Blog

What is "Trust Now, Forge Later" (TNFL)? Most discussions about quantum computing threats focus on “Harvest Now, Decrypt Later” (HNDL) - the idea that adversaries can collect encrypted data today and store it, hoping a future quantum computer will break the encryption and expose sensitive information. This risk is very real, especially for data that needs to remain confidential for decades (think government secrets, health records, long-term intellectual property). In essence, HNDL is a confidentiality threat: today’s intercepted secrets might be decrypted tomorrow. Yet there’s another quantum-enabled danger that receives far less publicity, one that worries me even more. I previously termed it “Sign Today, Forge Tomorrow” (STFT), but more recently, another, probably better term, is gaining traction: “Trust Now, ...

In the recent IBM's “Secure the Post-Quantum Future” report 62% of executives admitted that their organization is waiting for vendors to make them quantum‑safe. In other words, they expect cloud providers, network equipment makers and software vendors to embed post‑quantum cryptography (PQC) so that internal teams can simply apply updates. This mindset is understandable - modern enterprises depend on vast supply chains - but it is also dangerous. Waiting for vendors delays critical preparations, increases operational risk and ignores the reality that boards and CISOs are accountable for protecting their data and systems. Vendors play a crucial role, yet quantum readiness is not something that can be outsourced ...

Preparing a large telecom (or any enterprise) for the post-quantum cryptography era is a massive, multi-faceted undertaking, but it is achievable with foresight, resources, and commitment. We’ve seen that it involves much more than just installing new algorithms - it’s about transforming an organization’s approach to cryptography across potentially thousands of applications and devices, under uncertain timelines and in coordination with many external players. In all likelihood, this quantum-readiness program will be one of the most complex IT/security projects the organization has ever executed, comparable to - or even exceeding - major transformations like the rollout of a new network generation or a large merger integration. The program spans technology, process, and people: from the nuts-and-bolts of lattice-based encryption performance, ...

Whether you personally believe Q-Day will come in 5 years or 50, the world around you isn’t taking chances - and neither can you. As a CISO, you’re now being implicitly (and sometimes explicitly) told by every corner of your ecosystem that quantum preparedness is mandatory. Regulators demand it via hard deadlines. Key clients and partners demand it in contracts and RFPs. Insurers will soon demand it as a condition of coverage. Investors and boards demand it as part of prudent risk management ...

In my opinion, forward-thinking organizations should consider creating a Chief Quantum Officer (CQO) role. Much like those historical electricity executives, a CQO would spearhead the adoption of a disruptive technology that is revolutionary, promising - but widely misunderstood. It’s a provocative idea (even “a job title from Star Trek,” as one commentator quipped ), but it’s quickly moving from speculation to reality. A few bold companies have already appointed CQOs, signaling that quantum tech is becoming a strategic priority, not just a research experiment. I’m personally bullish on quantum’s potential, and while I expect quantum computing to become commoditized in the coming decades (eventually making a CQO as obsolete as the Chief Electricity Officer), I believe that for the next ...

Magic states are special quantum states that enable the universal operations needed for any quantum algorithm, yet which are not themselves easy to produce or protect. In essence, magic states supply the "extra quantum sauce" that elevates a protected quantum computer from what could be emulated on a classical computer to a machine that can outperform classical supercomputers. Recent breakthroughs - from theory and small-scale demonstrations to first experiments on logical (error-corrected) qubits - have shown significant progress in producing and utilizing magic states ...

Thesis: Migration time to safer cryptography is inversely proportional to an organization’s crypto-agility. Formally: Let A denote an organization’s crypto-agility (0 ≤ A ≤ 1) and Y the wall-clock time required to replace a cryptographic primitive across all in-scope systems. Then Y ≈ K ⁄ A for some complexity constant K. As A → 0, Y → ∞. Corollary: Raising A today shortens all future cryptographic migrations - for quantum threats and for classical breaks, policy shifts, or performance needs. This is the practical twin to Mosca’s inequality. Where Mosca tells you why time is short, my "law" tells you what to build so time bends in your favor: agility ...

For three decades, Q-Day has been “just a few years away.” I want to show you how to make your own informed prediction on when Q-Day will arrive. Counting physical qubits by itself is misleading. To break RSA you need error‑corrected logical qubits, long and reliable operation depth, and enough throughput to finish within an attack‑relevant time window ...

The trouble with quantum computing predictions so far has been that too many have been more speculation than science, more influenced by bias than by balanced analysis. We have the tools and knowledge to do better. By embracing a data-driven, scenario-based approach, we can turn timeline forecasting from a source of confusion into a valuable planning aid ...

Quantum sensing technologies are emerging as powerful tools to detect and track UASs, including small and nano-drones that often evade conventional sensors. These quantum sensors, such as quantum radars, quantum LiDARs, atomic magnetometers, and Rydberg RF detectors, exploit phenomena like entanglement, squeezing, and extreme sensitivity of quantum states to reveal faint drone signatures beyond classical limits. However, raw data from both quantum and classical sensors can be weak, noisy, or ambiguous, especially when dealing with tiny drones with low radar cross-sections (~0.01 m²) and minimal emissions. This is where artificial intelligence (AI) becomes indispensable. Modern AI algorithms (deep neural networks, signal classifiers, data fusion models, etc.) play a critical role in processing, interpreting, and enhancing sensor signals, effectively translating subtle ...

From a CISO and business leadership perspective, the ask is clear: we need to secure budget and resources now to begin the multi-year journey of quantum-proofing our organization. This includes funding for risk assessments, cryptographic inventory tools, new encryption software/hardware, staff training or hiring, and pilot projects to start integrating PQC. The investment is justified not only by the avoidance of a potentially catastrophic future breach, but by the immediate gains in cyber hygiene, compliance readiness, and competitive positioning that we’ve outlined. In an urgent, risk-based approach, starting early is the only viable strategy - it spreads out costs, reduces uncertainty, and ensures we won’t be caught unprepared ...

AI is reshaping businesses across industries, and corporate boards are increasingly expected to oversee AI strategy, ethics, and risk management. In fact, the number of S&P 500 companies formally assigning AI oversight to a board committee more than tripled in 2025, and nearly half of Fortune 100 companies now highlight AI expertise in their directors’ qualifications. This surge underlines an urgent need for governance frameworks that keep pace with AI-driven innovation. Boards can no longer afford to treat AI as just an IT issue; it has become a strategic imperative - one that demands informed oversight at the highest level ...