Post-quantum cryptography does not arrive as a clean replacement for today’s systems. It forces organizations to rethink how cryptography is designed, deployed, governed, and maintained over time. In this special episode of Shielded, host Jo Lintzen leads a discussion that moves past algorithm selection and into operational reality. The panel connects three pressures most organizations underestimate. Threats evolve quickly. Hardware and deployed systems last for years. Governance around cryptographic assets is often weak or incomplete.

Bill Buchanan explains how lattice-based cryptography enables new capabilities such as fully homomorphic encryption, where data remains encrypted even while being processed. This matters in modern environments shaped by cloud platforms, edge computing, and machine learning, where sensitive data is frequently exposed during computation.

Mamta Gupta highlights the growing mismatch between long hardware lifecycles and rapidly changing cryptographic requirements. Devices expected to remain in the field for a decade must soon meet post-quantum mandates, even as standards and certification frameworks continue to evolve. Locking in rigid choices today creates future risk.

Jeremy B focuses on the skills gap. Post-quantum migration requires experienced practitioners, structured discovery, and repeatable methods. Until those capabilities become widespread, organizations must treat PQC work as specialized and plan accordingly.

Adrian Neal delivers a warning about failure modes. New algorithms will not tolerate weak governance or poor implementation. The most dangerous outcome is silent failure, where systems appear secure but provide little real protection.

Yolanda Reid reframes the issue for leadership. This is not another Y2K-style event. Cryptography will continue changing for the lifetime of modern systems. Executives must understand the risk to their most valuable assets and support long-term operating models, not short-term fixes.

Bruno Couillard closes by challenging decades of assumptions. For thirty years, digital systems were built on the belief that cryptography should never change. That belief no longer holds. Security now depends on knowing what cryptography is used where, maintaining it continuously, and building teams capable of adapting as standards and threats evolve.

What You’ll Learn

Bruno Couillard opens with something that sounds obvious, but often gets ignored. There is no cybersecurity without cryptography. Everything else sits on top of it. When teams treat cryptography as background plumbing, they stop paying attention to where trust really comes from. Post-quantum work starts with knowing where cryptography shows up in your systems, why it was chosen, and what assumptions it depends on. If you don’t have that picture, every other security decision is built on guesswork.

Bill Buchanan points out a problem we’ve quietly accepted for years. We encrypt data when it’s stored and when it moves, but the moment we actually use it, we expose it. In cloud systems, analytics, and machine learning, that exposure happens all the time. Lattice-based cryptography changes what’s possible here. It allows data to stay encrypted even while being processed. That opens the door to systems that are private by design, not just protected at the edges.

Mamta Gupta explains why timing is such a headache. Devices are built to last five, ten, sometimes fifteen years. Meanwhile, threats, regulations, and algorithms change every few months. If you wait too long, you end up with systems that can’t be upgraded in time. If you lock things down too early, you risk betting on choices that won’t age well. The hard part is planning for both at once.

Jeremy B brings the focus to execution. PQC migration starts with discovery, not replacement. Most organizations do not know where cryptography lives until they actively map certificates, keys, protocols, vendors, and dependencies. Assurance schemes and consultants help add structure and confidence, especially early on, but they do not remove ownership. Someone inside the organization still needs to understand what exists today and what can change safely.

Adrian Neal explains why post-quantum algorithms raise the stakes. Older schemes often failed loudly. New ones do not. Weak governance or poor implementation can result in encryption that appears to work but provides little real protection. Discovery often exposes unknown certificates, unmanaged keys, and policy drift. In a PQC world, those gaps matter more than ever. Algorithm strength means nothing without disciplined implementation.

Yolanda Reid pulls the conversation out of IT and into the executive room. Post-quantum cryptography is not a one-time upgrade you fund, complete, and move past. Cryptography will keep changing for as long as digital systems exist. That puts core assets at stake, communications, financial systems, identity, and trust. Leaders need to understand that risk and back operating models built for continuous change, not short-term fixes.

Want exclusive insights on quantum migration?  Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.


Need help subscribing? Click here for step-by-step instructions.