Marin IvezicMar 5

PQC migration is a program, not a patch. I just updated my quantum readiness starting list - curated for security people who need actionable info.

Takes you from threat understanding → prioritization → running a real migration program with owners, milestones, dependencies, and vendor timelines.

https://postquantum.com/quantum-readiness-starting/

#PQC #PostQuantumCryptography #InfoSec #CryptoAgility #QuantumSecurity

Getting Started With Quantum Readiness and PQC Migration

This page collects the PostQuantum.com articles you need to kick‑off and run a quantum‑readiness program, end‑to‑end. It’s organized along the lifecycle most teams follow: executive briefings & budget justification, cryptographic discovery/inventory, CBOM (Cryptographic Bill of Materials) creation, risk scoring & prioritization, road‑mapping and governance, pilots and migration patterns (hybrid/PQC/crypto‑agility), and operations (monitoring, vendor due diligence, training). Notes & caveats. Real programs are messy: phases overlap and organizations differ. I’ve tagged each article to the dominant phase for clarity, but expect cross‑links. This is an opinionated, practitioner’s curation, not a standard, and it’s under development. No warranties; I aim to keep

PostQuantum - Quantum Computing, Quantum Security, PQC
TechNaduDec 5

Interview with Dino DiMarino, CEO at AppViewX, on why machine identities are outpacing user identities in critical infrastructure.

🔐 “You can’t plan for post-quantum cryptography without an accurate cryptographic bill of materials.”

Full interview: https://www.technadu.com/explaining-why-certificate-failures-are-still-taking-down-critical-systems/614681/

#CyberSecurity #MachineIdentity #PKI #ZeroTrust #CryptoAgility

TechNaduOct 28

Rik Turner from Omdia says, “We have only just begun to see how AI can help threat actors.”
In this TechNadu interview, he explains how enterprises can prepare for a post-quantum world and adopt crypto agility for defense resilience.
https://www.technadu.com/ai-quantum-and-the-next-evolution-of-cyber-defense-why-crypto-agility-cant-wait/611559/

#CyberSecurity #AI #PostQuantum #CryptoAgility #Omdia #TechResearch

IntelemodelAug 25, 2025

Implement crypto-agility with modular encryption tools to phase in quantum-safe algorithms, cut breach costs and ensure compliance. Train teams incrementally #Security #CryptoAgility

https://www.techradar.com/pro/cyber-resilience-in-the-post-quantum-era-the-time-of-crypto-agility

Cyber resilience in the post-quantum era: the time of crypto-agility

Combatting the threat posed by quantum computing

TechRadar
Marin IvezicAug 5, 2025
CBOM (Cryptography Bill of Materials) is the new buzzword. Think SBOM but for encryption. IBM’s approach uses static analysis to list all algorithms/keys (your CBOM) and dynamic monitoring to see them in action. Why does it matter? Because to migrate to #PQC, you first need a map of every place cryptography lives in your org. This article shows how various tools help assemble that map. #CryptoAgility https://postquantum.com/post-quantum/cryptographic-inventory-vendors/
Cryptographic Inventory Vendors and Methodologies

Achieving a comprehensive cryptographic inventory often requires combining multiple tools and methodologies. Each solution above has blind spots: one might excel at catching code-level issues but miss network usage, another might see network traffic but miss dormant code, etc. Organizations starting a crypto inventory (especially as part of PQC readiness) should evaluate these tools in terms of their environment: for example, pairing a passive network sensor with an agent-based host scanner and a static code analyzer will cover most bases – network, runtime, and code. Many of the vendors themselves support integrations (as seen by partnerships between endpoint and network

PostQuantum - Quantum Computing, Quantum Security, PQC
Marin IvezicAug 3, 2025
What’s a CBOM? A Cryptographic Bill of Materials is an inventory of all crypto assets in a system – algorithms, key lengths, certificates, libraries, protocols, etc. In the age of #QuantumThreats and new regulations, CBOMs are becoming crucial. They give security teams X-ray vision into “what crypto are we using and where,” so we can find weak links (e.g., an obsolete cipher or a short RSA key) and plan upgrades to #PQC. #CryptoAgility https://postquantum.com/post-quantum/cryptographic-bill-of-materials-cbom/
Cryptographic Bill of Materials (CBOM) Deep-Dive

Cryptographic Bill of Materials (CBOM) represent the next evolution in software transparency and security risk management. As we have explored, a CBOM provides deep visibility into an application’s cryptographic underpinnings – an area that has often been opaque to security teams. By enumerating algorithms, keys, certificates, and their usage, CBOMs empower organizations to tackle challenges ranging from quantum cryptography transition and legacy crypto cleanup to regulatory compliance and rapid incident response to crypto vulnerabilities. For security architects and CISOs, adopting CBOM practices offers actionable benefits. It means no longer relying on ad-hoc methods or tribal knowledge to answer “What crypto

PostQuantum - Quantum Computing, Quantum Security, PQC
Marin IvezicJul 28, 2025
TL;DR from this deep-dive: transparency is security. A CBOM brings cryptography out of the shadows. It’s not just a compliance checkbox – it helps identify legacy crypto that needs replacing (e.g., “oh wow, this app still uses SHA-1 certs”), ensures you meet standards, and guides your PQC migration. Expect CBOMs to become as routine as SBOMs in audits. It’s a bit more work now for a lot more peace of mind later. #PQC #CryptoAgility https://postquantum.com/post-quantum/cryptographic-bill-of-materials-cbom/
Cryptographic Bill of Materials (CBOM) Deep-Dive

Cryptographic Bill of Materials (CBOM) represent the next evolution in software transparency and security risk management. As we have explored, a CBOM provides deep visibility into an application’s cryptographic underpinnings – an area that has often been opaque to security teams. By enumerating algorithms, keys, certificates, and their usage, CBOMs empower organizations to tackle challenges ranging from quantum cryptography transition and legacy crypto cleanup to regulatory compliance and rapid incident response to crypto vulnerabilities. For security architects and CISOs, adopting CBOM practices offers actionable benefits. It means no longer relying on ad-hoc methods or tribal knowledge to answer “What crypto

PostQuantum - Quantum Computing, Quantum Security, PQC
Marin IvezicJul 28, 2025
Quantum readiness isn’t just future-proofing – it’s a chance to fix lingering security debt. By embarking on a PQC migration, you finally fund that full cryptographic inventory (you can’t protect what you don’t know you have) and clean up “crypto junk” (weak algorithms, expired certs) . It’s like spring cleaning your security while prepping for the future. #CryptoAgility https://postquantum.com/post-quantum/quantum-ciso-budget/
How CISOs Can Use Quantum Readiness to Secure Bigger Budgets (and Fix Today’s Problems)

Quantum readiness is not an exercise in science fiction – it’s a very practical program that yields benefits immediately. Regulators are pushing us all in this direction, which means boards are willing to fund it. The journey forces you to finally catalog your cryptographic assets and clean up long-standing weaknesses, improving your security posture right now. It builds agility so you can handle any crypto curveballs the future throws. It energizes your team and attracts talent by giving them something exciting to work on. And it demonstrates to the world that your organization is on top of emerging threats, thereby

PostQuantum - Quantum Computing, Quantum Security, PQC
Marin IvezicJul 25, 2025

Regulators are mandating comprehensive cryptographic inventories for quantum readiness - but what if that’s not feasible yet?

My latest article explores a pragmatic, risk-driven alternative to begin mitigating quantum threats without boiling the ocean.

#QuantumRisk #PQC #Cybersecurity #QuantumReady #CryptoAgility

https://postquantum.com/post-quantum/risk-driven-quantum-crypto-inventory/

Risk-Driven Strategies for Quantum Readiness When Full Crypto Inventory Isn’t Feasible

Given the practical challenges, organizations may need to begin their quantum-readiness journey with a risk-driven approach rather than a theoretically perfect one. The essence of this strategy is to focus limited resources where they matter most – addressing the highest quantum-vulnerability risks first and implementing interim safeguards for the rest. Even the U.S. government’s guidance recognizes the need for prioritization. For example, the federal memo mentioned above directs agencies to inventory high-impact systems, high-value assets (HVA), and any systems containing data that must remain sensitive through 2035 before worrying about less critical systems. In other words, not all cryptographic assets

PostQuantum - Quantum Computing, Quantum Security, PQC
Marin IvezicJul 22, 2025
CBOM (Cryptography Bill of Materials) is the new buzzword. Think SBOM but for encryption. Why does it matter? Because to migrate to #PQC, you first need a map of every place cryptography lives in your org. This article shows how various tools help assemble that map. #CryptoAgility https://postquantum.com/post-quantum/cryptographic-inventory-vendors/
Cryptographic Inventory Vendors and Methodologies

Achieving a comprehensive cryptographic inventory often requires combining multiple tools and methodologies. Each solution above has blind spots: one might excel at catching code-level issues but miss network usage, another might see network traffic but miss dormant code, etc. Organizations starting a crypto inventory (especially as part of PQC readiness) should evaluate these tools in terms of their environment: for example, pairing a passive network sensor with an agent-based host scanner and a static code analyzer will cover most bases – network, runtime, and code. Many of the vendors themselves support integrations (as seen by partnerships between endpoint and network

PostQuantum - Quantum Computing, Quantum Security, PQC