Shielded: The Last Line of Cyber Defense

Most conversations about post-quantum cryptography start with algorithms. Sarah McCarthy starts with people. As Quantum Readiness Program Lead at Citi, Sarah works in the realm of payments, compliance, and cryptographic change inside one of the world's most regulated and interconnected financial institutions. In this episode of Shielded: The Last Line of Cyber Defense, she brings that perspective to bear on what large-scale PQC migration actually looks like in practice.Sarah's background spans research, vendor-side work, and enterprise security, giving her a view across the full cryptographic supply chain. That experience shapes how she thinks about readiness. At Citi, the quantum readiness program began in 2022, predating much of the current regulatory urgency. What started with foundational questions about data sensitivity and retention has expanded into a formal vendor survey, internal education efforts, and a growing set of no-regret technical actions already underway.One of the clearest themes from the conversation is the gap between how organizations think about PQC migration and what it actually demands. The instinct is to frame it as an algorithm upgrade. In practice, it requires identifying which systems hold sensitive data, understanding how long that data needs to stay protected, coordinating across teams that may not yet see cryptography as their problem, and building internal champions who can translate technical risk into organizational action.Sarah also addresses the vendor landscape directly. Citi's quantum readiness survey of suppliers is surfacing meaningful patterns about where the ecosystem stands and which vendors are genuinely prepared to engage with these questions. Unsurprisingly, the most capable responses are coming from key management providers and hardware security module vendors. Others are still catching up, not just technically but organizationally.The episode also tackles the regulatory picture across payments. Standards bodies and working groups are moving, but interoperability across jurisdictions remains a live challenge. For organizations waiting on regulatory direction before acting, Sarah's message is clear: some steps make sense right now regardless of what regulators decide. Upgrading AES key sizes for data at rest, moving to TLS 1.3, and identifying crown-jewel data are all defensible moves that will not be undone by future guidance.Sarah closes with what she expects from the next twelve months at Citi and with the framing that best captures her overall approach: quantum migration is an operational challenge before it is a technical one. The organizations that prepare well will find the actual algorithm switch far more manageable than they feared.What you’ll learn:How Citi's quantum readiness program has evolved since launching in 2022 What a vendor quantum readiness survey reveals about supply chain preparedness Why PQC migration is fundamentally a coordination problem, not just a technology upgrade What no-regret first steps any organization can take today, regardless of size or resources How to identify and prioritize crown-jewel data before full migration begins Why internal champions matter more than a large dedicated team What regulators and standards bodies in the payments space are signalling for 2026 How to frame quantum readiness as an operational challenge to get organizational buy-in What Citi is focused on achieving over the next twelve months How the 80/20 rule applies to post-quantum migration: preparation is the hard partSarah McCarthy is the Quantum Readiness Program Lead at Citi, where she brings together a world of payments, compliance, and post-quantum cryptography. Her background spans academic research, vendor-side security work, and large-scale enterprise risk, giving her a rare cross-sectional view of the cryptographic supply chain. At Citi, she leads efforts to assess and reduce quantum risk across a globally interconnected payments environment, including the design and rollout of a quantum readiness vendor survey program. Her work focuses on translating complex cryptographic risk into practical organizational action across highly regulated, multi-jurisdictional systems.Your roadmap to Quantum Resilience[04:08] Step 1: The Groundwork Is the Migration Sarah draws a direct line between show jumping and PQC. In show jumping, dressage, which is all the flat work done before any fence is in sight, is what makes the jump possible. Cutting corners does not save time. It causes failure at the moment that matters and the same logic applies here. Most of the effort in post-quantum migration is not switching algorithms. It is everything that has to happen first: understanding what you are protecting, mapping dependencies, building internal relationships, and creating the conditions for change to land cleanly. Key Question: Is your organisation building toward the jump, or assuming the jump will sort itself out?[08:12] Step 2: Your Vendor Survey Is a Map of Your Migration Risk Citi launched a formal quantum readiness survey for their supplier network, built around the NIST 8547 report and the algorithms slated for deprecation. It asks vendors what post-quantum algorithms they plan to support, what their timelines look like, and whether they have lab capacity for performance and interoperability testing. So far it has gone mainly to vendors already active in the quantum community. And even there, a pattern is clear. The most capable responses come from key management providers and hardware security module vendors. Others cannot yet identify who inside their organisation should be answering. That gap tells you exactly where your migration dependencies are most exposed and which vendor relationships need attention before they become blockers. Key Question: If you surveyed your critical vendors today, do you know which ones could answer and which ones could not?[15:30] Step 3: The First Step Has Nothing to Do With Post-Quantum Algorithms When Sarah describes what Citi's quantum readiness program focused on first, the answer is deliberately unglamorous. Start with data at rest. Make sure AES key sizes are large enough. Then go to the teams responsible for databases, find out what upgrading actually requires, and make sure no data falls through the gaps. In an organisation the size of Citi, that means finding databases that have been running without anyone looking after them. None of this is post-quantum cryptography. But it is foundational, it will not be undone by future guidance, and it forces you to understand the two attack vectors that quantum actually creates: harvest now decrypt later, which targets long-life confidential data, and trust now forge later, which targets the integrity of long-term contracts and records. You cannot prioritise what you have not found. Key Question: Do you know where your long-life sensitive data lives, and whether what is protecting it today is actually sufficient?[22:15] Step 4: You Do Not Need a Big Team. You Need the Right Coalition. Sarah's quantum readiness team at Citi is, by her own description, a negligible number of people. What makes the program work is not headcount but the coalition built around it. The team recruits champions from legal, compliance, risk, and emerging technology, each with their own stake in the outcome and their own routes into parts of the organisation the core team cannot reach alone. Compliance teams respond to the threat of future penalties. Risk teams have frameworks that absorb quantum threat modelling. Quantum opportunity work opens doors that a security briefing would not. A Hudson Institute study put the potential economic impact of a quantum attack on financial institutions at three to four trillion dollars. That number moves budget conversations. The message is the same for organisations without a formal centre of excellence: find the people who already have a reason to care, and give them what they need to carry it forward. Key Question: Who across your organisation has a stake in this that they do not yet know about?[29:50] Step 5: Use Cases First. Inventory Later. There is a persistent assumption that full cryptographic asset discovery has to come before anything else can happen. Sarah challenges it directly. The Quantum Safe Financial Forum report Sarah contributed to builds a prioritisation matrix scored on migration cost, solution availability, number of dependencies, and geographic exposure. The point-of-sale terminal example makes the case concretely. Offline POS transactions use asymmetric cryptography and might look like an obvious target until you examine the use case and find that most of those transactions are negligible in value and can be handled by moving online and upgrading symmetric key sizes instead. Use-case analysis stops you from putting migration effort in the wrong places. Key Question: Have you identified your highest-risk use cases, or are you waiting for a complete inventory before doing anything?[42:56] Step 6: Migration Is a Coordination Problem, Not a Technology Problem Sarah's closing reframe is the most important one in the episode. The instinct is to treat post-quantum migration as an algorithm upgrade. Hand it to the security team. Wait for a technical answer. But what it actually requires is getting legal, risk, compliance, procurement, software developers, and budget holders onto the same page and keeping them there. No team can do this in isolation. And the reason it has to be everyone's priority is not complicated. Financial institutions run on trust – from customers, vendors, and peers. Strong cryptography is what makes that trust possible. Once that framing lands, quantum readiness stops being a security problem and becomes an organisational one. The algorithm switch is the jump. Coordination is the dressage that makes it possible. Key Question: Is your organisation treating this as a coordination challenge, or is it still waiting for one team to solve it?Episode ResourcesSarah McCarthy on LinkedIn Citi Website Johannes Lintzen on LinkedIn PQShield Website Want exclusive insights on quantum migration? Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts. ✔ Get insider knowledge from leading cybersecurity experts. ✔ Learn practical steps to future-proof your organization. ✔ Stay updated on regulatory changes and industry trends.Need help subscribing? Click here for step-by-step instructions.Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Cybersecurity threats have evolved significantly from the early days of individual hackers experimenting independently. In their conversation at Mobile World Conference 2026, Geri Revay explains how cybercrime has matured into a structured and profitable ecosystem that resembles a business supply chain. Instead of one attacker performing every step of an intrusion, the work is now divided across specialized groups. Some actors focus on gaining initial access to corporate networks and then sell that access to others. Other groups build ransomware tools, while separate teams manage ransom negotiations or distribute stolen data.This division of labor dramatically lowers the barrier to entry for cybercriminals. Attackers no longer need deep technical expertise to carry out an operation. Many tools and services can now be purchased directly from underground marketplaces. As a result, cybercrime has become more opportunistic, more scalable, and more accessible than it was even a few years ago.However, defenders also have access to AI driven capabilities. Security teams already collect enormous amounts of telemetry through logs, network monitoring, and endpoint detection tools. AI systems can analyze this data to detect anomalies, identify emerging threats, and automate parts of the defensive workflow. Over time, this access to large datasets may give defenders a strategic advantage.The conversation also explores how cybersecurity challenges differ between traditional IT environments and operational technology environments. Industrial systems often prioritize operational availability and safety above all else. Many devices run for decades and cannot easily be patched or modified. This creates a different security model where monitoring, segmentation, and deception technologies play a more important role than frequent system updates.Haon’s work focuses on automated AI red teaming. Instead of relying only on human testers, AI driven attacker agents can simulate thousands of potential attacks against an AI model or service. This allows organizations to identify vulnerabilities earlier and test whether guardrails and policies are functioning correctly.One of the most significant emerging risks involves physical AI systems. Autonomous vehicles, drones, and robotics rely on multimodal inputs such as images, audio, and sensor data to interpret their environment. If attackers manipulate these inputs, they may influence how the system behaves. As AI systems move from digital environments into the physical world, the consequences of security failures could extend beyond data breaches and into real world harm.Across both conversations, a consistent theme emerges. The cybersecurity landscape is expanding in both scale and complexity. Attackers are accelerating their operations through automation and specialization, while defenders must also learn how to secure the new technologies they are building. Organizations that fail to address AI related risks early may discover vulnerabilities that traditional security frameworks were never designed to handle.What You’ll Learn:How cybercrime evolved from individual hackers to a structured ecosystemWhy ransomware services and access brokers lowered the barrier to entry for attackersHow artificial intelligence accelerates cyber attacks and defensive analysisWhy defenders may gain long term advantages through data and telemetryHow operational technology environments create unique security challengesWhy enterprise AI systems introduce a new category of attack surfaceHow automated AI red teaming identifies vulnerabilities faster than manual testingWhy physical AI systems may create the next major cybersecurity riskYour Roadmap to Understanding the Next Phase of Cybersecurity[07:12] Step 1: Cybercrime Has Become a Supply ChainCybercrime has evolved from isolated attackers into a structured ecosystem. Initial access brokers focus on gaining entry into networks and selling that access. Ransomware developers create tools and services. Other groups handle negotiations and payment collection. Individuals no longer need to build tools or conduct complex research themselves. They can purchase the components they need and focus only on one stage of the attack chain. As a result, cybercrime has become more scalable and more opportunistic.Key Question: If cybercrime now operates like a supply chain, are organizations preparing for attacks that can be launched faster and at greater scale?[08:03] Step 2: AI Is Accelerating the Speed of AttacksArtificial intelligence allows attackers to automate tasks that previously required time and expertise. The result is not necessarily more sophisticated attacks, but faster ones. AI enables threat actors to iterate quickly and scale their operations. This speed advantage allows attackers to experiment and adapt before defenders have time to respond.Key Question: If attackers can move faster with AI, how quickly can your security teams detect and respond?[10:34] Step 3: Data Gives Defenders a Long Term AdvantageWhile AI gives attackers speed, defenders may hold the long term advantage because of data. Security operations centers collect vast volumes of telemetry from networks, endpoints, and infrastructure. This data provides the foundation for AI driven detection and analysis. When AI systems analyze behavioral patterns across these datasets, they can identify anomalies and emerging threats earlier than manual processes. Over time, this combination of large scale telemetry and AI driven analysis may strengthen defensive capabilities.Key Question: Are organizations using the data they collect to strengthen detection, or simply storing it without extracting insight?[15:31] Step 4: Operational Technology Requires a Different Security ApproachIndustrial and operational technology environments operate under different priorities than traditional IT systems. Many devices run for decades and cannot be patched frequently. Because of this, security teams must rely on monitoring, segmentation, and deception techniques rather than constant updates. Security practices that work in IT environments often require significant adaptation in OT systems.Key Question: Are security strategies designed specifically for operational technology environments, or are IT security practices being applied without adjustment?[39:55] Step 5: AI Systems Introduce a New Category of RiskAs enterprises deploy AI systems across their operations, these systems introduce new attack surfaces. AI models may have access to internal company data, business processes, and automated workflows. If attackers manipulate inputs or exploit vulnerabilities, they may influence how these systems behave. AI systems can affect business decisions, automate internal processes, and interact with users. Without proper guardrails and testing, vulnerabilities in these systems may lead to operational or reputational damage.Key Question: How are organizations validating the security of AI systems before deploying them at scale?[57:09] Step 6: Physical AI May Be the Next Major Security IncidentThe next phase of AI deployment will involve physical systems such as autonomous vehicles, drones, and robotics. These systems rely on multimodal inputs such as visual data, audio signals, and sensor information to interpret their environment. If attackers manipulate these inputs, they may influence how the system behaves. Unlike traditional cybersecurity incidents, failures in physical AI systems could result in real world harm. As AI becomes embedded in physical infrastructure, cybersecurity risks may extend beyond digital environments.Key Question: Are organizations preparing for security risks that affect both digital systems and the physical world?Episode Resources:Geri Revay on LinkedInFortinet WebsiteHaon Park on LinkedInAIM Intelligence WebsiteJohannes Lintzen on LinkedIn PQShield Website Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Post-quantum cryptography migration is not primarily about choosing Kyber or ML-KEM. It is about whether your organization can rotate keys, abstract cryptography away from developers, and adapt under pressure. In this episode, Stefan Kölbl shares an operator-level perspective from inside Google’s PQC rollout, including early hybrid deployments that predated final NIST standards.He explains why encryption in transit was prioritized, why signing remains harder than key exchange, and how Store Now, Decrypt Later risk justified early action.The discussion moves beyond theory into operational friction: cache misses triggered by heap allocation behavior, lifecycle blind spots revealed by inventory tools, and the difficulty of prioritizing thousands of signing keys without ownership context.Stefan’s core message is simple but powerful: PQC is not a one-time upgrade. It is an opportunity to fix key management. Organizations that treat migration as an agility exercise rather than an algorithm swap, will be the ones able to adapt when standards evolve again.What You’ll LearnWhat it really takes to operationalize post-quantum cryptography at hyperscaleWhy PQC is fundamentally a key management and lifecycle problemHow crypto agility reduces friction during algorithm transitionsWhy Store Now, Decrypt Later justified early hybrid deploymentHow Google approached PQC before final NIST standards were publishedWhy encryption in transit is easier to migrate than signingWhere firmware signatures and hardware-bound keys create long-term riskWhy inventory dashboards alone cannot drive prioritizationHow lifecycle context determines what to fix firstWhat performance surprises can emerge during large-scale PQC rolloutAbout Stefan KölblStefan Kölbl is an Information Security Engineer at Google, where he has been deeply involved in the company’s internal post-quantum cryptography rollout. His work spans early hybrid deployments, encryption-in-transit migration, key lifecycle management, and performance validation at hyperscale.Stefan brings an operator-level perspective to quantum-safe migration, focusing on crypto agility, secure-by-default developer frameworks, and scalable key management architecture. His experience includes navigating PQC implementation prior to final NIST standardization and addressing real-world constraints such as signing lifecycles, hardware-bound keys, and system-level performance interactions.Your Roadmap to Post-Quantum Agility[00:02:28] Step 1: Shift the Focus From Algorithms to Key RotationStefan reframes the PQC conversation. Updating code can be abstracted. Libraries and APIs can shield most developers from algorithm changes. The real operational challenge lies in key material. If you cannot rotate keys cleanly, you cannot switch algorithms cleanly.Poor key management surfaces quickly under PQC pressure. Migration becomes difficult not because the math is hard, but because lifecycle ownership was unclear. Crypto agility, in practice, means being able to rotate without disruption.Key Question: If you needed to rotate every key today, how much friction would you encounter?[00:04:41] Step 2: Treat PQC as a Security Hygiene UpgradeStefan emphasizes that PQC should not be framed as a one-off cryptographic event. It is a forcing function. Organizations already thinking about PQC have an opportunity to improve rotation practices, lifecycle tracking, and resilience more broadly. If you use this moment to institutionalize automated, reliable key rotation, you strengthen your posture against future threats beyond quantum.Key Question: Are you treating PQC as a compliance task or a resilience upgrade?[00:07:51] Step 3: Accept Store Now, Decrypt Later as a Real RiskFor Google, “Store Now, Decrypt Later” is not a theoretical concern. The possibility that encrypted traffic captured today could be decrypted in the future helped justify early hybrid deployments, even before final NIST standards were published. Prior Chrome experiments provided the confidence to move forward, while hybrid designs ensured that introducing post-quantum mechanisms would not weaken existing security protections.Key Question: If encrypted traffic were harvested today, how confident are you in its long-term confidentiality?[00:12:49] Step 4: Recognize That Signing Is the Harder ProblemEncryption in transit is comparatively easier to migrate because protocols like TLS 1.3 already support cryptographic agility, allowing new key exchange mechanisms to be introduced without major system redesign. Signing infrastructure, however, is far more rigid. Firmware signatures, hardware roots of trust, and long-lived devices often rely on keys that are embedded in hardware or tied to decade-long lifecycles. In many cases, these keys cannot be rotated easily and the devices cannot be upgraded after deployment, which makes signing systems the long-tail risk in post-quantum migration.Key Question: Which of your signatures are tied to hardware or decade-long lifecycles?[00:18:18] Step 5: Inventory Is the Beginning, Not the EndDashboards provide visibility, but visibility alone does not create prioritization. A list of RSA or ECC signing keys tells you nothing about ownership, business criticality, rotation feasibility, or lifecycle exposure. Without context, inventory becomes paralysis. True progress requires integrating lifecycle intelligence, ownership mapping, and automation.Key Question: Does your crypto inventory tell you what to fix first - or just how much you have?[00:28:09] Step 6: Expect Performance Surprises at ScaleBenchmarking does not always capture how systems behave in real-world environments. In one rollout, a PQC implementation caused unexpected cache misses because of how it allocated heap memory. The algorithm itself was fast, but its memory patterns disrupted system performance. This was not a cryptographic failure; it was a systems interaction issue. At scale, migrations often surface these kinds of edge cases that are difficult to anticipate during initial testing.Key Question: Do you have regression testing capable of catching subtle systemic performance impacts?Episode ResourcesStefan Kölbl on LinkedInProteQC WebsiteJohannes Lintzen on LinkedIn PQShield Website Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.✔ Get insider knowledge from leading cybersecurity experts.✔ Learn practical steps to future-proof your organization.✔ Stay updated on regulatory changes and industry trends.Need help subscribing? Click here for step-by-step instructions.Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Post-quantum cryptography is often framed as a future technical upgrade. Darren Bender challenges that framing and treats it as a legal exposure that already exists. In this episode of Shielded: The Last Line of Cyber Defense, Darren introduces post-quantum negligence and explains how US courts may assess quantum risk using established legal doctrines. The discussion centers on a timing problem. Adversaries can harvest encrypted data today and decrypt it years later once quantum capability arrives. That gap breaks the traditional negligence model, where duty, breach, harm, and causation appear close together. With Harvest Now, Decrypt Later, harm may surface long after the decision to delay action. Darren explains why foreseeability becomes central, shaped by expert forecasts, Mosca’s theorem, and the Learned Hand reasonableness test. When migration cost drops below expected harm, inaction starts to look unreasonable. He outlines why financial services may be at that tipping point now, why healthcare may already be past it, and how delay compounds exposure. The episode also addresses performative quantum readiness. Public claims without real cryptographic work can raise legal risk by creating expectations. Darren closes with practical guidance for 2026, emphasizing documentation, governance, and review that hold up later.What You’ll LearnWhat post-quantum negligence means and why it fills a US regulatory gapWhy Harvest Now, Decrypt Later disrupts traditional negligence timelinesHow foreseeability is established through expert consensus, not speculationHow Mosca’s theorem frames exposure versus migration runwayHow the Learned Hand test determines when inaction becomes unreasonableWhy financial services may face the first post-quantum negligence casesWhat evidence courts may expect when reviewing 2024–2026 decisionsWhy “quantum-ready” marketing without real work creates legal riskHow liability spreads across vendors, cloud providers, and supply chainsWhat leaders can do in 2026 to reduce future legal exposureDarren Bender is a US litigation attorney with a dual background in law and IT automation. He serves as Managing Attorney at Zwicker & Associates and is Co-Founder and Chief Litigation Officer in the post-quantum cryptography sector for a newly formed UK advisory firm, ProtecQC. Before practicing litigation, Darren spent nearly a decade as a business systems analyst at First American, where he designed and automated complex, high-volume, data-sensitive workflows across national production systems. His work today sits at the intersection of law, governance, and cryptographic risk, with a focus on how emerging technical threats translate into real legal exposure.Your Roadmap to Quantum Resilience[01:07] Step 1: Quantum Risk Already Creates Legal DutyDarren’s point is not that new laws suddenly create responsibility. It’s that responsibility shows up once a risk is widely known. In the US, courts do not wait for regulators to spell everything out. They look at whether a reasonable organization should have known about a risk and whether it had the ability to act. With public guidance, global coordination, and expert consensus now in the open, post-quantum risk is no longer obscure. Choosing to wait is still a choice, and courts will ask why that choice made sense at the time.Key Question: If harm surfaces years from now, can you show why inaction was reasonable then?[06:28] Step 2: Harvest Now, Decrypt Later Breaks the Negligence TimelineQuantum risk does not look like a normal breach. There may be no alarm, no visible damage, and no clear moment of failure. Data can be copied quietly today and only become dangerous years later when it is decrypted. Darren explains that this stretches negligence across time. Courts may not focus on when harm finally appeared, but on earlier moments when data was taken and no action followed. Each year of delay becomes part of the story.Key Question: If a court looks back year by year, what would your decisions show?[10:11] Step 3: Foreseeability Is Already QuantifiedDarren stresses that foreseeability does not mean knowing exactly when quantum breaks encryption. It means having credible signals that risk is coming. Courts already rely on expert forecasts and probability in many cases. Public quantum threat timelines and expert surveys fall squarely into that category. They are not fringe opinions. From a legal view, this turns quantum risk from speculation into something measurable. Ignoring that evidence does not create flexibility. It creates exposure.Key Question: Are you treating expert forecasts as real input, or hoping uncertainty protects you?[12:32] Step 4: When the Reasonableness Test Stops Being TheoreticalDarren uses the Learned Hand test to explain when delay stops being defensible. The idea is simple. If the cost of fixing a problem is lower than the damage likely to come from ignoring it, doing nothing no longer looks reasonable. For PQC, that comparison depends on what data you hold, how long it stays valuable, and how hard it is to migrate. Once expected harm outweighs migration cost, waiting stops looking like judgment and starts looking like neglect.Key Question: If someone did the math today, would waiting still make sense?[13:04] Step 5: Why Financial Services Reaches the Line FirstFinancial services sits right at the edge. Data sticks around long enough to be valuable to attackers, but not so long that action today is pointless. Losses are measurable. Regulators pay attention. Most importantly, starting now can still prevent real harm. Darren contrasts this with healthcare, where records last decades and prevention may already be too late. Where harm could still have been avoided, courts are far less forgiving of delay.Key Question: If Q-day arrives on schedule, will delay be your weakest point?[20:08] Step 6: Performative Readiness, Shared Liability, and What Courts Will ExpectDarren warns that claiming quantum readiness without doing the work is worse than staying quiet. Public claims create expectations, and expectations create liability. From there, risk spreads across vendors, cloud providers, and integrators. When something fails, plaintiffs follow the money under joint and several liability. Courts won’t expect perfection. They will expect proof you took the issue seriously. That means inventories, real risk analysis, board awareness, documented decisions, and regular follow-ups. This is legal hygiene, not panic.Key Question: If everything was laid out in court, would your records help you or hurt you?Episode ResourcesDarren Bender on LinkedInProteQC WebsiteJohannes Lintzen on LinkedIn PQShield Website Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.✔ Get insider knowledge from leading cybersecurity experts.✔ Learn practical steps to future-proof your organization.✔ Stay updated on regulatory changes and industry trends.Need help subscribing? Click here for step-by-step instructions.Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Jan Schaumann, Chief Information Security Architect at Akamai and longtime systems practitioner, discusses operational approaches to post-quantum migration. He explains why TLS 1.3 upgrades and embedded devices slow progress. He describes splitting traffic into client-edge, edge-origin, and internal paths. He outlines phased, opt-in rollouts, hybrid key exchange, and the need for repeatable crypto upgrade processes.

Post-quantum cryptography does not arrive as a clean replacement for today’s systems. It forces organizations to rethink how cryptography is designed, deployed, governed, and maintained over time. In this special episode of Shielded, host Jo Lintzen leads a discussion that moves past algorithm selection and into operational reality. The panel connects three pressures most organizations underestimate. Threats evolve quickly. Hardware and deployed systems last for years. Governance around cryptographic assets is often weak or incomplete.Bill Buchanan explains how lattice-based cryptography enables new capabilities such as fully homomorphic encryption, where data remains encrypted even while being processed. This matters in modern environments shaped by cloud platforms, edge computing, and machine learning, where sensitive data is frequently exposed during computation.Mamta Gupta highlights the growing mismatch between long hardware lifecycles and rapidly changing cryptographic requirements. Devices expected to remain in the field for a decade must soon meet post-quantum mandates, even as standards and certification frameworks continue to evolve. Locking in rigid choices today creates future risk.Jeremy B focuses on the skills gap. Post-quantum migration requires experienced practitioners, structured discovery, and repeatable methods. Until those capabilities become widespread, organizations must treat PQC work as specialized and plan accordingly.Adrian Neal delivers a warning about failure modes. New algorithms will not tolerate weak governance or poor implementation. The most dangerous outcome is silent failure, where systems appear secure but provide little real protection.Yolanda Reid reframes the issue for leadership. This is not another Y2K-style event. Cryptography will continue changing for the lifetime of modern systems. Executives must understand the risk to their most valuable assets and support long-term operating models, not short-term fixes.Bruno Couillard closes by challenging decades of assumptions. For thirty years, digital systems were built on the belief that cryptography should never change. That belief no longer holds. Security now depends on knowing what cryptography is used where, maintaining it continuously, and building teams capable of adapting as standards and threats evolve.What You’ll LearnWhy cybersecurity depends entirely on cryptographyHow post-quantum change reshapes security architectureWhy encrypted processing matters in modern data systemsHow slow hardware lifecycles increase urgencyWhy crypto agility is now mandatoryHow weak governance undermines strong algorithmsWhy poor implementation can destroy security silentlyHow discovery exposes real cryptographic riskWhy post-quantum readiness is a leadership issueHow organizations must plan for continuous changeYour Roadmap to Quantum Resilience[00:00] Step 1: Cryptography Is the Real Security BoundaryBruno Couillard opens with something that sounds obvious, but often gets ignored. There is no cybersecurity without cryptography. Everything else sits on top of it. When teams treat cryptography as background plumbing, they stop paying attention to where trust really comes from. Post-quantum work starts with knowing where cryptography shows up in your systems, why it was chosen, and what assumptions it depends on. If you don’t have that picture, every other security decision is built on guesswork.[01:10] Step 2: Data Is Most Vulnerable While Being UsedBill Buchanan points out a problem we’ve quietly accepted for years. We encrypt data when it’s stored and when it moves, but the moment we actually use it, we expose it. In cloud systems, analytics, and machine learning, that exposure happens all the time. Lattice-based cryptography changes what’s possible here. It allows data to stay encrypted even while being processed. That opens the door to systems that are private by design, not just protected at the edges. [03:12] Step 3: Long Hardware Lifecycles Create UrgencyMamta Gupta explains why timing is such a headache. Devices are built to last five, ten, sometimes fifteen years. Meanwhile, threats, regulations, and algorithms change every few months. If you wait too long, you end up with systems that can’t be upgraded in time. If you lock things down too early, you risk betting on choices that won’t age well. The hard part is planning for both at once.[06:47] Step 4: Migration Is an Execution Problem, Not a TheoryJeremy B brings the focus to execution. PQC migration starts with discovery, not replacement. Most organizations do not know where cryptography lives until they actively map certificates, keys, protocols, vendors, and dependencies. Assurance schemes and consultants help add structure and confidence, especially early on, but they do not remove ownership. Someone inside the organization still needs to understand what exists today and what can change safely.[08:52] Step 5: Poor Implementation Destroys Security QuietlyAdrian Neal explains why post-quantum algorithms raise the stakes. Older schemes often failed loudly. New ones do not. Weak governance or poor implementation can result in encryption that appears to work but provides little real protection. Discovery often exposes unknown certificates, unmanaged keys, and policy drift. In a PQC world, those gaps matter more than ever. Algorithm strength means nothing without disciplined implementation.[11:10] Step 6: This Is a Leadership Conversation, Not a ProjectYolanda Reid pulls the conversation out of IT and into the executive room. Post-quantum cryptography is not a one-time upgrade you fund, complete, and move past. Cryptography will keep changing for as long as digital systems exist. That puts core assets at stake, communications, financial systems, identity, and trust. Leaders need to understand that risk and back operating models built for continuous change, not short-term fixes.Episode ResourcesBruno Couillard on LinkedInBill Buchanan on LinkedInMamta Gupta on LinkedInAdrian Neal on LinkedInYolanda Reid on LinkedInJohannes Lintzen on LinkedIn PQShield Website Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.✔ Get insider knowledge from leading cybersecurity experts.✔ Learn practical steps to future-proof your organization.✔ Stay updated on regulatory changes and industry trends.Need help subscribing? Click here for step-by-step instructions.Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

As post-quantum cryptography moves from theory into deployment, organizations need a clearer view of what is real today and what still requires time. In this episode of Shielded: The Last Line of Cyber Defense, Sofia Celi, Senior Cryptography and Security Researcher at Brave, breaks down the two-speed reality shaping PQC adoption. She explains why confidentiality is already protected at scale through TLS 1.3 and hybrid post-quantum key encapsulation, now used across major browsers, CDNs, and cloud providers to defend against harvest-now-decrypt-later threats. This shift is live, scaled, and part of today’s internet. However, authentication like signatures, PKI, eID systems, and privacy-preserving proofs remains early. Lattice-based signatures are large and costly, prompting NIST’s second call for signature schemes with new mathematical foundations and smaller communication sizes. Sofia’s work on MAYO, a compact multivariate signature scheme, offers a promising path for authentication, distributed signing, and environments where signature size matters. She also examines European digital identity plans, noting the gap between policy ambition and cryptographic readiness. Current timelines overlook the immaturity of zero-knowledge systems and the privacy risks hidden in their design. Sofia closes with two practical actions any organization can take now: migrate fully to TLS 1.3 and enable hybrid post-quantum key exchange. These steps strengthen confidentiality today while the ecosystem advances authentication.What You’ll LearnWhy PQC deployment for confidentiality is real and already scaled in productionHow TLS 1.3 and hybrid KEMs mitigate harvest-now-decrypt-later threatsWhy authentication and signatures lag far behind despite rapid standardization workHow MAYO targets small keys, compact signatures, and natural threshold supportWhy multivariate signatures matter for algorithm diversity and future resilienceHow zero-knowledge proofs behave differently in practice and why they require cautionWhy 2027 digital identity timelines overlook both cryptographic maturity and privacy risksWhat makes threshold cryptography attractive for distributed signing and delegated trustWhy the first PQC steps every organization must take are simple, available, and high impactSofia Celi is a Senior Cryptography and Security Researcher at Brave, where she focuses on practical deployment of privacy-preserving and post-quantum cryptography. Her work spans Private Information Retrieval (PIR), zero-knowledge proof integration, TLS attestation, and the real-world application of advanced cryptography beyond blockchain. She is a co-author of MAYO, a multivariate post-quantum signature scheme submitted to NIST’s second signature call, and has led efforts to bring privacy technologies such as PIR into production environments.Sofia serves as WG/RG Chair and Ombudsperson at the IETF, where she co-chairs a working group shaping global post-quantum protocol standards. She is an IACR ePrint co-editor, a reviewer for BlackHat, a member of the Open Technology Fund Advisory Council, and previously worked as a Cryptography and Security Researcher at Cloudflare. Her career sits at the intersection of research, protocol design, and applied security, advancing cryptography from theory into widely deployed systems.Your Roadmap to Quantum Resilience[02:19] Step 1: Separate Confidentiality From Authentication -Sofia starts by drawing a line that many teams still blur: the confidentiality layer is already post-quantum, but authentication is not. At this point in the ecosystem, TLS confidentiality is protected through deployed hybrid post-quantum KEMs across major browsers and cloud providers. The motivation is clear: harvest-now-decrypt-later is possible today, and traffic that leaks in the future cannot be recovered. Authentication is a different story. TLS signatures, PKI, and privacy-preserving protocols still rely on classical schemes because PQ signatures remain large, slow, or difficult to compose. Treating these two domains as if they mature simultaneously creates the wrong expectations and timelines. A realistic roadmap begins with clarity on what needs immediate protection and what will evolve over several years.Key Question: Which systems depend on long-term signature trust, and which only require encrypted traffic today?[04:42] Step 2: Treat Hybrid as a Transition but Recognize It May Stick -Sofia discusses how the industry has already adopted hybrid KEMs, concatenating classical and PQ algorithms as a safety net. In theory, hybrid is temporary. In practice, she notes that once the industry migrates, many systems never fully transition again. We still see SHA-1 and TLS 1.2 in production for this exact reason. Hybrid provides resilience while researchers gain confidence in PQ schemes and watch for early attacks, but it also carries the risk of becoming the default state if teams do not set clear expectations. Proper planning requires acknowledging both realities: hybrid protects confidentiality today, but architecture leaders need a position on whether and when pure PQC becomes the long-term baseline.Key Question: Is hybrid a waypoint in your roadmap, or is it quietly turning into your destination?[08:29] Step 3: Use TLS 1.3 Migration Lessons to Avoid Delays in PQC Adoption -Referencing the TLS 1.3 rollout, Sofia explains how long real migrations take. TLS 1.3 required years of review, formal verification, and protocol hardening before large-scale deployment. Even now, many systems still use TLS 1.2 or older, and the IETF cannot enforce upgrades. This matters because TLS 1.3 is the prerequisite for PQC handshakes. If organizations have not completed their TLS 1.3 migration, PQC adoption stalls before it begins. Sofia highlights that the industry can only move as fast as the slowest dependency, and outdated protocol infrastructure remains a major blocker.Key Question: Do you know exactly where TLS 1.2 still runs in your environment, and is there a plan to eliminate it?[14:36] Step 4: Track NIST’s Second Signature Round and Algorithm Diversity -Sofia explains why NIST opened a second call for PQ signatures: current lattice-based options are not enough. They are large, sometimes costly, and place all trust in a single mathematical family. If lattices were broken, both PQ key exchange and signatures would fall together. NIST now seeks independent mathematical foundations and smaller signatures that fit real-world authentication workflows. This includes bandwidth-limited clients, certificate chains, and protocols where signature size directly affects performance.Key Question: Are you planning for an authentication ecosystem built on diverse algorithms, or is your strategy unintentionally tied to a single class?[17:21] Step 5: Evaluate Multivariate and Threshold-Friendly Signatures Such as MAYO -Sofia introduces MAYO, a multivariate-quadratic signature scheme she co-authored. She details why the industry is watching multivariate candidates closely: they offer small public keys, compact signatures, and natural support for threshold cryptography. Threshold capability is particularly important as authentication workflows spread across distributed systems, cloud infrastructure, and delegated trust relationships. Rather than placing full control of a private key in one location, threshold schemes allow multiple parties to collaborate on a signature without exposing a complete key.Key Question: Which of your authentication paths would benefit from compact signatures and built-in support for shared signing authority?[33:03] Step 6: Act Now on What Is Mature - TLS 1.3 and Hybrid PQCSofia focuses on the two upgrades every organization can deploy immediately without waiting for the authentication ecosystem to mature. First, migrate fully to TLS 1.3, which is already supported across all major libraries. Second, enable hybrid KEMs to protect confidentiality against stored-traffic attacks. Authentication, signatures, and zero-knowledge tools need more time, more validation, and more stable standards. But confidentiality can be defended today with minimal cost and operational friction. Sofia frames this not as future-proofing, but as reducing an active risk window that grows every day organizations delay action.Key Question: Do you have a scheduled project to deploy TLS 1.3 and hybrid PQC across your primary communication paths in the next 12 months?Episode ResourcesSofia Celi on LinkedInBrave WebsiteJohannes Lintzen on LinkedInPQShield Website Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.✔ Get insider knowledge from leading cybersecurity experts.✔ Learn practical steps to future-proof your organization.✔ Stay updated on regulatory changes and industry trends.Need help subscribing? Click here for step-by-step instructions.Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

As quantum computing advances, organizations can no longer view post-quantum cryptography as a future project. In this episode of Shielded: The Last Line of Cyber Defense, Konstantinos Karagiannis, Director of Quantum Computing Services at Protiviti, lays out a practical and attacker-focused perspective on preparing for the quantum era. Konstantinos explains why the industry’s fixation on harvest-now-decrypt-later misses the most serious exposure: harvest-now-forge-later, where quantum capability targets the foundation of digital trust through attacks on code signing, software update channels, and blockchain consensus mechanisms. He introduces the emerging Five-Day Rule, informed by recent research indicating that a cryptographically relevant quantum machine could break RSA-2048 in roughly five days, reshaping assumptions about risk and timelines. The discussion expands to the potential instability of blockchain networks, such as proof-of-stake systems reliant on BLS signatures, and the broader implications for market integrity and digital identity. Konstantinos outlines the steps security leaders must take now: identify crown-jewel assets, conduct a full cryptographic inventory, evaluate exposure windows, and demand clear post-quantum plans from vendors. The lesson here is post-quantum migration is a core cyber resilience program that must begin immediately, supported by real posture measurement and actionable timelines.What You’ll Learn:The difference between harvest-now-decrypt-later and harvest-now-forge-laterWhy code signing and supply-chain trust models are the most critical targetsHow the five-day rule reframes attacker capability planningWhy blockchain & BLS signatures represent high-impact quantum riskWhy cryptographically relevant machines will be operated by nation states and major crime ringsHow PQC migration aligns with existing cyber resilience practicesWhy crown jewel analysis and crypto inventory must start immediatelyHow to evaluate vendors and avoid vague timelinesWhy PQC will become invisible infrastructure within the next few yearsKonstantinos Karagiannis is the Director of Quantum Computing Services at Protiviti, where he leads efforts helping organizations develop real quantum use cases in optimization, machine learning, and simulation, and build realistic paths toward post-quantum cryptography migration. He has been with Protiviti for more than six years, serving previously as Associate Director of Quantum Computing Services. Before Protiviti, Konstantinos spent 13 years at BT, where he served as CTO of the Security Consulting Practice for BT Americas, and earlier as Global Technical Lead for Ethical Hacking, leading red-team operations and advanced cryptographic security testing.He is the host of Protiviti’s “Post Quantum World” podcast, recently featured at DEFCON with his talk Post-Quantum Panic: When will the cracking begin, and can we detect it? His work focuses on building real quantum computing solutions today while preparing enterprises for the accelerating risks of Q-Day.Your Roadmap to Quantum Resilience[05:26] Step 1: Separate HNDL from HNFL -Konstantinos reframes quantum risk by challenging the narrow industry focus on harvest-now-decrypt-later (HNDL). Decrypting old emails years from now is far less damaging than the real threat: harvest-now-forge-later (HNFL), where attackers use quantum capability to forge identities, break code-signing foundations, and compromise the software supply chain. This shifts the threat from exposure of data to the collapse of trust. When an attacker becomes the authoritative sender such as Microsoft, Apple, a firewall vendor, or a banking platform, the attack scales instantly, bypasses controls, and moves invisibly. This is not about curiosity or espionage; it is about control and reach, where one forged update compromises millions of systems in minutes.Key Question: Where does your organization implicitly trust signed updates or machine identities, and who validates the integrity of that trust boundary today?[07:34] Step 2: Apply the Five-Day Rule -Konstantinos introduces what he calls the Five-Day Rule, based on recent research suggesting that a cryptographically relevant quantum computer could break RSA-2048 using roughly 1,399 logical qubits in around five days. This turns timelines from theoretical decades into an operational window that security and architecture teams must model now. Five days changes the logic of risk, pushing leaders to assess which secrets, keys, and operational identities remain valuable within that timeframe. Financial transactions may expire quickly, but the keys protecting critical infrastructure, identity infrastructures, government systems, long-life intellectual property, or blockchain consensus remain valuable long after they are created.Key Question: If a key protecting your most sensitive systems could be broken in five days, what response tempo, controls, and contingency paths would you rely on?[13:28] Step 3: Model Code-Signing Blast Radius -In his offensive-security perspective, Konstatinos explains that attackers will go after code-signing keys and update channels first, because those are the levers that unlock systemic access. Compromising a single vendor’s signing key turns a routine software update into a global breach. Unlike decrypting a single intercepted email, forging an update affects entire fleets of devices at once, laptops, networking gear, operational systems, and cloud workloads. Supply-chain attacks such as SolarWinds and ShadowHammer demonstrated the scale of trust-based compromise without any quantum capability. Quantum only removes the barrier of needing privileged access. The blast radius is not linear; it grows exponentially.Key Question: If a major vendor in your environment silently lost control of its signing key, which systems would accept the update without verification, and how quickly would you detect the first signal of compromise?[16:27] Step 4: Include Blockchain and Market Stability -Konstantinos expands the discussion beyond enterprise IT into blockchain and digital asset ecosystems. Vulnerable Bitcoin wallets using reused or exposed addresses could be drained by reversing private keys. More significantly, proof-of-stake networks such as Ethereum rely on BLS signatures to establish validator identity and consensus. Breaking those signatures enables attackers to hijack consensus, manipulate network governance, or destabilize price confidence. The consequences go far beyond theft. The damage includes global market volatility, reputational collapse, and loss of institutional trust. Even the credible announcement that such capability exists could move markets, without a full attack ever executing.Key Question: Where is your organization exposed, directly or indirectly, to digital assets, transaction flows, or reputational dependence on market stability?[30:53] Step 5: Turn Quantum Risk Into Cyber Resilience -Konstantinos emphasises that preparing for post-quantum migration begins with security fundamentals: catalogue your cryptography, identify crown-jewel systems, evaluate exposure lifespans, and map relationships between systems, third parties, and identity flows. This reframes PQC from a cryptographic experiment into a disciplined cyber resilience program grounded in visibility and sequencing. Teams must understand what they protect, how long those assets remain valuable, and where control layers converge. This requires more than technical transition; it demands ownership, governance, and prioritisation. A successful roadmap depends on clarity of dependencies before cryptography is swapped.Key Question: Can you produce a precise and current map of every key, certificate, algorithm, and dependency protecting your core services, and prioritise change based on exposure rather than convenience?[33:27] Step 6: Demand Specifics from Vendors -Third-party vendors are central to PQC readiness, but vague statements such as “investigating PQC” provide no protection. Konstatinos urges organizations to demand version-level commitments, timelines, supported PQC algorithms, and attestation paths. Roadmaps must include implementation dates, hybrid-mode support windows, and performance characteristics. Accountability now sits across the entire supply chain, and cryptographic dependencies extend far beyond internal engineering. This is a procurement, legal, and architectural negotiation that requires clarity and documentation, not aspiration. Silence is risk; specificity is control.Key Question: Do your vendor agreements require measurable and dated PQC milestones, or do you rely on trust without validated evidence?Episode ResourcesKonstantinos Karagiannis on LinkedInProtiviti WebsiteJohannes Lintzen on LinkedIn PQShield Website Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.✔ Get insider knowledge from leading cybersecurity experts.✔ Learn practical steps to future-proof your organization.✔ Stay updated on regulatory changes and industry trends.Need help subscribing? Click here for step-by-step instructions.Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

Quantum computing is coming faster than most organizations are ready for. In this episode of Shielded: The Last Line of Cyber Defense, Kevin Reifsteck, Director for Critical Infrastructure Protection at Microsoft, joins Jo Lintzen to unpack how Microsoft is building a coordinated roadmap toward quantum-safe security and why governments and enterprises must start acting now. Kevin explains how Microsoft’s Quantum Safe Program connects engineering, compliance, and policy under one strategy, with a clear commitment to deliver customer-ready capabilities by 2029 and complete the global transition by 2033. He shares how this plan balances scale with flexibility, empowering each product group to define its path while keeping the company aligned to a shared goal. He outlines why post-quantum migration must move beyond “code swaps” to address real-world complexities like data-center encryption, operational technology that runs for decades, and global interoperability. Kevin also highlights the role of government action, appointing accountable leaders, aligning regulations across borders, and prioritizing sectors such as healthcare and finance where long-term data protection is critical.What You’ll LearnHow Microsoft’s Quantum Safe Program sets 2029 and 2033 milestones for migration readiness.Why accountability and leadership drive progress more than technology alone.How to identify and protect systems and data with long-term exposure risk.Why global alignment through NIST, ISO, and IETF matters for interoperability.How governments can accelerate national readiness through coordinated action.Why post-quantum migration must include hardware, policy, and operations - not just software updates.Practical first steps for organizations to begin their own quantum-safe transition today.Kevin Reifsteck is the Director for Critical Infrastructure Protection at Microsoft, where he leads global strategy across cybersecurity policy, quantum-safe readiness, and public–private sector collaboration. His work bridges engineering and regulation, helping Microsoft’s product teams align with evolving post-quantum cryptography standards while advising governments on how to prioritize critical systems and national resilience. Before joining Microsoft, Kevin served as Director for Critical Infrastructure Cybersecurity at the National Security Council, The White House, where he shaped U.S. policy for securing essential services and modernizing cyber risk management. Today, Kevin plays a central role in driving Microsoft’s Quantum Safe Program, which sets clear timelines for transitioning products and services to post-quantum cryptography and helping customers worldwide prepare for the quantum era. Known for his strategic clarity and cross-sector insight, he continues to champion global alignment, government readiness, and responsible innovation in securing the foundations of the digital world.Your Roadmap to Quantum Resilience[01:25] Step 1: Set Accountability and Direction –Every successful migration begins with ownership. Kevin explains how Microsoft anchored its transition by naming accountable leaders and setting measurable goals across its entire product ecosystem. The company’s Quantum Safe Program unites engineering, policy, and compliance within one vision, ensuring that strategy translates into coordinated action. Each product group defines its own plan within shared milestones, creating focus without friction. This balance of central direction and local execution allows a company as large as Microsoft to move with precision. Leadership commitment is the engine that turns post-quantum awareness into measurable progress.Key Question: Who owns your quantum-safe migration, and what milestones define success?[04:29] Step 2: Establish a Timeline Customers Can Trust –Microsoft’s roadmap defines clear signposts: customer-facing capabilities by 2029 and full transition across products and services by 2033. These dates are not abstract; they give structure to engineering priorities, regulatory engagement, and customer planning cycles. Kevin shares that transparency in scheduling helps align suppliers, cloud partners, and governments around a shared sense of urgency. It signals that the migration window is already open, and that early action reduces future cost and complexity. By publishing its timelines, Microsoft creates both accountability and confidence within the broader ecosystem. Timelines build trust, and trust accelerates adoption.Key Question: Have you defined a clear migration timeline that aligns your teams, vendors, and customers?[07:29] Step 3: Make Policy an Enabler, Not a Barrier –Governments set the tempo of readiness. Kevin emphasizes that effective policy should create alignment, not administrative drag. Microsoft advocates for each nation to name a responsible authority, establish a post-quantum plan within its national cybersecurity strategy, and allocate the resources to act on it. Awareness programs and sector-specific guidance can turn compliance from a burden into an accelerator, especially for industries like healthcare and energy where expertise is scarce. The key is partnership; policymakers and private industry moving in rhythm toward the same standards and timelines. Well-crafted regulation builds the runway for secure innovation.Key Question: How can your policy environment encourage rather than slow down quantum-safe adoption?[09:26] Step 4: Move Beyond the “Algorithm Swap” Mindset –True migration reaches beyond code. Kevin outlines how large-scale infrastructures rely on encryption embedded deep within hardware, network layers, and operational systems that may run for decades. In cloud environments, encryption depends on specialized chips, data flow, and power efficiency, all of which must adapt to larger keys and new computational demands. In critical infrastructure, replacing or reconfiguring operational technology requires careful planning and years of lead time. Treating PQC as a systemic evolution ensures that migration strengthens, rather than disrupts, core services. Preparation today prevents technical and operational lock-in tomorrow.Key Question: Which parts of your infrastructure demand more than a code update to achieve quantum resilience?[12:32] Step 5: Protect Long-Lived Data and Systems –Some data loses value in weeks; other data must stay confidential for decades. Kevin draws attention to sectors where this matters most: finance, healthcare, and government, where exposure to “harvest-now, decrypt-later” attacks could have generational consequences. The first step is to identify which assets would still cause harm if exposed ten or fifteen years from now. Protecting those systems early not only reduces risk but avoids future regulatory and operational strain. Microsoft’s guidance encourages leaders to focus first on the information and services that define their long-term trust relationship with customers. Longevity determines priority in the quantum transition.Key Question: Which information or systems in your organization will still matter a decade from now?[14:50] Step 6: Align Through Global Standards –Quantum resilience depends on collaboration that crosses borders. Kevin explains how Microsoft works within NIST, ISO, and IETF to ensure that algorithms and protocols mature together, preventing regional fragmentation that could slow the entire ecosystem. When nations align on standards, organizations can innovate confidently, knowing their systems will interoperate securely worldwide. The goal is a consistent framework that supports both national security and commercial continuity. Alignment builds momentum, and momentum ensures no critical infrastructure is left behind. The post-quantum era will reward those who plan globally and execute locally.Key Question: How well are your systems and partners aligned with emerging global post-quantum standards?Episode ResourcesKevin Reifsteck on LinkedInMicrosoft WebsiteJohannes Lintzen on LinkedIn PQShield Website Want exclusive insights on quantum migration?Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.✔ Get insider knowledge from leading cybersecurity experts.✔ Learn practical steps to future-proof your organization.✔ Stay updated on regulatory changes and industry trends.Need help subscribing? Click here for step-by-step instructions.Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so

As quantum computing advances, organisations can no longer treat hardware migration as a secondary task. Thalia Laing, Principal Cryptographer at HP Security Lab, explains how HP adopted a hardware-first approach to post-quantum security by launching the world’s first quantum-safe Secure Boot for business PCs ahead of NIST standards. She describes how HP integrated hybrid RSA + LMS signatures to preserve certification assurance and user performance while adding quantum-safe protection at power-on. Thalia outlines the operational design behind LMS state management, parameter selection, and cross-team testing to ensure verification speed and long-term reliability. She details why many enterprises overlook hardware-implemented cryptography in their inventories and how this blind spot undermines migration plans. She highlights how securing firmware integrity extends device lifespan and builds measurable confidence across product lines. The discussion reinforces that protecting the hardware root of trust is the first step toward true post-quantum resilience.What You’ll Learn:How HP built quantum-safe Secure Boot into production PCs before PQC standards were finalised.Why hybrid RSA + LMS signatures bridge certification and quantum resilience.How LMS state and parameters are managed for predictable, verifiable signing.Why hardware-level cryptography must be included in every crypto inventory.How securing firmware integrity extends device lifetime and compliance value.How to prioritise long-lived, hard-to-update products in PQC migration plans.Why crypto agility begins in design, not deployment.Why starting with the hardware root of trust reduces cost, risk, and time pressure later.Thalia Laing is the Principal Cryptographer and Security Researcher at HP Security Lab, where she leads research and implementation initiatives in post-quantum cryptography, hardware-based security, and trusted computing. She has played a key role in HP’s development of quantum-safe Secure Boot for business PCs and printers, integrating hybrid RSA + LMS architectures that strengthen firmware integrity and protect devices throughout their lifecycle. Over nearly eight years at HP, she has contributed to advancing cryptographic standards, security innovation, and enterprise readiness for the quantum era.Thalia holds a PhD in Cyber Security from Royal Holloway, University of London, where her research on enhanced threshold schemes explored the balance between security and efficiency in distributed cryptographic systems. A member of the NIST NCCoE Migration to PQC Project, she continues to collaborate across industry and academia to accelerate the adoption of quantum-resistant security technologies. Known for her rigour and clarity in applying cryptography to real-world engineering, Thalia focuses on designing security foundations that endure across generations of hardware and emerging post-quantum standards.Your Roadmap to Quantum Resilience[05:58] Step 1: Protect the Root of Trust First –Quantum resilience begins where trust begins, which is in hardware. Thalia explains why HP started its post-quantum journey by redesigning the Secure Boot process, the first code executed when a device powers on. This verification chain is baked into silicon and cannot be patched in the field, making it the single most critical layer to protect against future quantum attacks. By introducing quantum-safe verification at this immutable level, HP ensured that even if traditional cryptography were compromised, the foundation of every PC would remain secure. The result is a hardware-anchored assurance model that outlasts software cycles and supports long-term device integrity.Key Question: Which hardware-anchored components in your systems would compromise everything if their signatures failed?[08:58] Step 2: Combine Proven and Post-Quantum Assurance –Migration to post-quantum cryptography doesn’t mean abandoning what already works. HP adopted a hybrid RSA + LMS model to secure its business PCs, combining the certification maturity of RSA with the forward security of LMS. Both signatures must verify before a device will boot, and a nested design ensures consistency: the firmware is first signed with LMS, then the firmware and LMS signature are signed again with RSA. This dual chain preserves compatibility for existing customers while introducing quantum-safe protection seamlessly. It also satisfies regional and industry assurance requirements, an essential bridge between today’s standards and tomorrow’s mandates.Key Question: Where could a hybrid model strengthen your cryptographic assurance without disrupting certification or performance?[11:53] Step 3: Manage LMS with Precision and Predictability –LMS is powerful but operationally demanding. Thalia outlines how HP engineered its signing infrastructure to prevent state reuse, manage signature limits, and tune the Winternitz parameter, a key setting that trades verification speed for computational effort. Because firmware signing happens predictably and infrequently, HP could model the entire lifecycle of each key, ensuring that verification remains fast and the state never exhausts. Extensive cross-testing between the signing infrastructure and endpoint firmware teams helped find the optimal balance between performance and endurance. The result is a proven framework for implementing post-quantum signatures in live production environments.Key Question: Have you built the operational discipline to manage state, limits, and parameters before scaling PQC deployments?[21:16] Step 4: Close the Hardware Inventory Gap –Visibility drives every successful migration, yet most crypto inventories overlook what’s embedded in hardware. Thalia emphasises that many scanning tools capture software libraries and network protocols but miss firmware-level cryptography entirely. Secure Boot keys, embedded verification logic, and hardware root certificates often sit outside conventional monitoring systems. HP encourages organisations to supplement automated scans with manual verification and vendor collaboration to document these hidden elements. Only by mapping cryptography end-to-end, from cloud to chip, can enterprises manage risk and sequence migration effectively.Key Question: Does your cryptographic inventory capture the unseen hardware roots that define your trust boundary?[25:32] Step 5: Build for Physical Resilience –Quantum safety is only part of the equation, physical resilience completes it. Thalia explains how HP integrates side-channel and fault-injection protections into hardware designs, preventing attackers from bypassing verification steps or manipulating power and timing behaviour. Since such defences cannot be retrofitted after deployment, they must be planned at the design phase alongside cryptographic migration. The goal is not just mathematical security but operational assurance, devices that remain trustworthy even under physical access or lab-level attack.Key Question: How aligned are your hardware-level countermeasures with the cryptographic strength you rely on?[18:21] Step 6: Prioritise Long-Lived, Hard-to-Update Devices –Every device has a lifespan; cryptography often does not. HP’s migration strategy focuses on hardware that will remain in service for years, business PCs, printers, and embedded peripherals. By upgrading these devices first, HP reduces exposure to the “harvest now, decrypt later” threat and avoids expensive retrofits when new standards become mandatory. Thalia calls this “future-proofing at the factory”: designing security that endures as algorithms evolve and threats mature. Prioritising longevity over convenience transforms security investment into measurable business value.Key Question: Which products in your portfolio will still be operational when quantum attacks become real, and are they ready today?Episode ResourcesThalia Laing on LinkedInHP WebsiteJohannes Lintzen on LinkedIn PQShield Website Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.✔ Get insider knowledge from leading cybersecurity experts.✔ Learn practical steps to future-proof your organization.✔ Stay updated on regulatory changes and industry trends.Need help subscribing? Click here for step-by-step instructions.Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so