Post-quantum cryptography is often framed as a future technical upgrade. Carolina Polito approaches it as an organizational transition that is already underway. In this episode of Shielded: The Last Line of Cyber Defense, Carolina explores how quantum readiness moves beyond awareness into execution.

She begins by reframing how we think about technology itself. Systems are not neutral tools. They are shaped by societal decisions and, in turn, shape the institutions that rely on them. This perspective helps explain why quantum readiness cannot be confined to technical teams alone.

The conversation then moves into operationalization. While most organizations recognize the quantum threat, translating that awareness into action remains a challenge. Carolina explains why attempting a complete inventory of cryptographic assets can slow progress and why prioritization is more effective. By focusing on high-value, long-lived, and exposed assets, organizations can begin building a practical migration strategy.

Vendor ecosystems emerge as a central theme. Many cryptographic dependencies sit outside direct control, making vendor engagement critical. Carolina outlines what organizations should look for, including transparency around cryptographic usage, transition roadmaps, and crypto agility.

At a policy level, the discussion explores Europe’s approach to quantum readiness. While there is progress across member states, coordination remains complex. Standards, procurement, and national strategies need to evolve together rather than in sequence. The absence of post-quantum requirements in emerging digital systems also highlights missed opportunities that could increase future costs.

Carolina closes with a practical lens. Organizations do not need to solve everything at once. Assigning ownership, prioritizing key assets, and embedding quantum readiness into existing processes can create momentum without overwhelming the system.

What You’ll Learn:

Why quantum readiness is an organizational and managerial challenge

Why complete cryptographic inventory is less useful than prioritization

How to identify high-value, no-regret starting points

What defines a quantum-ready vendor

Why crypto agility is critical for long-term resilience

How supply chain dependencies shape migration complexity

Where Europe stands on PQC coordination and policy

Why standards, procurement, and strategy must move in parallel

How new digital systems can create future retrofit challenges

What the first practical step toward quantum readiness looks like

Carolina Polito is a researcher in the cybersecurity program at the Center for European Policy Studies and a PhD candidate in international relations at LUISS University in Rome. Her work focuses on cybersecurity, governance, and geopolitics, with a particular emphasis on how emerging technologies shape institutional capabilities and policy decisions.

Your Roadmap to Quantum Resilience

[03:39] Step 1: Technology Shapes Institutional Boundaries

Carolina introduces a broader lens. Technology is not neutral. It influences how institutions operate and what they are able to do. This framing shifts quantum readiness from a technical upgrade to something structural within organizations.

Key Question: Are your systems shaping your capabilities in ways you fully understand?

[08:04] Step 2: Moving From Awareness to Execution

Awareness of quantum risk is already widespread. The challenge now is turning that awareness into a structured transition. Carolina explains why organizations need a workable approach that aligns migration with existing processes.

Key Question: Do you have a transition plan that fits how your organization already operates?

[11:41] Step 3: Prioritization Over Perfect Visibility

Trying to map every cryptographic asset can create more noise than clarity. Carolina highlights the importance of focusing on what is critical rather than attempting completeness.

Key Question: Are you focusing on what matters most or trying to see everything?

[19:19] Step 4: Vendor Readiness Shapes Your Progress

A large portion of cryptographic risk sits within vendor ecosystems. Carolina outlines what organizations should look for when evaluating vendors and why their readiness directly impacts your own transition.

Key Question: Do your vendors enable your transition or create hidden dependencies?

[20:41] Step 5: Start With No-Regret Use Cases

Rather than solving everything at once, organizations can begin with assets that are high value, highly exposed, and difficult to replace later. These decisions shape long-term resilience.

Key Question: Which assets would you regret not protecting early?

[34:52] Step 6: Coordination Must Happen in Parallel

Quantum readiness requires multiple efforts to move at the same time. Standards, procurement, and strategy cannot wait on each other. Progress depends on coordination across these areas.

Key Question: Are your efforts moving together or waiting on each other?

Episode Resources

Carolina Polito on LinkedIn

Center for European Policy Studies (CEPS)

Johannes Lintzen on LinkedIn

PQShield Website

Want exclusive insights on quantum migration? Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.
✔ Learn practical steps to future-proof your organization.
✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.