A Program Approach to Delivering Quantum and Cybersecurity Technologies

Quantum Needs More Than Physicists - It Needs Project Managers

When Greg Skulmoski talks about quantum technologies, he does not sound like someone trying to dazzle a room with equations. He sounds like a builder standing before a half-finished bridge, asking the most practical question of all - who will get everyone safely to the other side?

That question matters because Dr Skulmoski speaks from experience, not speculation. He teaches project and risk management at Bond University, served on the PMBOK Guide 2000 update team, and has been recognised by the Australian Institute of Project Management for research that advanced the field. He has also helped lead major healthcare initiatives, including work linked to smartphone-connected pacemaker devices later recognised in Cleveland Clinic’s Top 10 Medical Innovations for 2021.

His central point is strikingly simple. Quantum may appear mysterious, but from a delivery perspective it is still a matter of hardware, software and integration. It is not magic - it is a programme of projects.

That change in perspective is valuable. Too often, discussion of quantum remains confined to the laboratory, where physicists speak fluently about qubits while everyone else listens politely and waits for something practical to emerge. Skulmoski’s point is that organisations do not adopt breakthroughs through admiration alone. They adopt them through strategy, budgets, governance, training, procurement, testing and change management. The impressive chip is only the beginning. The real challenge begins when that chip must function within a messy, regulated, underfunded and deeply human organisation.

Quantum’s Two Faces

Skulmoski presents quantum as a technology with two distinct implications. Used well, it could help hospitals, logistics companies and manufacturers solve complex optimisation problems more effectively. Used poorly - or approached too late - it could expose organisations to serious cyber risk.

This warning is not abstract. Australia’s ASD has advised organisations to stop using traditional asymmetric cryptography by the end of 2030 and move to approved post-quantum methods. NIST, meanwhile, finalised its first post-quantum cryptography standards in August 2024, giving organisations a concrete basis for serious migration planning.

Here Skulmoski is especially persuasive. He argues that project teams sit at the centre of both sides of the quantum story. They help deliver the upside - better scheduling, modelling and operational workflows - while also co-ordinating the defensive work required to protect systems and data. Put simply, project managers are the people ensuring that the future arrives usefully, not catastrophically.

Why Hospitals Make the Point So Clearly

Drawing on his healthcare background, Skulmoski uses hospitals to make quantum tangible. It is an effective choice. Hospitals are vast living systems, full of moving parts, competing priorities, expensive assets, unforgiving deadlines and no tolerance for error. They are ideal examples of both the promise and the pain of new technology.

He points to several plausible applications for quantum optimisation. Staff rosters could be improved. Pathology laboratories could prioritise urgent tests while making better use of specialist staff and costly materials. Surgical theatres could be scheduled more efficiently. Supply chains could become more resilient. Even patient billing might, in theory, be optimised to reduce out-of-pocket costs while improving fairness.

This may sound futuristic, but the direction of travel is already clear. In 2023, Cleveland Clinic and IBM unveiled an on-site IBM Quantum System One dedicated to healthcare research. The idea that healthcare may one day engage seriously with quantum is no longer speculative. It has already begun.

Quantum is often presented in public discussion as something out of a space opera. In reality, it may behave more like an exceptionally gifted but demanding new employee - brilliant, expensive and far from plug-and-play.

The Risk of Waiting Too Long

The strongest aspect of Skulmoski’s argument is not its optimism, but its sense of timing.

He stresses that post-quantum migration is not a single technical patch. It is a long programme of work that may unfold over a decade. It involves awareness, governance, cryptographic inventory, prioritisation, process redesign, technology replacement, staff training, testing and controlled rollout. Anyone hoping for a Friday-afternoon software update labelled Make Us Quantum Safe is likely to face a difficult Monday.

Industry guidance supports this view. In September 2025, FS-ISAC warned that financial institutions need co-ordinated planning and milestone-based migration to post-quantum cryptography. The wider message across government and industry is consistent - start early, because cryptographic migration is slow, delicate and full of dependencies.

This is classic project management logic. Start early and there is room to optimise for quality and scope. Start late and time becomes the tyrant in the room. Then come fast-tracking, overlapping tasks, higher costs, greater uncertainty and a greater chance of introducing new vulnerabilities while trying to remove old ones.

It is rather like replacing every lock in a skyscraper while the tenants remain inside and someone is shouting that the burglars are already in the lift.

Standards Are Not Red Tape - They Are Building Blocks

Another useful element of Skulmoski’s argument is his defence of standards and frameworks. In some organisations, standards are treated like vegetables at a children’s party - good for you in principle, but rarely welcomed with enthusiasm.

Skulmoski takes a different view. He sees standards such as ITIL, project management guidance and cyber security frameworks as modular building blocks. They are not a straitjacket, but a box of Lego. Teams can apply them, tailor them and combine them to create an approach suited to their organisation.

That is an important business lesson. Quantum adoption will not succeed because one department buys an impressive pilot system. It will succeed when business strategy, technology strategy and cyber security strategy are aligned. That alignment creates the right projects, and the right projects create measurable value.

The Overlooked Skills Gap

Skulmoski also raises a point that deserves far more attention. Most discussion of the quantum skills gap focuses on physicists, engineers and mathematicians. He does not challenge that need. What he argues, however, is that the next phase will require a much broader form of quantum literacy - one that includes project managers, lawyers, procurement specialists, change managers and operational leaders.

This aligns with Australia’s wider strategic thinking. National and Queensland initiatives have both highlighted workforce development and skills as central to building a quantum ecosystem. Queensland’s strategy, in particular, emphasises commercialisation and workforce capability, not simply scientific advancement for its own sake.

This is the wider business lesson. Quantum will not fail because the science is too advanced. In many cases, it will fail because organisations underestimate the ordinary disciplines of delivery - governance, training, sequencing, migration planning and stakeholder support.

Yet those apparently ordinary disciplines are what hold the entire enterprise together.

What Leaders Should Take From This

Skulmoski’s message is not that every organisation needs a quantum computer next quarter. His message is that leaders should stop treating quantum as somebody else’s research problem.

They need to identify where quantum creates opportunity, where it creates risk, and what programme of work must begin now. In cyber security, that means inventory, prioritisation and crypto-agility. In innovation, it means identifying operational processes where quantum optimisation could eventually create real advantage. In workforce planning, it means broadening the definition of who counts as quantum talent.

The conclusion is refreshingly grounded. Quantum will not arrive in organisations as a dramatic lightning strike. It will arrive through strategy papers, migration plans, vendor decisions, pilot projects, steering committees, risk logs and budget requests.

That may be less cinematic than a Hollywood breakthrough, but it is far more useful.

Salient Points

Greg Skulmoski argues that quantum should be treated as a matter of hardware, software and integration rather than as an inaccessible scientific mystery.

He sees project management as a critical success factor in both capturing quantum opportunity and reducing quantum-related risk.

Hospitals are a strong example because they combine complex workflows, strict constraints and high-value optimisation opportunities.

Post-quantum cryptography migration is likely to be a multi-year programme rather than a single technical upgrade.

Starting early improves quality and reduces the risk created by compressed delivery schedules.

Standards and frameworks matter because they provide tested structures that can be adapted to new technologies.

Quantum readiness will require broader literacy across organisations, beyond deep STEM expertise.

Market Classification

Quantum technologies, project management, cyber security, digital transformation, healthcare innovation.

Sub-markets and Adjacent Domains

Post-quantum cryptography, quantum computing services, healthcare operations optimisation, enterprise architecture, IT service management, risk management, change management, cloud integration, workforce capability development.

Competitor Categories

Large technology vendors, specialist quantum hardware firms, quantum software platforms, cyber security consultancies, systems integrators, cloud providers, enterprise software firms, and project and programme advisory firms.

Market Outlook

The market is shifting from curiosity to structured preparation. On the cyber security side, migration pressure is increasing as standards mature and deadlines emerge. On the commercial side, near-term value is more likely to come from hybrid workflows, pilot optimisation projects and cloud-based access models than from universal in-house deployment.

Demand Drivers

Regulatory pressure, harvest-now-decrypt-later risk, emerging cryptographic standards, demand for optimisation in complex operations, healthcare and industrial efficiency needs, government investment, and the race to build practical quantum literacy across organisations.

Sources and References

Bond University profile and course material on Greg Skulmoski’s teaching and project management background.

PMBOK Guide 2000 project team listing.

Australian Institute of Project Management award information.

Cleveland Clinic and Medtronic material on smartphone-connected pacemaker devices.

IBM and Cleveland Clinic announcement on Quantum System One.

ASD guidance on planning for post-quantum cryptography.

NIST post-quantum standards announcement and FIPS 203.

FS-ISAC 2025 migration guidance for financial services.

Queensland and Australian quantum ecosystem strategy and workforce materials.