hardware roots that define your trust boundary?

Quantum safety is only part of the equation, physical resilience completes it. Thalia explains how HP integrates side-channel and fault-injection protections into hardware designs, preventing attackers from bypassing verification steps or manipulating power and timing behaviour. Since such defences cannot be retrofitted after deployment, they must be planned at the design phase alongside cryptographic migration. The goal is not just mathematical security but operational assurance, devices that remain trustworthy even under physical access or lab-level attack.

Key Question: How aligned are your hardware-level countermeasures with the cryptographic strength you rely on?

Every device has a lifespan; cryptography often does not. HP’s migration strategy focuses on hardware that will remain in service for years, business PCs, printers, and embedded peripherals. By upgrading these devices first, HP reduces exposure to the “harvest now, decrypt later” threat and avoids expensive retrofits when new standards become mandatory. Thalia calls this “future-proofing at the factory”: designing security that endures as algorithms evolve and threats mature. Prioritising longevity over convenience transforms security investment into measurable business value.

Key Question: Which products in your portfolio will still be operational when quantum attacks become real, and are they ready today?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn:

Dr Richard Searle is the Chief AI Officer at Fortanix, a global leader in confidential computing and data security. He leads Fortanix’s strategy at the intersection of cryptography, AI security, and post-quantum readiness, helping enterprises protect data across hybrid multi-cloud environments. With a background in systems engineering and safety-critical design, Richard brings more than two decades of experience in building secure, compliant, and resilient systems for both private and public sectors. Before becoming Chief AI Officer, Richard served as Fortanix’s Vice President of Confidential Computing and played a pivotal role in advancing the company’s confidential computing platform, which secures data in use through trusted execution environments. He has also served as the Chair of the End-User Advisory Council and General Members’ Representative to the Governing Board of the Confidential Computing Consortium under the Linux Foundation.

A Doctor of Business Administration from Henley Business School, University of Reading, Richard continues to contribute to research in AI and defense security. He serves as Principal Investigator for Fortanix within the U.S. NIST AI Safety Institute Consortium (AISIC) and the UK Integrated Quantum Network (IQN) Hub. Known for his clarity and discipline in security architecture, Richard focuses on helping global enterprises design for crypto agility, regulatory assurance, and quantum-safe innovation.

Quantum resilience begins with protecting what matters most, which is “data in use.” Richard explains how trusted execution environments create an invisible shield around sensitive workloads, keeping information safe even while it is being processed. Fortanix’s software-first foundation allows this protection to extend across cloud and on-premises systems, without the delays of hardware dependencies. Establishing this base gives enterprises the confidence to deploy new algorithms, test PQC performance, and maintain control wherever their data flows.

Key Question: Which of your workloads process the most sensitive data and need in-use protection today?

Every organization entering the quantum era must prepare for change. Richard highlights the need to design systems that can adapt, rotating algorithms, refreshing keys, and updating parameters through policy rather than rebuilds. This mindset transforms cryptography from a fixed asset into a flexible service that evolves alongside emerging standards. By embedding agility from the start, enterprises can move with the pace of regulation and innovation instead of reacting to it.

Key Question: How easily can your teams change algorithms when new standards arrive?

Global operations demand awareness of regional differences in cryptographic policy. While NIST drives the global baseline, Europe and Asia are advancing their own approaches, such as Classic McEliece and FrodoKEM, to strengthen local sovereignty. Fortanix addresses this diversity through a single control plane that can manage multiple algorithms while maintaining unified governance. Organizations that prepare for regional variance today will stay compliant and operationally aligned as new mandates emerge.

Key Question: Are your policies ready to accommodate regional algorithm choices without breaking global consistency?

Compliance becomes a source of trust when it can be proven. Richard shows how attestation and workload geolocation enable enterprises to demonstrate exactly where and how data was processed. Immutable logs and signed records create a transparent audit trail, satisfying frameworks like GDPR, DORA, and CNSA 2.0. This approach shifts compliance from a reporting exercise to a living proof of security discipline and accountability.

Key Question: Can you present verifiable proof of control, location, and authorization for sensitive workloads?

A strong migration plan begins with visibility. Richard outlines how teams can build an accurate inventory of keys, certificates, and machine identities, then analyze which are most exposed or critical to business continuity. Fortanix’s data security platform supports this assessment, enabling phased implementation that balances performance with risk. By starting with the systems that face customers and regulators, organizations gain both resilience and credibility in their transition to PQC.

Key Question: Which high-exposure services in your organization should move first toward PQC?

As automation expands, clarity of control becomes vital. Richard describes how Fortanix maintains human oversight through quorum approvals while allowing machine identities to perform cryptographic operations within defined boundaries. This structure preserves accountability and enables scale, empowering secure automation for code signing, data exchange, and AI workflows. True governance lies in this balance, human intent directing machine execution through policy and precision.

Key Question: Where can you introduce automation that enhances control rather than replacing it?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Bruno’s message is that HSMs are the foundation of digital security, and crypto-agility is now essential for surviving the quantum era.

What You’ll Learn

Bruno Couillard is the CEO and co-founder of Crypto4a Technologies, where he leads the development of quantum-safe, crypto-agile products like the QxHSM and QxEDGE. With nearly four decades of experience in cryptography, key management, and cybersecurity, Bruno has shaped the hardware security module (HSM) landscape from its origins to its next evolution. Earlier in his career, Bruno cofounded Chrysalis-ITS and co-designed the original Luna HSM, a product that remains foundational to global PKI systems and is now part of the Thales portfolio. He also contributed to the creation of the PKCS#11 standard and served as a cryptographic evaluator for the Canadian government, where he assessed and architected high-assurance military security products, including the Canadian Cryptographic Modernization Program.

Today, Bruno sits on the board of Quantum Industry Canada (QIC), co-chairs the Quantum Industry Developers and Users Working Group, and serves on Canada’s National Quantum Strategy committee, actively shaping the country’s quantum-safe cybersecurity ecosystem. Known for his clear perspective, he emphasizes the urgent need for crypto-agility, the distinction between PQC-ready and PQC-providing systems, and the modernization of HSMs to meet cloud and scalability demands.

[04:59]  Step 1: Learn from the Past
HSMs were originally designed in an era when cryptographic officers were treated as “priests,” entrusted with near-sacred responsibilities. The Luna HSM grew out of this mindset with hardware built for isolation, secrecy, and manual control. This legacy explains why many devices remain difficult to use and poorly adapted to modern environments. What worked in the 1990s no longer fits a world where security must be deployed at scale and managed across distributed teams. The first step is recognizing if your current systems are still locked in a pre-cloud, pre-scale paradigm.

[09:58] Step 2: Understand the Big Bang of Digital Trust
The arrival of SSL in 1995, combined with PKI and HSMs, triggered what Bruno calls the “Big Bang of the digital economy.” That triad enabled secure transactions and authentication, paving the way for today’s digital commerce, which is now one-third of global GDP. The takeaway is that cryptography is not a side issue but the fabric of the digital economy. If the integrity of this foundation collapses under quantum pressure, every layer of commerce, government, and communication is at risk. Leaders must weigh whether they are underestimating just how central cryptography is to their business model.

[12:39] Step 3: Separate PQC-Ready from PQC-Providing
Bruno stresses that an HSM must be internally quantum-safe, not just capable of handing PQC algorithms to external applications. Firmware updates, key exchanges, attestation signatures, and sibling-to-sibling communication inside the HSM all rely on its own cryptography. If that internal layer remains classical, the entire system is compromised even if it outwardly “provides” PQC algorithms. Many vendors blur this line, leaving buyers exposed. Organizations need to question their suppliers if they are only PQC-providing, or if they are truly PQC-ready inside and out?

[17:38] Step 4: Don’t Believe in Magic Wands
Classic HSMs cannot be turned into quantum-safe devices with a firmware patch. Bruno compares this to painting stripes on a horse and calling it a zebra. It may look different, but the foundation hasn’t changed. Once RSA and ECC are deprecated, patched boxes will collapse under the weight of new requirements. Leaders need to ask now whether their existing fleet can actually survive deprecation, or if they are investing in assets destined for the scrapheap. Betting on retrofits is a costly illusion that will leave organizations scrambling.

[21:41] Step 5: Secure Your PKI First
Among the many cryptographic systems to protect, PKI stands out as the crown jewel. Amazon has publicly called it a “no-regret” migration step, since nearly all systems depend on certificates and keys issued there. Crypto4a’s approach allows hybrid use, binding classical and PQC algorithms in the same machine, so organizations can transition without rebuilding from scratch. By starting with PKI, enterprises set a quantum-safe anchor that supports a gradual rollout elsewhere. It’s a step that prevents wasted effort and ensures early moves don’t need to be undone later.

[26:23] Step 6: Modernize and Build for Agility
While computing infrastructure has become modular, scalable, and cloud-aligned, most HSMs are still boxy appliances requiring physical keys and human rituals. This mismatch slows deployment and makes cryptography harder to manage at enterprise scale. Bruno argues HSMs must evolve to cloud-native, modular architectures that operators can provision and control without specialized ceremonies. Equally, systems must be designed for crypto-agility, the ability to swap algorithms through policy updates rather than rewriting code. Without agility and modernization, organizations will find themselves locked into brittle systems just as cryptography enters its most turbulent era.

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn:

Mike Silverman is Chief Strategy & Innovation Officer at FS-ISAC, the global, member-driven consortium dedicated to collective defense in financial services. In this role, he leads forward-looking initiatives on post-quantum cryptography, AI risks, cloud security, and sector resilience, helping financial institutions anticipate and prepare for the threats shaping tomorrow’s trust landscape.

With a career shaped by crisis response and industry collaboration, Mike has been at the center of efforts to align governments, regulators, and enterprises on how to secure financial systems under pressure, from pandemic coordination to the emerging quantum challenge. His work focuses on reframing cryptography as a first-class citizen, embedding it into inventories, risk models, and long-term technology refresh cycles that extend beyond any single algorithm.

Known for his pragmatic perspective, Mike stresses that the real danger is complacency, not just quantum breakthroughs. He argues that cryptographic agility is the only sustainable defense, that timelines like 2030 and 2035 demand phased and realistic planning, and that collective readiness across vendors and supply chains is non-negotiable. His message is clear: organisations don’t need to panic, but they do need to start now.

For decades, cryptography has been invisible, assumed to “just work” in the background. Mike argues this is the biggest blind spot. Every major migration, from DES to AES or from RSA-1024 to RSA-2048, has been treated as a painful one-off. That approach leaves organisations brittle and unprepared for the next wave of change. The lesson is clear: cryptography must be treated as a first-class citizen in security planning, with visibility, budget, and executive attention. Key Question: Are you still assuming crypto will take care of itself, or are you elevating it to a first-class security discipline in your organisation?

Mike recalls sitting in industry meetings where “crypto-agility” meant wildly different things to different stakeholders. FS-ISAC responded by publishing a sector-wide definition: the ability to swap algorithms (A→B) with minimal downtime, minimal disruption, and ideally no code changes. Achieving this requires both architectural foresight (decoupling crypto from applications) and organisational alignment (governance, vendor contracts, policy-driven controls). Key Question: If you had to change cryptography tomorrow, would it take a simple policy update or a rewrite across every app and vendor system?

Silverman stresses a basic truth: you can’t secure what you can’t see. Few CISOs could raise their hand if asked, “Do you know where 100% of your keys are?” An accurate inventory, where keys live, how they’re managed, which systems depend on them, creates the foundation for prioritisation. Layering risk on top ensures crown-jewel systems and long-lived data are addressed first. Without this visibility, organisations risk wasting resources on the wrong assets. Key Question: Do you know where all your cryptographic keys and algorithms are, and which assets pose the highest risk if migration lags?

Even with a ten-year runway, Mike believes there will be legacy systems left behind. Large institutions with acquisitions face inconsistent policies, while smaller firms rely heavily on vendor products. Dependencies extend beyond the enterprise, supply chains, PKI standards, certificate profiles, FIPS-validated libraries all dictate what’s feasible. Success depends on coordinated timelines with vendors and regulators, not just internal willpower.

Key Question: Are you aligning your migration plans with vendor readiness and global standards, or assuming you can solve it all in-house?

Boards balk at funding PQC as a standalone project. Mike reframes it: cryptographic upgrades should be part of ongoing app modernisation and lifecycle refresh. From mainframes and point-of-sale systems to operating systems and middleware, modernisation already happens in cycles. The right approach is to bake PQC into those existing refreshes, so cost and disruption are absorbed by processes organisations already budget for.

Key Question: Are you presenting PQC as an extra burden, or embedding it naturally into technology refresh cycles your board already funds?

Mike is clear: the sky isn’t falling. But the longer organisations delay, the harder and costlier the transition will be. Starting small, augmenting asset management, training staff, asking vendors the right questions, creates momentum without overwhelming the business. Crypto-agility is a journey measured in years, not months, and the best way to reduce fear is to begin.

Key Question: Are you waiting for the “perfect moment” to start, or taking small, practical steps today that build toward crypto-agility?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn

Will Collison is the Interim Global Head of Cryptography at HSBC, where he leads the bank’s global cryptography strategy across 60 markets. A CISSP-qualified consultant with two decades of experience, he specializes in public key infrastructure (PKI), cryptography standards, and the automation of trust. Over his seven-plus years at HSBC, Will has served as Technical Director of Cryptography, Global Head of Cryptography Standards and Enforcement, and PKI Specialist, building frameworks for machine and digital identity and driving large-scale remediation programs.

Prior to HSBC, he founded Secmundi Limited, advising international banks on cryptography strategy and operating models, and worked as a Trust Consultant at Barclays, guiding PKI implementations and automation of certificate issuance. Known for combining deep technical expertise with pragmatic execution, Will has long been a voice for crypto agility, helping organizations modernize securely while preparing for future shifts. Today, his focus is clear: ensuring enterprises can meet the challenges of post-quantum cryptography (PQC) and build a quantum-safe future.

The first barrier isn’t technology, it’s leadership alignment. Will emphasizes that cryptographers alone cannot drive PQC migration; it requires CIOs, CEOs, and developer communities to take ownership. At HSBC, demonstrating early trials with quantum key distribution (QKD) helped leadership see quantum as real and urgent, not distant theory. By pairing opportunity narratives (business applications) with security risks (broken RSA), Will built credibility and won support across the C-suite. Without this awareness step, migrations stall, as PQC remains “just a cryptography issue” instead of a business priority.

Key Question: Do your executives see PQC as an organizational shift, or just another crypto upgrade?

Confusion often slows action: leaders lump quantum computing, post-quantum cryptography (PQC), and QKD into one bucket. Will makes the distinction clear, PQC is mandatory for everyone, QKD is optional for select high-assurance links, and quantum computing is the attacker capability on the horizon. PQC secures identity mechanisms that quantum computers can break; symmetric algorithms like AES remain largely safe. For organizations, this clarity avoids wasted investment and helps focus resources on the universal priority: PQC. QKD may add value in specific backbone use cases, but it’s not a substitute for PQC adoption.

Key Question: Does your roadmap clearly differentiate between PQC (a must-do) and QKD (a niche add-on)?

Migration is not just about legacy; it’s about revenue-critical systems that are hardest to touch. Will highlights that the most important services, core banking, internet-facing platforms, high-value transaction systems, are also the most delicate. These cannot be treated as “old and optional”; they need careful, phased planning. Starting with these systems ensures resilience where risk and business impact are highest. At HSBC, prioritizing internet-facing services and those with zero downtime tolerance became the backbone of the PQC roadmap. Organizations should resist the temptation to defer these systems, as they represent both the highest stakes and the longest lead times.

Key Question: Have you identified which systems are both critical and hardest to migrate and started with them?

Will posits that PQC migration isn’t a one-and-done fix. Because cryptography is open to attack and algorithms are deliberately stress-tested by academics, today’s standards may not be tomorrow’s. The real goal is crypto agility, building systems that can switch algorithms without costly rewrites. This means designing pluggable crypto frameworks, modular architecture, and future-ready PKI. Organizations that treat PQC as a single migration will find themselves repeating the pain in a few years; those that embed agility now will be able to adapt at the push of a button. Agility turns a crisis response into a strategic advantage.

Key Question: If the next PQC algorithm is broken tomorrow, could your systems swap it out without disruption?

Waiting only makes migration harder and more expensive. Will lays out the math: if you start today, you can go slow and control costs; if you wait for Q-Day or R-Day (when regulators mandate action), you lose the option of “slow” and are forced into expensive, rushed remediation. Early investment also lets you train in-house talent instead of competing in a skills-short market later. Regulators and peers are already moving, meaning inaction risks reputational damage as much as security exposure. The smartest play is to begin now, measure progress, and use the lead time to stay ahead of both attackers and regulators.

Key Question: Are you starting early enough to spread cost and build skills, or setting yourself up for a rushed, expensive scramble later?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn

Adrian Neal is Senior Director and Global Lead for Post-Quantum Cryptography at Capgemini, where he advises governments, financial institutions, and global enterprises on preparing for the quantum era. With nearly four decades of experience spanning banking, defense, telecoms, and startups, Adrian has been at the center of major security transformations, from the early days of PKI to today’s post-quantum migration programs. His work focuses on helping organizations identify critical systems, manage dependencies, and design long-term strategies that combine technical execution with board-level buy-in.

Known for his candid perspective, Adrian warns that migration is closer to an eight-year journey than a three-year sprint, that crypto-agility is the only sustainable defense as algorithms evolve, and that apathy will kill you. His message is clear: the sooner organizations begin planning, the better chance they have to avoid panic, triage, and systemic disruption when the first quantum “black swan” arrives.

The biggest misconception Adrian encounters is the idea of a “three-to-five-year” migration. As he bluntly states, that only works if everything goes perfectly and in the real world, it never does. Organizations must plan for eight years at best, with the expectation of mid-course corrections and even emergency triage when hidden dependencies surface. Late action only makes the crunch sharper, as boards suddenly realize time has run out. Key Question: Are you planning for an idealized three-year sprint, or budgeting for the reality of an eight-year marathon?

Quantum risk can feel abstract until regulators, supervisors, or global bodies spell out the consequences. Adrian points to the Bank of International Settlements, which recently warned of systemic financial collapse if banks fail to act. Similarly, the UK surveyed CISOs not to congratulate them, but to ask why nothing was happening. These signals are the early tremors  and ignoring them risks being blindsided when regulation becomes mandatory. Key Question: Are you treating industry warnings as background noise, or as early instructions to act before mandates arrive?

Benchmarks on paper rarely match performance under real load. Adrian recalls a test where a PQC algorithm dropped a hardware security module from 10,000 transactions per second to just 200. That kind of shock will ripple through SLAs, capacity planning, and cost models. Enterprises can’t wait for standards alone, they need to start testing now to understand what PQC will mean for their unique environments. Key Question: Have you run PQC under production-like loads, or are you still trusting theoretical benchmarks?

When mapping a migration, not all systems are equal. Adrian insists the first priority must be crown-jewel systems, the assets so critical that losing them could put you out of business. By identifying these early and mapping their dependencies, organizations can build a critical-path plan, sequencing work in the right order and avoiding surprises later. Everything not on the critical path can be parallelized, but the critical path itself must be guarded fiercely. Key Question: Do you know which systems are truly crown jewels, and how delays there will cascade across your migration?

Even if today’s algorithms are standardized, Adrian cautions they may not last. History has already shown finalists falling apart late in the NIST process, and cryptographers warn that vulnerabilities may be found within five years. That means crypto-agility is no longer optional: organizations must decouple applications from crypto libraries, move to policy-driven controls, and be ready to swap algorithms without rewriting code. Governance is equally critical, because poor implementation, not just weak algorithms, will be the Achilles’ heel. Key Question: Can you change cryptography across your systems with a policy update, or would it take a rewrite in every app?

For many CISOs, the hardest part isn’t technical, it’s convincing the board. Adrian highlights how legislation may actually be a friend, giving executives the leverage to unlock budgets by framing PQC as a compliance necessity. Without that pressure, boards tend to see migration as a cost center with no immediate revenue benefit. By aligning to regulatory timelines, CISOs can turn PQC from a “someday project” into a non-negotiable investment. Key Question: Are you waiting for regulators to force your hand, or using regulation as a tool to unlock boardroom commitment today?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn

Tomáš Mráz is the Director of the OpenSSL Software Foundation and a long-time contributor to the project. After years at Red Hat maintaining OpenSSL packages and serving on the OpenSSL Technical Committee, Tomáš now leads both governance and technical efforts for the Foundation. He has played a key role in transitioning OpenSSL to a provider-based model and integrating post-quantum cryptography support. 

Jon Ericson is the Community Manager at the OpenSSL Software Foundation. With a background in programming and community building, Jon works to strengthen the connection between OpenSSL’s global user base and its core developers. From GitHub sponsorships to community use case surveys, he ensures that OpenSSL remains responsive to the evolving needs of its contributors and stakeholders.

With the shift to post-quantum cryptography accelerating, Tomáš Mráz and Jon Ericson’s message is clear: OpenSSL’s future will be defined by community, funding, and cryptographic agility, ensuring the internet’s most trusted library stays secure in the quantum era.

From the very beginning, OpenSSL’s strength has been its community. As Jon Ericson explains, many contributions still come from volunteers fixing bugs or adding features because they personally rely on the library. This model means OpenSSL doesn’t evolve in isolation, it reflects the real-world needs of users across industries. Without this constant input, critical flaws might linger and adoption of new features would stall. Community-driven resilience is what has kept OpenSSL relevant for more than 25 years, and it’s also the key to surviving the quantum shift. Key Question: Is your organization contributing back to the open-source tools it depends on, or just consuming them?

Tomáš Mráz highlights that OpenSSL 3.0’s provider architecture was a complete rewrite of the library’s internals. Unlike the old engine system, providers allow new algorithms, including post-quantum candidates, to be plugged in without altering the core code. This design foresight meant OpenSSL could quickly integrate PQC once NIST finalized its standards in 2024, instead of waiting years for structural changes. Agility in cryptography isn’t an abstract idea here, it’s a practical necessity, and the provider model gives OpenSSL the flexibility to adapt faster than ever. Key Question: Is your cryptographic infrastructure designed for future upgrades, or locked into a rigid model?

While many in the industry chase feature lists, OpenSSL takes a different approach. As Tomáš explains, new releases are time-based (April and October), but features are only merged when they are truly ready. Current work spans QUIC improvements, zero-RTT support, timing side-channel protections, and potential PQC enhancements, but nothing will be rushed to hit an arbitrary date. This discipline has allowed OpenSSL to remain the backbone of secure communications globally, trusted by billions of devices and applications. For organizations planning their upgrades, the message is clear: align to OpenSSL’s stable releases, don’t gamble on unfinished code. Key Question: Are your upgrade plans aligned with proven releases, or are you rushing ahead of the standards?

Certification is one of the hardest parts of cryptography. OpenSSL 3.1 achieved FIPS 140-3 validation, a first in its history, and the 3.5 version is already in review to bring NIST’s post-quantum algorithms into scope. Tomáš admits the process is long, political, and outside of the Foundation’s control, with heavy negotiations between NIST, labs, and implementers. But without certification, many governments and enterprises simply cannot adopt PQC at scale. The lesson for security leaders: you can’t shortcut compliance, and you need realistic timelines to plan migrations. Key Question: Is your compliance roadmap realistic about how long certifications actually take?

OpenSSL is everywhere, often in places you’d never expect. Jon recounts a developer securing serial devices with TLS, and even Mercedes vehicles using OpenSSL in their apps to lock and unlock doors. These surprising “in the wild” stories show why upgrading matters: outdated versions leave unseen risks in everyday systems. Looking ahead, the Foundation is also launching its first-ever OpenSSL Conference in Prague, bringing together experts, contributors, and industry voices to shape the next phase. Between new funding streams, hiring developers, and expanding global engagement, OpenSSL’s next 25 years will be as pivotal as its first.

Key Question: Do you know where OpenSSL runs in your stack — and are you keeping pace with its evolution?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn

Kevin Hilscher is Senior Director of Product Management at DigiCert, where he leads the device trust product team and oversees PQC readiness across the company’s portfolio. With a background at Microsoft and deep experience working with OEMs, banks, healthcare providers, and defense organizations, Kevin has been at the forefront of preparing enterprises for the quantum era. His focus spans securing connected devices, enabling regulatory compliance, and helping global customers prepare for the transition to PQC. Known for his pragmatic approach, Kevin bridges the gap between evolving cryptographic standards and real-world business needs, helping organizations take the first steps toward a secure, quantum-ready future.

With the shift to post-quantum cryptography accelerating, Kevin’s message is clear: early discovery and TLS 1.3 readiness, not just new algorithms, will define the path to a quantum-ready future.

For many industries, the first challenge isn’t technical; it’s awareness. Kevin explains that cybersecurity teams often have to “sell upwards,” using the right data, talk tracks, and materials to educate leadership about PQC and secure sponsorship. Without this “step zero,” projects stall before they begin. Education is critical, not just inside your own enterprise, but across vendors and partners who may not even know what PQC is yet. Key Question: Do your executives and stakeholders truly understand the urgency of PQC, or are they still in denial?

The foundation of every migration is discovery. Kevin stresses the importance of cataloging where and how cryptography is used, TLS versions, crypto libraries, SDKs, and source code. For banks, that means checking third-party apps and firewalls. For OEMs, it’s embedded devices still running RSA or ECC. Discovery reveals not just internal risks but also gaps in vendor readiness, enabling informed conversations about timelines and support. Key Question: Have you mapped your crypto landscape, from TLS versions to third-party dependencies, so you know what needs to change?

Before PQC algorithms even come into play, enterprises must meet the TLS prerequisite. As Kevin notes, the IETF has been blunt: quantum-safe algorithms will only be supported in TLS 1.3 and above. Yet many organizations are still stuck on TLS 1.2 in legacy apps and infrastructure. Migrating now means you can act independently of PQC timelines while also future-proofing your systems for what’s next. Key Question: Are you still relying on TLS 1.2, or have you taken the first real step toward a quantum-ready foundation?

“Hybrid” is one of the most confusing terms in PQC. Kevin highlights the difference between hybrid key exchange (pairing a PQC algorithm with RSA or ECC for TLS handshakes) and hybrid certificates (dual-signed X.509s). While hybrid key exchange is standardized and deployable today, hybrid certificates remain stalled by competing standards like composite, Chimeria, and Chameleon. Without clarity, organizations risk paralysis. Key Question: Do you know which type of hybrid you’re preparing for, and are you moving ahead where standards are ready today?

Global regulators are setting ambitious deadlines, 2030 in the EU, 2027 for U.S. federal procurement. Kevin warns that critical systems like SCADA, SAP, and ERP will struggle to meet those dates, especially with legacy TLS and outdated infrastructure. While crypto SDKs are ahead, enterprise apps and HSM certifications will lag. Organizations must pressure vendors for roadmaps while also preparing for phased upgrades.

Key Question: Are you planning your migration based on regulatory optimism, or on the real pace of vendor and infrastructure readiness?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn:

Yolanda Reid is a cybersecurity leader with over two decades of experience spanning national defense, intelligence, and enterprise technology. As a former Associate Partner at IBM Consulting, her career includes leadership roles at Raytheon, BBN Technologies, EverWatch, and the U.S. Department of Defense, where she specialized in quantum cryptography, zero trust, and strategic risk mitigation. Respected for her ability to translate complex technical issues into clear, actionable strategies, Yolanda is a trusted advisor to federal agencies, Fortune 500 companies, and emerging tech teams navigating quantum readiness. She combines deep technical expertise with a human-first approach shaped by her journey as a cancer survivor and single mother.

Today, Yolanda champions proactive planning, executive education, and long-term resilience, helping organizations prepare for a future where cybersecurity is not just about encryption, but evolution.

The Y2K scare came and went with a single deadline. But post-quantum cryptography? It’s not a singular event, it’s a complete shift in how we think about cryptography, risk, and infrastructure. Yolanda explains that with PQC, organizations will no longer rely on one fixed algorithm, they’ll need toolkits, policies, and a mindset of constant change. The entire cryptographic lifecycle will be in motion, from policy and procurement to development and testing. If you treat this as just another IT upgrade, you’ll miss the foundational shift required to secure your business in a quantum-enabled world. Key Question: Is your organization preparing for a recurring cryptographic upgrade cycle or hoping for a single fix?

Quantum threats aren’t just technical, they’re strategic. Yolanda recounts a conversation where a senior leader dismissed PQC because they “don’t do quantum.” That mindset is precisely the danger. She emphasizes that PQC readiness must reach the boardroom, not just engineering teams. Because what’s at risk isn’t theoretical, it’s your communications, finances, and trust.

Crown jewels like encrypted data, trade secrets, and customer information are all vulnerable without leadership engagement. This isn’t a technical curiosity. It’s an executive obligation and the time to engage is now. Key Question: Have your executives been briefed on the strategic impact of quantum disruption?

[09:27] Step 3: Design for Breakage, Because It’s Coming

PQC migration isn’t clean. Yolanda emphasizes that upgrading algorithms will break systems, sometimes in unpredictable ways. Systems built 10, 20, or even 40 years ago weren’t designed for this shift, and performance may degrade or, in some cases, improve. Yolanda urges leaders to plan for this reality, build troubleshooting teams, and avoid panic rollbacks when things inevitably break. Breakage isn’t failure, it’s part of the process. Organizations that build for resilience, not perfection, will come out stronger. Key Question: Do you have a real-time recovery plan for the failures PQC migration will trigger?

Think 2030 is far away? Think again. Yolanda compares the current moment to Y2K’s long runway, where preparation began over a decade in advance. She warns that migrations like TLS took 15 years, and we’re already late. Quantum adoption will likely happen faster and hit harder.

And if global investors succeed in reaching quantum advantage before 2030, it’s not just a matter of being slow, it’s a matter of being exposed. By the time official deadlines hit, it may already be too late for unprepared organizations to catch up. Key Question: Are you treating 2030 as your deadline or your last chance?

Quantum computing won’t arrive in isolation. Yolanda explains that it will collide with AI, creating exponential disruption that current policy frameworks are unprepared for. And while regulators are still trying to wrap their heads around AI, the convergence with quantum is already underway in labs, startups, and state-sponsored programs. Yolanda cautions that adversaries are already exploring malicious use cases, and we need to match that urgency with proactive safeguards. Those who wait for a clear policy may find themselves on the wrong side of quantum advantage. Key Question: Are you helping shape the future of secure AI + Quantum use or waiting for someone else to define it?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

In this anniversary episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen brings back some of the most important voices in the PQC conversation to revisit where we were, where we are, and where we need to go next:

Together, they deliver an unvarnished look at what’s changed in the 12 months since the standards were finalized and what still needs urgent attention.

What You'll Learn:

This is a rare, roundtable-style single-guest interview featuring voices from government, industry, and research in one conversation. If you need to understand not just why PQC migration matters but how to start, this is your playbook.

[00:45] Step 1: Busting the “Quick Switch” Myth –  A Year Later
When NIST released its PQC standards last year, a lot of organizations exhaled, assuming the hard part was over. “Great,” they thought, “we’ll just swap in the new algorithms and move on.” But as Dustin Moody warned then, and has proven true over the past 12 months, this migration isn’t that simple. It’s not just a patch or an update; it’s a deep, sometimes painful overhaul of systems, processes, and mindsets. One year on, companies are discovering that waiting doesn’t make the work easier, it makes it messier. Key Question: One year in, are you still treating PQC migration as “future work,” or are you finally planning for the hard parts?

[03:31] Step 2: This Migration Isn’t Optional – And Year One Proved It
When Dr. Garfield Jones said, “This migration shouldn’t be optional,” it sounded like a wake‑up call. A year later, it’s not just a warning, it’s policy. Government memos, executive orders, and procurement rules have already started pushing companies to act, with federal agencies asking for cryptographic inventories and refusing to work with vendors who can’t demonstrate progress. The message is blunt: if your systems aren’t on the migration path, you could be locked out of contracts or entire markets. Year one proved the pressure is real, and year two will only raise the stakes. Key Question: Are you keeping pace with mandates, or will you watch opportunities dry up as compliance deadlines kick in?

[09:14] Step 3: Start With a Real Inventory – And Keep It Current
A year ago, Bas Westerbaan of Cloudflare told us that the first step in PQC migration was a thorough cryptographic inventory. That advice hasn’t changed but the past year has shown just how hard that job is in reality. Most organizations don’t have a full picture of where cryptography lives across their systems, what protocols are in use, or even which data is most sensitive. Without that map, every other decision becomes reactive, and every fix becomes a scramble. One year later, companies that didn’t start this work are already struggling to answer the simplest question: “Where do we even begin?” Key Question: Is your cryptographic inventory still a “to‑do,” or have you turned it into a living, updated map of risk?

[15:39] Step 4: Crypto Agility – From Concept to Year‑One Reality
A year ago, John Ray warned that if we hard‑coded PQC algorithms the way we did with RSA and ECC, we’d just be setting ourselves up for another trap. That warning has aged well. In the past year, crypto agility has shifted from an abstract “future‑proofing” buzzword into an urgent architectural reality. Companies are already seeing that systems without flexibility turn every new standard or algorithm change into an expensive nightmare. The smartest teams are designing infrastructure so the back‑end decides what algorithm to use, instead of forcing every application to be rebuilt. Key Question: Are you building systems that can adapt, or are you locking yourself into brittle ones you’ll regret later?

[18:17] Step 5: The Hardware Gap – Still a Ticking Clock
Mamta Gupta flagged it last year, and it’s even sharper now: hardware lives on a different timeline. Devices being shipped today are designed to last 10–15 years but the cryptography inside them might not even last five. Standards are evolving, threats are evolving faster, and anything rigid will be obsolete long before it’s retired. In year one, we’ve already seen how this mismatch turns into a headache for companies that didn’t build in an upgrade path. The clock is still ticking, and the gap isn’t closing on its own. Key Question: Are you designing hardware for the future, or are you shipping next year’s legacy problems?

[21:49] Step 6: Compliance – A Moving Target, Still Moving
One year on, compliance hasn’t “settled down” the way some expected. Frameworks like FIPS 140‑3 and certification rules are still evolving, and Cassie Crossley warns that algorithms considered safe today might not pass tomorrow’s tests. For companies that locked in too early, that means costly rework; for companies that waited, it means they still can’t sit still. This is why crypto agility isn’t just a “nice idea,”  it’s survival. PQC isn’t a single migration; it’s an ongoing process of adaptation. Key Question: One year after standards dropped, are you ready for the next round of compliance changes?

Want exclusive insights on post-quantum security? Stay ahead of the curve - subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, and YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn:

Ferhat Yaman is a security researcher at AMD's product security office, where his work spans post-quantum cryptography, AI privacy, and side-channel resilience. With a background in both theoretical cryptography and practical hardware design, Ferhat has contributed to projects including the Crystals-Kyber and Dilithium PQC implementations, Caliptra Root of Trust, and electromagnetic model extraction from Google’s Edge TPU. His research explores how secure systems can be built from the silicon up, balancing performance, cost, and long-term quantum readiness. Ferhat’s recent work looks at accelerating homomorphic encryption for AI workloads and improving pre-silicon testing using commercial and open-source tools.

With the shift to post-quantum hardware security accelerating, Yaman’s message is clear: protecting systems requires more than new math; it demands early testing, layered defenses, and security built into the silicon itself.

Strong algorithms don’t guarantee strong protection if the hardware leaks secrets. Ferhat explains how side-channel attacks can extract private keys by analyzing power consumption or electromagnetic emissions, especially in hardware implementations of post-quantum cryptography like Kyber and Dilithium. Even minor hardware optimizations meant to improve speed can unintentionally introduce new leakages. Key Question: Have you tested your PQC hardware for side-channel leakage, or just verified the math?

Attackers are blending techniques, merging cryptanalytic insights with side-channel data to break even well-implemented systems. Ferhat emphasizes that defending against these multi-layered threats requires layered countermeasures across hardware and software. The combination of multiple attack vectors makes traditional assumptions about isolated vulnerabilities dangerously outdated. Key Question: Are you planning for real-world attack combinations or idealized test conditions?

You don’t have to replace everything overnight. Ferhat describes how AMD’s Caliptra project integrates classical and post-quantum cryptography side-by-side, giving developers flexibility while building resilience. Hybrid cryptography is a practical way to support both legacy and quantum-safe systems, especially in constrained environments. It’s a crucial stepping stone for organizations that can’t afford a full cryptographic overhaul in one cycle. Key Question: Can your architecture support both today’s standards and tomorrow’s requirements?

AI workloads running on edge hardware can leak critical information. Ferhat’s research shows how electromagnetic side-channel attacks can reveal the structure of neural networks down to the number of layers and nodes, without touching the model file. For companies that treat models as IP, this presents a new category of risk. This form of model extraction reduces training time for attackers by shortcutting hyperparameter tuning. Key Question: Could your AI accelerators be quietly leaking trade secrets?

Mitigation strategies like masking, shuffling, and randomness injection aren’t optional; they’re essential. Ferhat walks through how these hardware-level techniques help minimize leakage, but warns that each comes with design and performance tradeoffs. Choosing the right countermeasure depends on your timing, area, and risk budget; there’s no one-size-fits-all solution. Key Question: Have you budgeted for countermeasures, or are you counting on hope?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

What You’ll Learn:

Professor Bill Buchanan, OBE, FRSE, is a cybersecurity professor at Edinburgh Napier University and one of the most recognized voices in applied cryptography and digital trust. With over 30 books, 400+ research papers, and multiple spin-out companies to his name, Buchanan has dedicated his career to bridging the gap between theoretical cryptography and real-world implementation. His work spans homomorphic encryption, digital identity, secure system design, and blockchain-based trust frameworks. As a passionate advocate for privacy, fairness, and resilience in digital systems, Buchanan has contributed extensively to shaping both academic research and public policy in cybersecurity. He regularly advises governments and organizations on the future of secure infrastructure in a post-quantum world and is a driving force behind efforts to improve cryptographic literacy and engineering practices. Known for his clear thinking, technical depth, and human-first approach to security, Buchanan remains a trusted voice in the global conversation on quantum readiness and digital transformation.

With the shift to post-quantum cryptography accelerating, Buchanan’s message is clear: crypto agility and system design, not just new algorithms, will define the next era of trust.

The cryptography may be bulletproof, but your people aren’t. Bill Buchanan emphasizes that most large-scale breaches don’t happen because of broken algorithms; they happen because of human error, poor design, or social engineering. Whether it’s a $1.4 billion hack or a misconfigured certificate, humans remain the biggest vulnerability. A truly quantum-secure strategy starts with investing in security-conscious design, reducing friction in authentication, and eliminating avoidable weak points. Key Question: Are your systems secure by design, or are they just relying on perfect human behavior?

Crypto agility isn’t theoretical; it’s working today. Buchanan highlights TLS as a mature, proven model that allows for graceful cryptographic upgrades through suite negotiation. Rather than waiting for a full system overhaul, organizations can build agility now by supporting multiple cryptographic algorithms and migrating incrementally. Agility lets you test, evolve, and deprecate without downtime or disruption. Key Question: Have you adopted TLS-style agility to allow for future upgrades without breaking your systems?

Worried about latency or massive key sizes? Don’t be. Buchanan debunks the myth that post-quantum cryptography is too resource-intensive. NIST-approved algorithms like ML-KEM and ML-DSA perform on par with elliptic curve cryptography and better than RSA in many cases. Even the increased key sizes are well within modern bandwidth and storage capabilities. With PQC performance now optimized, the only thing slowing you down is outdated assumptions. Key Question: Are your security decisions based on current facts, or outdated fears?

PQC doesn’t have to be all or nothing. Hybrid schemes, where classical and post-quantum algorithms are used together, offer a safe and flexible transition path. Buchanan explains how hybrid key exchanges and dual-signed certificates allow you to maintain interoperability while testing and rolling out quantum-safe components. Just like TLS evolved over time, your infrastructure can too. Key Question: Have you identified where hybrid cryptography could enable early wins without full replacement?

Post-quantum security isn’t just about new math, it’s about building smarter systems. Buchanan challenges organizations to think bigger: from fully homomorphic encryption to secure enclaves and multi-party computation, the goal isn’t just secrecy, but trust and resilience. Encryption at rest and in transit is not enough. Security in processing is the next frontier. Key Question: Is your roadmap just about compliance, or are you designing for privacy, performance, and future-proof trust?

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Cassie explains why crypto agility isn’t just about algorithm swaps, it’s a long-haul architectural rethink. She unpacks how Schneider built a five-year roadmap with CTO support, how they tackled challenges like legacy devices, hardware constraints, and root-of-trust dependencies, and why threat modeling needs to evolve for future-ready product design.

From hardware bill of materials (HBOM) to the rising importance of crypto BoMs, Cassie outlines the real work behind securing infrastructure that can't just be patched or replaced. Whether you’re building new systems or protecting the old ones, this episode will change how you think about quantum readiness in the physical world.

What You'll Learn:

Cassie Crossley is Vice President of Supply Chain Security in the Global Cybersecurity & Product Security Office at Schneider Electric. An experienced cybersecurity executive with a background spanning IT, product development, and data privacy, Cassie brings deep technical and strategic leadership to the challenges of securing operational technology (OT) and global supply chains. She has led major initiatives in software and hardware supply chain security and secure development across complex industrial environments. Cassie is also the author of Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware, and a frequent speaker on advancing cybersecurity resilience in critical infrastructure.

While the industry has made strides in software bill of materials (SBOMs), hardware remains largely uncharted territory. Cassie shares how Schneider faces increasing demands, especially from governments, to provide hardware bill of materials (HBOMs), including country-of-origin data. But there’s no common standard, no clear sharing mechanism, and limited awareness in cyber teams unfamiliar with hardware manufacturing. Without visibility, hardware becomes a hidden risk.

Key Question: Do you know what’s in your hardware stack and where it came from?

Schneider’s crypto agility journey began with the goal of replacing a third-party crypto library, but quickly revealed broader architectural challenges. With thousands of legacy OT devices and products built across decades, encryption choices were deeply embedded. Agility meant revisiting old code, navigating hardware limits, and sometimes rethinking entire product lifecycles. This wasn’t a library swap, it was a multi-year evolution.

Key Question: Are your encryption decisions future-proof, or just convenient?

Not all encryption solutions are created equal. Cassie explains how Schneider evaluated both open source and commercial crypto libraries, often preferring the latter for better long-term support and accountability. In environments where safety, compliance, and product longevity matter, vendor-backed solutions offered the reliability that open ecosystems couldn’t always guarantee. The cost-benefit equation goes beyond code.

Key Question: What encryption models are you trusting and who’s supporting them?

Crypto agility didn’t come from a marketing push, it had top-level backing from Schneider’s Chief Product Security Officer and CTOs across business units. What made it work was realistic goal setting, not rushed deadlines, or some artificial urgency. Instead, a five-year roadmap gave teams time to audit, evaluate, and align without disrupting product lifecycles. The lesson here is that buy-in starts with credible execution plans.

Key Question: Does leadership understand the operational costs of crypto change?

Quantum computing was already on Schneider’s radar years ago, not because it was urgent, but because it was inevitable. Cassie emphasizes that crypto agility isn't just about today’s algorithms; it’s about building the capacity to adapt when tomorrow's threats arrive. That mindset, designing for change, not permanence, helped Schneider bake quantum readiness into long-term product strategies.

Key Question: If quantum hits in 2030, will your products be ready or still running 2010 firmware?

Many OT environments, including power grids and water treatment plants, run devices that aren’t connected to the internet and may not be patched for years. In some cases, integrators are gone, documentation is lost, and product changes risk disrupting safety systems. Cassie outlines how encryption updates in these systems often take a back seat to uptime, safety, and regulatory stability. Security strategy must be built around that reality.

Key Question: If your OT systems won’t be patched, how will they stay secure?

Standards like FIPS 140-3 and NERC CIP are important, but Cassie stresses that in OT, compliance is often a negotiation. Utilities may request future-ready encryption but continue running older product models through approved waivers and compensating controls. Instead of “rip and replace,” Schneider works to align compliance with risk, product timelines, and customer context. It’s about balance, not just checklists.

Key Question: Are you applying standards, or just checking boxes?

Encryption doesn’t live in isolation; it interacts with chips, memory constraints, and lifecycle decisions. Cassie explains how Schneider’s teams evaluate chip specs, trust vendor roadmaps, and plan for future requalification, all during product design. For long-lived OT devices, you don’t get a second chance to build in crypto resilience. You either plan ahead or pay later.

Key Question: Are your hardware teams thinking about encryption as deeply as your software teams are?

Cassie outlines how legacy (brownfield) and new (greenfield) systems require two distinct strategies. Brownfield systems demand risk-based prioritization and defensive depth. Greenfield systems offer the chance to integrate future-ready encryption, secure boot, and crypto agility from the start. Treating them the same is a recipe for friction and failure.

Key Question: Is your PQC plan flexible enough for both legacy and next-gen systems?

Before any strategy can succeed, organizations must know what systems they have, what encryption they're using, and who owns what. Cassie warns that most companies, especially those outside regulated industries, lack that basic visibility. Without inventory, PQC becomes guesswork. But with it, you can prioritize upgrades, assess compliance gaps, and engage vendors with confidence.

Key Question: Have you mapped your cryptography, and who owns it?

Want exclusive insights on post-quantum security? Stay ahead of the curve—subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, and YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Jeremy explains why the NCSC focused on organisational readiness and available technology rather than waiting for a cryptographically relevant quantum computer (CRQC). He unpacks how government and industry can work together without formal policy mandates, the importance of sector-wide movement, and what it takes to make your supply chain quantum-safe. 

Dr. Jeremy Bradley is Principal Technical Director for Cryptography and High Threat Technologies at the UK’s National Cyber Security Centre (NCSC). He leads the team behind the newly released Timelines for Migration to Post-Quantum Cryptography guidance. At NCSC, Jeremy oversees cryptographic assurance for the UK’s sensitive systems, advises across government and regulated sectors, and drives strategy for secure implementations. His work spans technical standards, inter-agency cooperation, and future-focused guidance to help the UK become quantum-safe.

The NCSC isn’t a policymaker, it doesn’t mandate, legislate, or enforce. Instead, its strength lies in providing deeply technical, context-aware guidance to government departments, regulators, and sectors that run the UK’s critical infrastructure. Jeremy explains how this advisory role enables the NCSC to influence national cyber posture through trust, collaboration, and technical credibility. By staying connected to sector-specific realities like what’s feasible in telecoms vs. energy, they help shape decisions that matter without issuing formal rules.

The UK’s new PQC guidance wasn’t dropped in a vacuum, it’s the result of years of groundwork. Jeremy highlights how the foundational pieces have finally aligned: algorithm standards are in place, certified implementations are available, and protocols are maturing. Meanwhile, government departments and regulators are actively asking for support as they prepare sector-specific plans. It’s not about waiting for a quantum computer to arrive, it’s about moving because we finally can.

Instead of reacting to an unknown future event, the arrival of a CRQC, the NCSC frames PQC migration like any other major tech transformation. Jeremy explains how organisations should approach it with a project management mindset: define end states, audit systems, plan upgrades, and refine over time. This engineering-first, risk-managed approach feels familiar to CISOs and CTOs and helps cut through the noise of hypothetical quantum fears. It’s not about guessing when; it’s about preparing how.

If the NCSC can’t enforce action, how does it drive real adoption? Through deep partnerships across government and industry. Jeremy describes how they work sector-by-sector, finance, telecoms, energy, etc., through advisory frameworks, guidance, and technical toolkits that regulators and agencies can lean on. They also influence key tools like the UK’s Cyber Assessment Framework, ensuring PQC is embedded in broader risk conversations. This has resulted in movement, even without mandates.

Boards may not lose sleep over quantum decryption, but they should over legacy systems. Jeremy shifts the narrative from quantum as an abstract threat to legacy as a very real, growing one. The risk isn't that a CRQC appears overnight, but that your infrastructure becomes unsupported, rigid, and expensive to maintain. Treating PQC migration as a chance to modernise legacy environments makes it easier to justify  and more urgent to act on.

To scale migration across the UK, Jeremy reveals that the NCSC is launching a scheme to vet and recognise consultancies with true PQC expertise. It’s about ensuring organisations can find partners who understand cryptography, can assess systems, and offer repeatable, strategic guidance, not just sell buzzwords. The programme starts with a pilot cohort and aims to grow a national pool of trusted advisors. For both large enterprises and small firms, this initiative creates a clear path to credible help.

Talking about quantum doesn’t always land with leadership. Jeremy suggests a better angle: frame the conversation around business risk, legacy management, and operational complexity. Rather than “a quantum computer is coming,” try “your systems may be stuck with outdated security tech that vendors stop supporting.” When risk is tied to budget, compliance, and resilience, not just cryptographic theory, the board listens. And that unlocks funding, alignment, and momentum.

Jeremy lays out a practical near-term action plan: start with system discovery. Identify your most critical systems, map your data flows, and get clear on who manages your cryptographic tools: you or your vendors. These early steps shape your strategy and timelines. For most, PQC migration will rely heavily on understanding systems, not mastering algorithms. The more visibility you gain now, the fewer roadblocks you’ll face later.

Even if you don’t directly control your cryptography, you still influence it. Jeremy points out that most sectors rely on a shared set of suppliers, so when industries move together, vendors listen. By using early discovery work to ask tough questions, “What’s your PQC roadmap?” organisations can pressure vendors to evolve faster. The goal isn’t just awareness; it’s collective influence that lifts the entire ecosystem.

The UK isn’t just following global standards, it’s helping shape them. Jeremy highlights the NCSC’s role in bodies like IETF and ETSI, and how they’ve contributed clarity through work like hybrid cryptography definitions. These technical contributions matter because they reduce ambiguity and align industry efforts across borders. It’s a quiet but powerful form of leadership that is currently building the foundations for smoother global collaboration in the post-quantum world.

Want exclusive insights on post-quantum security? Stay ahead of the curve—subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, and YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Mamta Gupta is the Senior Director of Strategic Business Development for Security, Telecommunications, and Data Centers at Lattice Semiconductor. With a master’s degree in quantum physics, specializing in superfluidity, superconductivity, and critical phenomena, she brings a rare blend of theoretical insight and real-world engineering to the cybersecurity space. She has led key PQC strategy efforts at Lattice, helping develop quantum-resistant FPGA-based architectures and secure supply chain practices. A leading advocate for confronting the “Harvest Now, Decrypt Later” threat, Mamta is known for her pragmatic, cross-functional approach to building crypto-agile infrastructure.

The quantum threat is already operational, not hypothetical. Adversaries are actively collecting encrypted data today with the goal of decrypting it once quantum computers reach maturity. This tactic, known as "Harvest Now, Decrypt Later," means data with a long shelf life, such as health records, financial data, and national infrastructure, is already at risk. Waiting for quantum computing to become mainstream before acting is a critical miscalculation. Organizations must treat post-quantum cryptography as a present-day risk mitigation priority, not a future optimization. Key Question: Are you taking immediate steps to protect long-lived data from eventual quantum decryption?

[10:43] Step 2: Design for Crypto Agility Across Hardware and Software
The pace of cryptographic change is rapid; regulatory mandates, algorithm approvals, and threat intelligence evolve constantly. At the same time, the life cycle of deployed hardware can stretch over a decade. This disconnect demands systems that are flexible by design. Crypto agility ensures that organizations can upgrade algorithms, rotate keys, and adapt trust models without re-architecting infrastructure or replacing physical components. Without agility, today’s protections could become tomorrow’s liabilities. Key Question: Is your infrastructure architected to support cryptographic evolution across its full lifecycle?

[14:38] Step 3: Run a Three-Part PQC Readiness Assessment
Before launching a migration, organizations need full visibility into their current cryptographic environment. This begins with a cryptographic inventory, reviewing all firmware, certificates, keys, and the algorithms used to protect them. Next, evaluate your trust anchors, components like secure boot mechanisms, TPMs, or silicon-based keys to identify weak points or dependencies on outdated cryptographic methods like RSA or ECC. Finally, conduct a vendor readiness check across your digital supply chain. Determine whether suppliers of silicon, firmware, or software are equipped to support PQC or if they introduce downstream risk. This structured assessment turns uncertainty into a prioritized roadmap for upgrading your infrastructure with confidence. Key Question: Have you completed a full assessment of your cryptographic assets, trust anchors, and vendor readiness?

[17:21] Step 4: Build a Crypto-Agile Root of Trust Using FPGAs
The root of trust is the foundational layer of system security, and its resilience is essential in a post-quantum world. Field Programmable Gate Arrays (FPGAs) offer a key advantage over ASICs: reprogrammability. With FPGAs, cryptographic algorithms can be updated after deployment, providing the agility needed to respond to evolving standards and threats. They also enable secure firmware validation, hybrid cryptography, and alignment with upcoming compliance deadlines without requiring hardware swaps. Deploying FPGAs as the root of trust creates a flexible security architecture that supports long-term cryptographic adaptability. Key Question: Does your hardware architecture support post-deployment cryptographic updates without physical replacement?

[25:33] Step 5: Architect Hybrid Cryptography with Strategic Intent
Transitioning to post-quantum cryptography doesn’t mean abandoning classical algorithms immediately. Hybrid cryptography, running both classical and quantum-safe algorithms in parallel, offers a way to maintain current protections while building future resilience. However, this approach adds complexity in key management, execution order, and performance optimization. Systems must be designed to support multiple key types and enforce clearly defined policies on trust precedence and key retirement. A well-architected hybrid model ensures security and agility without introducing operational friction. Key Question: Have you developed a hybrid cryptography strategy that balances performance, policy, and long-term resilience?

[31:13] Step 6: Launch a Cross-Functional PQC Pilot
A pilot is the fastest way to move from theory to execution. By testing PQC readiness in a contained environment, organizations can surface critical constraints, such as firmware signing limitations, key size restrictions, or vendor gaps. Pilots also help unify teams across engineering, compliance, and leadership, creating a shared understanding of what the PQC transition entails. Running a pilot allows for experimentation, measurement, and iteration before committing to large-scale deployment. It’s a low-risk, high-leverage way to build momentum and organizational buy-in. Key Question: What would it take to launch a practical PQC pilot inside your organization in the next 90 days?

[36:56] Step 7: Build a 12-Month Action Plan Aligned to Regulatory Timelines
PQC migration is not a weekend upgrade; it’s a multi-year journey that requires strategic pacing. CNSA 2.0 mandates post-quantum protections in all new systems by 2030, and enforcement has already started impacting procurement. ENISA, the EU cybersecurity agency, has also issued guidance with specific requirements for hybrid cryptography. Organizations must build an actionable 12-month plan that includes cryptographic audits, vendor engagement, proof-of-concept evaluations, and measurable internal milestones. Aligning to regulatory timelines now ensures you don’t lose compliance or customers later. Key Question: How are you structuring your next 12 months to show measurable PQC progress aligned with global regulations?

Want exclusive insights on post-quantum security? Stay ahead of the curve—subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, and YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Learn how HSMs are enabling cryptographic agility, supporting new NIST and CNSA 2.0 algorithms, and offering in-field firmware and FPGA updates, without requiring a full rip-and-replace. The panel dives into compliance frameworks, performance trade-offs, hybrid environments, and supply chain integrity, offering a rare behind-the-scenes view into how top HSM vendors are solving quantum migration at scale.

Greg Wetmore is VP, Software Development at Entrust. He leads Entrust's cryptographic engineering, focusing on post-quantum crypto implementation and HSM innovation.

David Close is Chief Solutions Architect at Futurex. He is an expert in hardware crypto infrastructure, compliance (FIPS, CNSA), and real-world PQC implementation.

John Ray is Director of HSM Product Management at Thales. He oversees quantum readiness and crypto-agility strategy for Thales HSM product lines.

Kevin McKeogh is Senior Director, Product Management at Ultimaco. He leads crypto innovation at Utimaco with a focus on hybrid deployments, SDK flexibility, and international standards alignment.

[00:52] Step 1: Accept That Crypto Agility Is Now Essential
The next 20 years of cryptography will be far more dynamic than the past 30. Entrust explains how layering cryptography across FPGA, firmware, and trusted code environments allows you to adopt new algorithms fast, without compromising security or waiting on long certification cycles.
Key Question: Is your organization building cryptographic agility into your hardware lifecycle?

[04:42] Step 2: Plan for Firmware, Not Rip-and-Replace
Post-quantum HSM adoption doesn’t mean starting from scratch. Vendors like Utimaco and Futurex reveal how firmware and SDK updates can retrofit existing infrastructure.
Key Question: Can your current HSM be upgraded for PQC, or are you locked into legacy limitations?

[08:40] Step 3: Align with CNSA 2.0 and FIPS Standards
PQC readiness is no longer optional. With new standards like CNSA 2.0 and FIPS 203–205, organizations must ensure their HSMs meet certification requirements and cryptographic benchmarks.
Key Question: Are your cryptographic modules validated for CNSA 2.0 and emerging FIPS requirements?

[13:52] Step 4: Test Hybrid Environments Early
TLS is already using PQC—many organizations just don’t realize it. Futurex reveals real-world deployments combining classical and quantum-safe algorithms in production environments.
Key Question: Are you piloting hybrid PQC deployments in real use cases like TLS or email security?

[20:25] Step 5: Upgrade Your API Ecosystem
PQC implementation isn’t just about HSMs—it’s about the ecosystem. CNG, PKCS#11, and OpenSSL must all support new algorithms. Vendors describe how they’re updating drivers and working with partners to enable seamless transitions.
Key Question: Have you validated that your entire crypto stack - APIs, libraries, and middleware - supports PQC?

[28:48] Step 6: Build Interoperability into Your PQC Strategy
 HSM vendors emphasize cross-vendor cooperation and standards adherence. Migration success depends on interoperability and standards—not just product capabilities.
Key Question: Is your PQC deployment plan designed to interoperate across tools, vendors, and geographies?

Want exclusive insights on post-quantum security? Stay ahead of the curve—subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, and YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Dr. Garfield Jones is the Associate Chief of Strategic Technology at CISA, part of the U.S. Department of Homeland Security. He is a leading figure in quantum security strategy and played a key role in shaping the APA framework (Awareness, Preparedness, Action). With expertise in AI, machine learning, and infrastructure protection, he is helping U.S. agencies and partners prepare for a cryptographic future shaped by quantum computing.

Quantum migration starts with the APA model: Awareness, Preparedness, and Action. Awareness means identifying your cryptographic footprint across software, hardware, vendors, and internal systems. Preparedness requires budgeting for upgrades, creating internal migration roadmaps, and prioritizing systems based on risk. Action brings these plans to life with procurement updates, patching schedules, contract renegotiations, and system deployments. Migration is not a future problem, it is an urgent operational priority. Organizations that delay will face steeper costs, rushed transitions, and possible security gaps. Key Question: Has your organization operationalized the APA framework into an actionable migration plan?

Quantum migration needs a clear owner, not a committee. Assign a PQC champion empowered to lead across security, IT, procurement, and leadership. Their first mission is a cryptographic inventory. Catalog every place encryption, digital signatures, and cryptographic key management are used, including internal systems, APIs, certificates, and vendor platforms. Inventorying is not optional. Without a full map, risk prioritization, budgeting, and timeline development are impossible. Key Question: Have you appointed a PQC champion and started building a verified cryptographic inventory?

Post-quantum migration will not happen overnight. Many environments must support both classical and quantum-safe algorithms during a multi-year transition. Prioritize forward-facing, high-risk systems first, such as customer portals, external interfaces, and remote authentication systems. Assess which assets require full replacement versus those that can use middleware, protocol proxies, or hybrid solutions. Planning for coexistence ensures operational continuity while securing the most critical assets first. Key Question: Has your team mapped systems into categories for full replacement or phased hybrid upgrades?

Every new system you buy should already be on the path to post-quantum compliance. Update RFP templates, procurement policies, and vendor contracts to include requirements for PQC readiness, adoption of NIST-approved algorithms, and cryptographic agility. Ensure vendors demonstrate their quantum migration roadmap during evaluations. Procurement is not just a finance issue, it is your frontline for securing future resilience. Key Question: Have you updated procurement processes to require quantum-resilient solutions and vendor roadmaps?

Automation can rapidly identify cryptographic assets, but it is not enough on its own. Combine automated cryptographic discovery with manual verification. Experts catch context-specific errors, validate system relevance, and prioritize risks effectively. A blended approach ensures your inventory is accurate, comprehensive, and ready to drive informed migration planning.

Key Question: Are you combining automated discovery with expert manual validation in your cryptographic inventory?

Compliance deadlines such as OMB 23-02 are more than bureaucratic hurdles. They are action triggers that can align leadership support, unlock budgets, and drive internal momentum. Treat compliance mandates as organizational deadlines for inventorying, planning, and upgrading systems. Organizations that start now will avoid costly last-minute scrambles.

Key Question: Are you treating compliance frameworks as strategic accelerators for quantum migration?

Quantum threats target encryption and authentication systems equally. Digital signatures, certificates, identity management platforms, and transactional validation must all be post-quantum ready. Organizations should assess their PKI infrastructure now and plan parallel upgrade tracks for data protection and system trust. Key Question: Are authentication systems fully included in your post-quantum migration roadmap?

AI and machine learning can improve cryptographic discovery, pattern detection, and asset categorization. However, AI tools should augment, not replace, expert decision-making. Experts are essential for validating asset contexts, prioritizing risks, and building migration schedules. Maintain human oversight for all strategic migration decisions. Key Question: Is your AI deployment structured to enhance, not replace, expert-driven migration work?

Different countries may adopt different post-quantum standards. Your systems must be flexible enough to negotiate between varying algorithms and maintain secure interoperability across borders. Build that flexibility into your communications protocols and infrastructure planning today. Key Question: Are your systems architected for algorithm negotiation and cross-border post-quantum compatibility?

Quantum readiness does not stop at your organizational boundaries. Vendors, contractors, and suppliers must also align with post-quantum standards. Engage partners early to assess their migration plans, share best practices, and synchronize timelines where possible. A secure organization surrounded by vulnerable suppliers remains exposed. Key Question: Are your suppliers and partners actively aligning to post-quantum standards with you?

Want exclusive insights on post-quantum security? Stay ahead of the curve—subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, and YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Hart Montgomery is the Technical Director at LF Decentralized Trust, specializing in post-quantum cryptography and secure blockchain architectures. With a PhD in lattice cryptography and a background as a blockchain researcher at Fujitsu, he brings deep expertise in both theoretical and applied security. Hart is involved with critical initiatives such as the Post-Quantum Cryptography Alliance and the Open Quantum Safe Project, helping secure the global open-source ecosystem through crypto agility and supply chain transparency. His unique blend of academic rigor and practical experience makes him a leading voice in post-quantum cryptography and secure software development.

Quantum security isn’t a project; it’s a phased transformation. Here’s a step-by-step roadmap to guide your organization through the post-quantum transition, from quick wins to long-term strategy.

The first step in quantum readiness is knowing what cryptographic assets you rely on and where they might be vulnerable. Hart highlights that over 90% of closed-source software contains open-source dependencies, many using outdated or insecure cryptographic algorithms like MD5 or single DES. To fix this, organizations must start by creating a Cryptographic Bill of Materials (CBOM) and Software Bill of Materials (SBOM) to expose hidden risks in the stack. From there, implement centralized cryptographic microservices to eliminate inconsistency and bring cryptographic controls under policy enforcement. Key Question: Can you confidently say where every cryptographic risk lives in your stack?

[08:39] Step 2: Target Low-Cost, High-Impact Migrations First
All cryptographic transitions are complex, but some are technically easier to implement with minimal performance impact. Start there. Hart points to TLS handshakes, ephemeral key exchanges, and messaging as ideal first steps, areas where larger PQ signatures and keys add little overhead. Organizations like Signal, Apple, and AWS have already migrated these areas, proving it's possible to build momentum while limiting operational risk. Start with what’s easy, then scale the lessons to more critical or complex systems. Key Question: What’s your TLS handshake worth in the quantum era?

[14:48] Step 3: Use the “Open Source Hamburger” to Rethink Software Supply Chain Risk
Modern software is built like a hamburger. You start with an open-source framework (the bottom bun), write a small layer of custom code (the meat), and stack on more open-source libraries (the top bun). According to Hart, that custom code might make up just 20% of your full application; the rest is open source that you didn’t write and might not fully understand. This model demands rigorous supply chain hygiene. Without a clear SBOM and CBOM, organizations risk inheriting vulnerabilities from long-abandoned GitHub repos or outdated crypto defaults buried in libraries. Treat every third-party dependency like a potential attack vector and standardize cryptographic practices across them. Key Question: Are you treating your software stack like your own or trusting a hamburger of unvetted, third-party code?

Quantum attacks aren’t here yet, but the threat is real today. Encrypted data can be harvested now and decrypted later once quantum computers become viable. For any data that must remain secure for 5–10+ years—think health records, financial transactions, or national security—this is a clear and present risk. Hart emphasizes that while we can’t predict exactly when quantum computers will break RSA or ECC, we can estimate how long data needs to remain secure. That risk equation alone should drive immediate planning, especially when factoring in hardware timelines for things like secure elements and smart devices. Key Question: Will your encrypted data still be safe in 2035?

Quantum migration isn’t a one-time change; it’s an ongoing capability. Crypto agility means designing systems that can switch algorithms, protocols, or key sizes as threats evolve or standards change. Hart advocates a “black box” model: developers shouldn’t choose cryptographic algorithms themselves. Instead, they should call secure APIs governed by central teams. This kind of agility already exists in tech-forward companies like Google and AWS, where cryptographic updates happen at the service level, not deep in app logic. Adopting this model now prevents lock-in and future-proofs your infrastructure. Key Question: Are your systems flexible enough to rotate cryptography with minimal code rewrites and business disruption?

IoT devices, embedded systems, smart meters—these components can't be updated overnight. They’re often deployed for a decade or more and may rely on cryptographic hardware that’s not post-quantum ready. For many organizations, this is the longest lead time in the entire migration process. As Hart warns, there’s often no choice but to replace or phase out outdated systems, and that requires years of planning, budgeting, and supply chain coordination. Secure hardware lifecycles must become part of your PQC strategy now, not later. Key Question: Have you identified cryptographic hardware in your infrastructure that must be upgraded and started planning its replacement?

Want exclusive insights on post-quantum security? Stay ahead of the curve—subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, and YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Dustin Moody is a mathematician leading the post-quantum cryptography standardization project at the National Institute of Standards and Technology (NIST). Since 2016, he has led one of the most consequential cryptographic initiatives of our time, selecting and standardizing algorithms that will secure digital systems against quantum threats. As the principal architect of NIST’s post-quantum cryptography standards, Moody has played a pivotal role in establishing the 2035 migration timeline and crafting crucial guidance for organizations transitioning to quantum-safe cryptography. His work bridges the gap between theoretical cryptography and practical implementation, helping organizations understand and prepare for the post-quantum era through crypto agility, risk assessment, and strategic planning. Moody’s expertise, combined with his collaborative approach, makes him a leading authority on securing digital infrastructure against emerging quantum threats.

The year 2035 might sound far away, but if you're a large organization, your migration timeline starts now. As Dustin Moody warns, this isn’t going to be a quick plug-and-play switch. The good news? NIST has laid out a clear roadmap. Here’s how to get started step by step.

[03:55] Step 1: Appoint a PQC Taskforce and Map Your Migration -
2035 marks the end of your post-quantum transition, not the beginning. Large organizations may need a decade or more to migrate fully, meaning the planning must start immediately. Moody recommends building a dedicated internal team to lead the charge, assigning ownership, and developing a migration roadmap tailored to your systems and dependencies. The first foundational task is a cryptographic inventory, a deep dive into all the ways cryptography is used in your infrastructure. This includes both internally developed systems and supply chain components. Engaging with vendors, suppliers, and customers early ensures alignment and reduces friction later in the transition. Key Question: Have you built a dedicated team and started your roadmap, including a cryptographic inventory?

[13:22] Step 2: Design for Agility from Day One -
Crypto agility isn’t a future nice-to-have; it’s a current necessity. Organizations need the ability to adapt cryptographic algorithms over time, responding to new threats and evolving standards without disrupting live systems. NIST’s formal definition of crypto agility includes the flexibility to update cryptographic components across software, hardware, protocols, and infrastructure—seamlessly. Implementing agility now ensures you’re not locked into today’s choices and gives you options to respond quickly if vulnerabilities are discovered down the road. Key Question: Are your systems built to evolve or will they need to be rebuilt the next time the landscape shifts?

[18:24] Step 3: Protect Long-Lived Data from Quantum Exposure -
Quantum threats aren’t theoretical; they’re already impacting data security. According to Dustin, adversaries are actively collecting encrypted data today with the intent of decrypting it later, once quantum computing reaches maturity. This makes post-quantum readiness especially urgent for industries that manage data with long shelf lives—such as healthcare, finance, critical infrastructure, and national security systems. Even if your data is secure now, if it’s still sensitive a decade from now, it’s already vulnerable. While symmetric encryption like AES offers partial protection, the public-key encryption methods used to exchange keys are often the weakest link. Organizations must begin assessing where these vulnerabilities exist and how to mitigate them. Key Question: Are you still treating quantum threats as a future problem or are you protecting your data from being decrypted tomorrow?

[25:00] Step 4: Build Momentum with a 12-Month Action Plan -
You don’t need to solve everything in a year, but you do need to start. The next 12 months should be focused on building momentum: resourcing your PQC strategy, launching your inventory, and plugging into real-world guidance from initiatives like NIST’s National Cybersecurity Center of Excellence. Use this time to learn from early adopters, experiment safely, and begin aligning teams around risk, infrastructure, and timelines. The transition may span a decade, but your first steps start today. Key Question: What progress will your organization be able to show by this time next year?

Want exclusive insights on post-quantum security? Stay ahead of the curve—subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, and YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Rolfe Schmidt is a Research Engineer at Signal Messenger, where he spearheads the organization's post-quantum cryptography initiatives. As the cryptography engineering lead, he has been instrumental in implementing Signal's groundbreaking post-quantum secure messaging protocols, including the successful deployment of ML-KEM (formerly Kyber) for harvest-now-decrypt-later protection in 2023. Schmidt's expertise spans cryptographic protocol design, zero-knowledge proofs, and secure messaging systems, making him a key figure in Signal's transition to quantum-safe security. His work has directly impacted billions of users across platforms that implement the Signal protocol, including WhatsApp and Google Messages.

Here’s your step-by-step guide to how Signal made post-quantum readiness real—no massive team or budget required.

[03:25] Integrating PQC into Regular Development Workflows –
Rolfe explains how Signal treats post-quantum cryptography (PQC) migration as an ongoing part of their product development lifecycle rather than a standalone initiative. By embedding PQC into regular workflows, they avoid treating quantum security as a distant or isolated challenge. Instead of waiting for a "perfect time" to act, Signal continuously assesses threats, evaluates trade-offs, and prioritizes based on resource availability and user risk. This pragmatic approach allows their small team to make incremental, meaningful progress toward quantum resilience while keeping up with day-to-day product demands. Key Question: Are we integrating PQC into our current workflows or waiting for a separate initiative to start?

[04:55] Prioritizing Harvest Now, Decrypt Later Protection –
 In early 2023, Signal prioritized protection against Harvest Now, Decrypt Later (HNDL) attacks—where adversaries capture encrypted data now with the intent to decrypt it when quantum computers become available. Rolfe highlights how they made this decision before PQ standards were finalized, confident that MLKEM (formerly Kyber) had reached sufficient maturity. By developing a hybrid encryption protocol, they added quantum resistance while maintaining their existing security guarantees. The lesson? Organizations can act today, even before the standards landscape is fully settled, by choosing well-supported, low-risk hybrid approaches. Key Question: Are we waiting for perfect standards, or are we mitigating immediate HNDL risks now?

Signal breaks down PQC migration into modular, manageable steps rather than attempting an all-at-once overhaul. Rolfe shares how they evaluate each system and service individually, applying post-quantum upgrades where it makes the most sense—such as updating hardware enclaves or secure channels—without waiting for a full platform redesign. This modular approach allows for gradual implementation, reduces operational risk, and helps teams build PQC familiarity over time. Key Question: Are we breaking PQC migration into smaller, actionable pieces or stuck planning a single massive shift?

Signal approaches authentication migration by categorizing it into three distinct areas: general signatures, user identity proofs, and metadata protection. Rolfe shares how they have clear plans to add quantum-safe digital signatures as hybrid solutions and integrate these changes into their standard product updates. Their method shows that organizations can prepare for authentication migration incrementally, building familiarity with PQ signature libraries now to ensure a smooth transition later. Key Question: Do we have a phased plan for migrating authentication and digital signatures, or are we postponing decisions until the threat is imminent?

Rolfe emphasizes the importance of starting with a comprehensive cryptographic inventory—identifying where public key cryptography is used, why it’s used, and the consequences of quantum compromise. This analysis naturally prioritizes migration tasks and highlights areas where existing PQ solutions can be applied immediately. For challenges without clear answers, engaging the research community can uncover new pathways. Rolfe’s advice: Don’t wait for a mandate—take inventory, prioritize, and start small. Key Question: Have we completed a cryptographic inventory and risk assessment, or are we still mapping our exposure?

Want exclusive insights on post-quantum security? Stay ahead of the curve—subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, and YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Bas Westerbaan is a Research Engineer at Cloudflare, specializing in post-quantum cryptography and its practical implementation at scale. With a PhD in theoretical quantum computing from Radboud University and experience across academia and industry, including roles at UCL and PQShield, Westerbaan brings a unique perspective to the intersection of mathematical theory and real-world cryptographic engineering. He has been instrumental in Cloudflare's post-quantum initiatives since 2017, leading efforts in implementing quantum-safe encryption and helping shape the company's phased approach to post-quantum migration

Want exclusive insights on post-quantum security? Stay ahead of the curve - subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, and YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.

Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so