Quantum Risk on the Board Agenda: A Practical Guide for CISOs
Getting quantum risk onto the board agenda is not the hard part. Most boards will hear "governments are retiring current encryption standards by 2030"…
Blog
Expert analysis, quantum security news, and industry developments from QSECDEF. 175 articles across insights and news.
Getting quantum risk onto the board agenda is not the hard part. Most boards will hear "governments are retiring current encryption standards by 2030"…
No single qualification solves the quantum security problem in 2026. The certification market has not caught up to NIST’s post-quantum standards. Here…
FIPS 203 defines three parameter sets for ML-KEM. The choice between them carries real implications for performance, security margin, and integration…
If you run a small business and someone has told you that quantum computers will soon break your encryption, the natural question is: does this…
Most NIS2 implementation programmes treat cryptography as a checklist item: TLS version current, certificates valid, data encrypted at rest,…
The news cycle treats quantum computing as either an existential emergency arriving next year or a distant curiosity with no current relevance. Both…
The EU AI Act's August 2026 enforcement threshold arrives for high-risk AI systems in critical infrastructure. What Article 15's state-of-the-art…
A quantum computer breaks the key exchange step of end-to-end encryption, not the bulk message cipher. The risk profile varies by application design.…
PKI migration is the longest-lead item in most enterprise PQC programmes. Root CA sequencing, ML-DSA algorithm selection, HSM readiness, OCSP…
What a quantum security engineer actually does, what the role pays in 2026 in the US and UK, what skills matter at interview, and where the career…
IR 8547 answers the question the FIPS standards do not: when must the old algorithms stop. A CISO and security architect guide to the deprecation and…
Not all encrypted data is equally exposed to Harvest Now, Decrypt Later attacks. A retail transaction from last Tuesday carries effectively no HNDL…
A practitioner holding a CISSP, a CISM, and a GIAC GSEC in 2026 has credentials that satisfy most employer qualification frameworks. Put that same…
The two terms are not interchangeable, and treating them as if they were produces real planning errors. NIST's Cryptography Resource Center uses…
The audit companion to the sub-tier supplier guide. Where that article answers what you must do, this one answers whether you have done it. A 7-domain…
The honest answer is that neither body offers what a quantum security professional actually needs. That is not a criticism. It is a statement of…
The waiting period is over. NIST finalised FIPS 203, 204, and 205 on 13 August 2024. The NCSC published its phased UK migration timeline in March…
Four NIST standards were finalised in August 2024. They do not tell you which one to deploy first, which protocol represents the fastest migration…
In 1994, Peter Shor published a mathematical proof: on a quantum computer of sufficient size, integer factorisation and the discrete logarithm problem…
Prime contractors are working through their own CMMC Level 2 assessments. Sub-tier enablement gets deprioritised. The absence of a formal notification…
At most enterprise security conferences in 2026, quantum computing and artificial intelligence share a stage. This article maps where the capabilities…
DORA has been live since January 2025. Its ICT risk management framework explicitly names quantum advancements as a cryptanalytic threat category.…
Knowing what each NIST post-quantum standard requires is the first problem. Sequencing them correctly is the second. This article provides the…
The quantum threat to VPN security is present-tense: adversaries are capturing encrypted sessions now. This article explains which layer of a VPN…
NSA's CNSA 2.0 replaces CNSA 1.0's public-key algorithms entirely. Defence suppliers who cannot demonstrate CNSA 2.0 algorithm support will not…
PKI is the trust architecture underlying TLS, code signing, SSH, and most of enterprise security. RSA and ECDSA sign every link in the chain. Shor’s…
Leading Canadian provider of quantum-safe-by-design cryptographic infrastructure strengthens QSECDEF's mission to secure the transition into the…
Common questions from prospective QSECDEF expert members: which category applies, what the application process looks like, what happens at each tier…
QSECDEF runs a structured vetting process before listing any organisation in its directory. This post explains the categories, the question sets, the…
RSA relies on integer factoring. ECC relies on elliptic curve discrete logarithms. Shor's algorithm solves both efficiently. Here is why, and what to…
Subscribe to the QSECDEF newsletter for weekly updates on quantum security, new lecture recordings, and upcoming events.
Subscribe to Newsletter