• How Merkle Tree certificates solve the 14-kilobyte TLS handshake problem

• Why crypto agility and automation are non-negotiable survival skills

• How to build a complete cryptographic bill of materials

• The critical gap in non-browser TLS tooling

• How CAs are preparing with new hierarchies and technical overhauls

YouTube Chapters:

• [00:00] Intro

• [00:25] The Size Problem with Post-Quantum Certificates

• [02:23] A Clear Vision for the Future of TLS

• [03:23] 2027 Root Program, 2028 Production Certificates

• [04:55] The Cryptographic Bill of Materials

• [06:22] Proof of Concept Already Underway

• [07:37] Automation Is Non-Negotiable

• [09:35] Non-Browser Tools and IoT

• [11:27] The CA/Browser Forum’s Role

Episode Resources:

• Arvid Vermote on LinkedIn

• GlobalSign Website

• View and Integrate Website

Key Takeaways:

• [00:25] The Size Problem with Post-Quantum Certificates
  
  

• [03:23] 2027 Root Program, 2028 Production Certificates
  
  

• [07:37] Automation Is Non-Negotiable

Quotes:

• “Rather than building the chain to the root, it will check whether it's embedded into a Merkle Tree that is signed by the CA itself. And doing it that way, it strongly reduces not only the size of the CA part and the certificate part on the TLS handshake, but it also improves the performance.”
  
  
• “It will be in the sense that it will allow people to use quantum resistance certificates in a production ready state because nobody really knows how it was going to work because of the TLS change size that I just explained that would be too big.”
  
  
• “Google is looking to operate its real MTC based route program, which would be a different route program compared to traditional TLS certificates by 2027. By 2028, we will already be seeing these certificates in production and actually customers being able to configure those types of certificates being searched from that web service.”
  
  
• “What we will likely see now is that if the standards will evolve, the TLS baseline requirements will be adopted to make sure that this new type of certificate and all the requirements around it will be captured within so that CAs can be audited against it.”

• How to transition email security from perimeter defense to identity-centric strategy

• Why certificate lifetime compression demands immediate automation

• How post-quantum cryptography readiness begins today

• The critical relationship between code signing and supply chain security

• Why AI introduces both trust and uncertainty in security operations
  
  

YouTube Chapters:

• [00:00] Intro

• [00:39] Email as a Zero-Trust Channel

• [02:48] Automating Thousands of Certificates

• [04:02] Getting Started with ACME

• [04:41] Shrinking Certificate Lifetimes

• [06:31] Preparing Infrastructure for Post-Quantum

• [07:14] Code Signing in the Supply Chain Era

• [08:21] Michelle’s Closing Thoughts
  
  

Episode Resources:

• Matthew Dorrington on LinkedIn

• John Murray on LinkedIn

• Red Sift Website

• Thinkst Canary Website

• AppViewX Website

• ACME Website

• Pangolin Website

• SignPath Website

• Michelle Davidson on LinkedIn

• GlobalSign Website

Key Takeaways:

• [00:39] Email as a Zero-Trust Channel

• [02:48] Automating Thousands of Certificates
  
  

• [07:14] Code Signing in the Supply Chain Era
  
  

Quotes:

• “Email security's transitioning from this filtering black box set at the edge of the network to something that's quite fundamental to their identity and zero trust plus strategy.”
  
  
• “Certificates validity is growing shorter year over year, with public CA vendors forced to issue 200-day certificates in 2026, going down to 100 days in 2027, and 47 days in the following year.”
  
  
• “You want to reimagine the way that you are doing certificate management across your landscape. The number of machine identities using certificates and keys are growing exponentially. With new compliance mandated, you cannot truly grow this manually, The only way to innovate and scale to these newer standards is to basically automate.”
  
  
• “The biggest challenge to everything right now seems to be AI. It's helping a lot, but it's also worrying people a lot. One of the challenges is to get deterministic security over all the heuristics that AI basically makes us face.”
  
  
• “Code signing is no longer an isolated thing that everybody is considering in isolation. It's part of a larger supply chain problem and solution.”
  
  

• Why CISOs must speak multiple ‘languages’ across an organization

• How to eliminate complexity without sacrificing accuracy

• The inventory-first approach to post-quantum readiness

• How AI can act as a powerful communication partner

• Why relevance drives engagement and security compliance
  
  

• [00:00] Intro

• [00:59] The Communication Challenge in Cybersecurity

• [03:18] Resource Constraints vs. Resourcefulness in Security Teams

• [06:11] How AI Can Help Improve Cybersecurity Communication

• [09:14] Preparing for the Quantum Computing Security Era

• [11:21] Why Cybersecurity Always Starts with Inventory

• [12:23] The Right Way to Educate Employees About Cybersecurity

• [14:34] The One Tech Jeffrey Can’t Live Without
  
  

• Jeffrey Brown on LinkedIn

• Microsoft Website

• The Security Leader’s Communication Playbook

• Leading the Digital Workforce Book

• Michelle Davidson on LinkedIn

• GlobalSign Website

• Why the 50% attrition rate is a business problem

• How to diagnose blind spots in your female talent lifecycle

• The critical role the manager's life experience plays in employee support

• Why the return-to-work period is a make-or-break moment

• How to shift from reactive support to proactive planning

YouTube Chapters:

• [00:00] Intro

• [00:54] The 50% Drop-Off by Age 35

• [02:09] The Hidden Career Lag

• [03:34] Culture vs. Policy

• [05:36] The £3 Billion Productivity Gap

• [08:14] Post-Maternity: The Hardest Time to Advocate for Yourself

• [11:00] The Importance of Re-Onboarding

• [13:01] The Tech Sophie Can’t Live Without

Episode Resources:

• Sophie Creese on LinkedIn

• HeyFlow Website

• MotherBoard Website

• Michelle Davidson on LinkedIn

• GlobalSign Website

Key Takeaways:

• [00:42] The 50% Drop-Off by Age 35
  
  

• [08:21] Post-Maternity: The Hardest Time to Advocate for Yourself
  
  

• [11:12] The Importance of Re-Onboarding
  
  

Quotes:

• “Businesses need to look at everything from an entire talent life cycle perspective and really understand where these bottlenecks are. If they're wanting to improve the attraction, then there needs to be fundamentals improved within the business.”
  
  
• “One of my bugbears, I really feel that this responsibility is on the organization, not just on the individuals. So although for moms, I would say go for it. If you've got an opportunity and you feel you're ready to be able to dive back in, dive back in. And don't worry about what other people think.”
  
  
• “It is the most difficult thing to advocate for yourself post maternity and to state what you need when you don't know yourself at that point what you need. So as an employer, it's your responsibility to be able to offer options.”
  
  
• “I set up MotherBoard as an answer to a problem that wasn't being discussed, which is why are so many women leaving the tech industry by age 35? Statistically, it's around fifty percent, and that's a global problem.”
  
  

• How post-quantum cryptography affects TLS in two very different ways
  
  
• What ‘harvest now, decrypt later’ means and why it creates immediate risk

• The critical role of TLS 1.3 in enabling post-quantum readiness
  
  
• Why certificate agility is becoming essential as certificate lifetime shrinks and cryptographic change accelerates

• What challenges post-quantum certificates introduce
  
  
• 
  

YouTube Chapters:

• [00:00] Intro

• [00:51] Why Quantum Readiness Starts with TLS 1.3
  
  
• [06:53] What Organizations Can Do Right Now

• [09:38] Shorter Certificate Lifetimes and Crypto Agility

• [11:07] The Role of NIST and the CA/Browser Forum

• [13:28] Hybrid Certificates as a Bridge Strategy

Episode Resources:

• Arvid Vermote on LinkedIn
  
  
• GlobalSign Website

• View and Integrate Website
  
  

Key Takeaways:

• [00:51] Why Quantum Readiness Starts with TLS 1.3
  
  

• [06:53] What Organizations Can Do Right Now
  
  

• [09:38] Shorter Certificate Lifetimes and Crypto Agility
  
  

Quotes:

• “I think the certificate agility should have been done a few years ago. I just hope that this combination of recent incidents, the certificate reduction, and the looming threat of the post quantum encryption or the post quantum computers will be enough for CISOs and CIOs to go to the board and finally get that funding to invest into crypto agility.”
  
  
• “First of all, we need to untangle first or first related to post-quantum cryptography and quantum computing. Everyone seems to toss or coin that term to everything that relates to cryptography. But actually, there are two separate areas of it. And depending on that, the timing is more pressing, and the risks are bigger for enterprises.”
  
  
• “Before the certificate authorities like GlobalSign can actually issue certificates that are post quantum resistant, there's a lot of work that needs to be done.”
  
  

• Why March 2026 is your critical inflection point
• How Harvest now, decrypt later attacks create urgency around post-quantum cryptography
• The competitive imperative of AI adoption in 2026
• Third-party risk and availability resilience emerge as the overlooked pillar of security
• The practical cost-benefit framework for security investment

• [00:00] Intro
• [01:09] The Countdown is On
• [03:17] Why Agility in Certificate Management Starts Now
• [07:53] Digital Identity in Focus
• [12:25] Predictions for 2026
• [17:04] The Cost of Complacency
• [19:49] The Trust Equation
• [21:52] Favorite Gadgets of 2025
• [22:50] 2026 Expert Forecasts
• [31:14] Closing Thoughts

• Michelle Davidson on LinkedIn
• Steve Hall on LinkedIn
• Jane Frankland’s Website
• Alexander Byrne on LinkedIn
• Olivier Ruff on LinkedIn
• GlobalSign Website

• How to distinguish between security and compliance requirements while ensuring both are effectively addressed
  
  
• Why using industry standards like NIST CSF provides a practical starting point for building compliance frameworks
  
  
• The strategic approach to evaluating your organization's compliance needs based on business growth and market expansion
  
  
• How to avoid the common pitfall of over-documenting policies and instead create clear, actionable compliance guidelines
  
  
• Why compliance programs must be tailored to your specific organization rather than relying on generic templates
• The emerging role of compliance in quantum computing readiness and AI regulation
  
  
  

YouTube Chapters:

• [00:00] Intro
  
  
• [01:17] Why Many Still See Compliance as a Cost Center

• [03:57] The Distinction Between Compliance and Cybersecurity Maturity
  
  
• [06:20] First Steps for Compliance Newbies
  
  
• [09:04] Quantum and AI
  
  
• [11:20] Strategic Compliance Starts with a Vision
  
  
• [13:58] Do More Policies Mean Better Compliance?
  
  
• [15:34] Favorite Tech Tool
  
  

Episode Resources:

• Alexander Byrne on LinkedIn
  
  
• Thrive Website

Key Takeaways:

• [03:57] The Distinction Between Compliance and Cybersecurity Maturity
  
  

• [06:20] First Steps for Compliance Newbies
  
  

• [11:20] Strategic Compliance Starts with a Vision
  
  

Quotes:

• “I think that compliance really can be a business accelerator, especially in our current landscape where we're in a much more technological and digital world.”
  
  
• “Compliance and security are not the same thing. You can be compliant without being secure, you could be secure without being compliant with something.”
  
  
• “For compliance programs to be successful, they need to work for, but also with the business.”
  
  
• “If you're sitting at the beginning of your compliance journey, either as somebody practicing or at your company, I think the best course of action is to go for an industry standard.”

• How to balance security perfectionism with practical implementation
• Why compliance shouldn't be confused with security, and how to move beyond checkbox exercises to meaningful risk management
• The importance of brutal prioritization in security leadership
• How to effectively automate security operations while maintaining human oversight and trust
• Why building human relationships and trust networks is crucial for modern security programs
• The emerging challenges of AI governance and quantum encryption, and how to prepare for future security landscapes
  
  

YouTube Chapters:

• [00:00] Intro
• [00:43] The Culture of “Never Enough Security”
• [01:42] Do Breaches Stem from Lack of Strategy?
• [03:44] Perfect vs. Good
• [08:01] Burnout and Cybersecurity Career Path
• [10:01] From Firefighting to Proactive Security
• [11:44] Automation and AI: Hype vs. Reality
• [12:58] Building Digital Trust
• [15:38] The Power of “So What?”
• [17:56] The 47-Day TLS Shift
• [28:21] Top Concerns: AI and Quantum
• [33:20] The Nudge Theory in Cybersecurity Training
• [35:36] The Myth of Eliminating Risk
• [37:25] Tech Giles Can’t Live Without
  
  

Episode Resources:

• Giles Thornton on LinkedIn
• The Premier League Website

Key Takeaways:

• [01:42] Do Breaches Stem from Lack of Strategy?
  
  

• [10:01] From Firefighting to Proactive Security
  
  

• [33:20] The Nudge Theory in Cybersecurity Training
  
  

Quotes:

• “Security's quite often a game of not being the slowest person in the race. Just start running and doing some security puts you ahead of the vast majority of others.”
  
  
• “Compliance has its own function and purpose, but thinking that you have effectively applied risk management because you've complied with the tick list is not the same thing.”
  
  
• “You need to review the risk and take reasonable action. Making people maintain a 100% rate for compliance purposes is a way for burnout.”
  
  
• “The human relationship aspect of security is quite often overlooked. There's a real requirement in security to be perceived as confident, competent and to put that persona out to the business.”