Your Inventory Dashboard is Not a Migration Strategy
March 5, 2026
Post-quantum cryptography is often framed as an algorithm selection problem. Stefan Kölbl reframes it as something else entirely: a key management and lifecycle discipline challenge.
In this episode of Shielded: The Last Line of Cyber Defense, host Jo Lintzen speaks with Stefan, an information security engineer at Google, about what it actually takes to migrate cryptography across complex global systems at scale.
They explore why Store Now, Decrypt Later is treated as a real threat inside Google, why hybrid deployments were justified before final NIST standards, and why inventory dashboards alone won’t get organizations across the finish line. The real work, Stefan explains, lies in crypto agility, automated key rotation, lifecycle ownership, and safe-by-default developer frameworks.
Post-quantum cryptography migration is not primarily about choosing Kyber or ML-KEM. It is about whether your organization can rotate keys, abstract cryptography away from developers, and adapt under pressure. In this episode, Stefan Kölbl shares an operator-level perspective from inside Google’s PQC rollout, including early hybrid deployments that predated final NIST standards.
He explains why encryption in transit was prioritized, why signing remains harder than key exchange, and how Store Now, Decrypt Later risk justified early action.
The discussion moves beyond theory into operational friction: cache misses triggered by heap allocation behavior, lifecycle blind spots revealed by inventory tools, and the difficulty of prioritizing thousands of signing keys without ownership context.
Stefan’s core message is simple but powerful: PQC is not a one-time upgrade. It is an opportunity to fix key management. Organizations that treat migration as an agility exercise rather than an algorithm swap, will be the ones able to adapt when standards evolve again.
What You’ll Learn
- What it really takes to operationalize post-quantum cryptography at hyperscale
- Why PQC is fundamentally a key management and lifecycle problem
- How crypto agility reduces friction during algorithm transitions
- Why Store Now, Decrypt Later justified early hybrid deployment
- How Google approached PQC before final NIST standards were published
- Why encryption in transit is easier to migrate than signing
- Where firmware signatures and hardware-bound keys create long-term risk
- Why inventory dashboards alone cannot drive prioritization
- How lifecycle context determines what to fix first
- What performance surprises can emerge during large-scale PQC rollout
About Stefan Kölbl
Stefan Kölbl is an Information Security Engineer at Google, where he has been deeply involved in the company’s internal post-quantum cryptography rollout. His work spans early hybrid deployments, encryption-in-transit migration, key lifecycle management, and performance validation at hyperscale.
Stefan brings an operator-level perspective to quantum-safe migration, focusing on crypto agility, secure-by-default developer frameworks, and scalable key management architecture. His experience includes navigating PQC implementation prior to final NIST standardization and addressing real-world constraints such as signing lifecycles, hardware-bound keys, and system-level performance interactions.
Your Roadmap to Post-Quantum Agility
[00:02:28] Step 1: Shift the Focus From Algorithms to Key Rotation
Stefan reframes the PQC conversation. Updating code can be abstracted. Libraries and APIs can shield most developers from algorithm changes. The real operational challenge lies in key material. If you cannot rotate keys cleanly, you cannot switch algorithms cleanly.
Poor key management surfaces quickly under PQC pressure. Migration becomes difficult not because the math is hard, but because lifecycle ownership was unclear. Crypto agility, in practice, means being able to rotate without disruption.
Key Question: If you needed to rotate every key today, how much friction would you encounter?
[00:04:41] Step 2: Treat PQC as a Security Hygiene Upgrade
Stefan emphasizes that PQC should not be framed as a one-off cryptographic event. It is a forcing function. Organizations already thinking about PQC have an opportunity to improve rotation practices, lifecycle tracking, and resilience more broadly. If you use this moment to institutionalize automated, reliable key rotation, you strengthen your posture against future threats beyond quantum.
Key Question: Are you treating PQC as a compliance task or a resilience upgrade?
[00:07:51] Step 3: Accept Store Now, Decrypt Later as a Real Risk
For Google, “Store Now, Decrypt Later” is not a theoretical concern. The possibility that encrypted traffic captured today could be decrypted in the future helped justify early hybrid deployments, even before final NIST standards were published. Prior Chrome experiments provided the confidence to move forward, while hybrid designs ensured that introducing post-quantum mechanisms would not weaken existing security protections.
Key Question: If encrypted traffic were harvested today, how confident are you in its long-term confidentiality?
[00:12:49] Step 4: Recognize That Signing Is the Harder Problem
Encryption in transit is comparatively easier to migrate because protocols like TLS 1.3 already support cryptographic agility, allowing new key exchange mechanisms to be introduced without major system redesign. Signing infrastructure, however, is far more rigid. Firmware signatures, hardware roots of trust, and long-lived devices often rely on keys that are embedded in hardware or tied to decade-long lifecycles. In many cases, these keys cannot be rotated easily and the devices cannot be upgraded after deployment, which makes signing systems the long-tail risk in post-quantum migration.
Key Question: Which of your signatures are tied to hardware or decade-long lifecycles?
[00:18:18] Step 5: Inventory Is the Beginning, Not the End
Dashboards provide visibility, but visibility alone does not create prioritization. A list of RSA or ECC signing keys tells you nothing about ownership, business criticality, rotation feasibility, or lifecycle exposure. Without context, inventory becomes paralysis. True progress requires integrating lifecycle intelligence, ownership mapping, and automation.
Key Question: Does your crypto inventory tell you what to fix first - or just how much you have?
[00:28:09] Step 6: Expect Performance Surprises at Scale
Benchmarking does not always capture how systems behave in real-world environments. In one rollout, a PQC implementation caused unexpected cache misses because of how it allocated heap memory. The algorithm itself was fast, but its memory patterns disrupted system performance. This was not a cryptographic failure; it was a systems interaction issue. At scale, migrations often surface these kinds of edge cases that are difficult to anticipate during initial testing.
Key Question: Do you have regression testing capable of catching subtle systemic performance impacts?
Episode Resources
- Stefan Kölbl on LinkedIn
- ProteQC Website
- Johannes Lintzen on LinkedIn
- PQShield Website
Want exclusive insights on quantum migration? Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.
✔ Get insider knowledge from leading cybersecurity experts.
✔ Learn practical steps to future-proof your organization.
✔ Stay updated on regulatory changes and industry trends.
Need help subscribing? Click here for step-by-step instructions.
Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so