Quantum Security Awareness for Practitioners – Free Technical Webcast

A free technical briefing co-hosted by SANS Institute and Applied Quantum. Go beyond “quantum breaks RSA” and get the practitioner’s view: what changes in your TLS, PKI, VPN, identity, and software supply chain – and how to start testing and implementing without breaking production.

---

About This Event

This complimentary webcast is designed for security architects, engineers, and cyber defenders who need a practical, no-hype understanding of post-quantum cryptography (PQC) and quantum security and what it means for real systems. Co-hosted by SANS Institute and Applied Quantum.

We’ll keep the introduction short – just enough to align on the threat model and the standards landscape—then we’ll go deeper into the parts that usually get skipped:

• Where PQC actually lands in modern enterprises (protocols, libraries, certificates, HSMs, third-party platforms)
• Why the migration is bigger than an algorithm swap
• What breaks first (often: performance assumptions, interoperability, certificate and handshake sizes, network edge constraints)
• How to get traction fast using inventory + prioritization + crypto-agility patterns

Format: Free live webcast
Duration: 2.5 hours (includes Q&A)
Level: Awareness-first, but architect / implementer-oriented
Cost: Free

---

What You Will Learn

By the end of this session, technical teams will be able to:

• Explain the quantum threat in engineering terms (confidentiality and integrity impacts, including “harvest now, decrypt later” and long-lived trust risks (” trust now, forge later”).
• Describe what NIST has standardized so far – and what that implies for deployment decisions (KEMs vs signatures, and where each appears in real protocols).
• Identify the “blast radius” of PQC across enterprise stacks: TLS termination, mTLS in service meshes, VPN gateways, PKI hierarchies, code signing, device identity, and third-party dependencies.
• Recognize common failure modes early (performance regressions, MTU/fragmentation surprises, certificate chain bloat, middlebox issues, brittle crypto dependencies).
• Understand what a Cryptographic Bill of Materials (CBOM) and cryptographic inventory should contain to support a defensible migration plan.
• Apply practical crypto-agility patterns (abstraction, configuration-driven crypto policy, algorithm negotiation, safe upgrade/rollback, test harnessing).
• Leave with a sample “first 90 days” approach: what to inventory, what to pilot, what to test, and how to avoid expensive dead ends.

---

Topics Covered

This session covers the following topics (with an emphasis on real-world architectures and operational constraints):

1) Threat model and technical context (fast, practical intro)

• CRQC as a planning concept (what “cryptanalytically relevant” actually means for engineering timelines)
• Harvest-now/decrypt-later vs integrity and authenticity risks (“trust now, forge later”)
• “Why now” signals: standards, platform roadmaps, and compliance pressure turning into delivery pressure

2) Standards landscape you can build on

• NIST PQC standards: what’s finalized, what’s next, and why it matters to architects
• KEMs vs signatures in real systems (where key exchange ends and authentication begins)
• Hybrid approaches (why they exist, how they reduce risk, and what they complicate)

3) Where PQC hits first in real enterprise stacks

• TLS 1.3 / HTTPS at the edge: handshake and certificate impacts, termination patterns
• mTLS for east-west traffic (service mesh / microservices) and what “small inefficiencies” become at scale
• VPN and remote access: gateway constraints, device fleets, and “upgrade sequencing”
• PKI and certificate lifecycles: issuance, rotation, chain size, and operational overhead
• Software supply chain: code signing, firmware signing, CI/CD trust roots, artifact verification

4) Network and infrastructure realities

• Performance and scaling assumptions that quietly break (latency, CPU, memory, bandwidth)
• MTU, fragmentation, and “middlebox weirdness”
• Load balancers, proxies, WAFs, CDNs, and cloud-managed TLS: where you can change crypto vs where you can only influence it

5) Cryptographic discovery, inventory, and CBOM (the work nobody can skip)

• What a cryptographic inventory must include to be migration-useful (not just “RSA is used somewhere”)
• Building and operationalizing CBOMs across products, platforms, and vendors
• Continuous crypto discovery (because inventories rot fast)

6) Risk-driven prioritization and migration planning

• How to prioritize when full inventory is not feasible (risk-driven sampling, choke points, long-lived data paths)
• Migration waves: “protect long-life data first” vs “protect the broadest crypto infrastructure first”
• Vendor and third-party dependencies: how to ask for the right evidence (not marketing)

7) Crypto-agility patterns for teams that must ship

• Practical crypto-agility reference patterns (abstraction layers, policy engines, configuration control)
• Designing for algorithm change as a normal operating condition (not an emergency project)
• Testing, rollback, and avoiding one-way doors

---

Why “Wait and See” Is No Longer a Strategy

PQC is not a future-only problem – and for technical teams, the reason is simple: migration lead time is the risk.

Even if you ignore Q-Day forecasting entirely, you still face a very practical reality: cryptography is embedded across protocols, products, libraries, certificates, devices, and vendor ecosystems. The hard part is not selecting an algorithm – it’s discovering dependencies, coordinating change across owners, and validating performance and interoperability before deadlines and incidents force rushed work.

The earlier you test, the fewer surprises you pay for later.

---

Who Should Attend

This webcast is designed for:

• Security architects, enterprise architects, and platform architects
• Cryptography engineers, PKI owners, and certificate services teams
• Network/security engineers responsible for TLS termination, VPNs, gateways, and edge infrastructure
• DevSecOps, SRE, and cloud security teams supporting large-scale mTLS and service connectivity
• Application security and product security teams (especially those who own libraries and build pipelines)
• Security engineering leaders who need a technically credible roadmap (not a slideware plan)

No advanced math or physics required. If you’re comfortable with modern security architecture (TLS/PKI concepts, key management basics, and how systems integrate), you’re the target audience.

---

This Session

Thursday, 2 April 2026

• Time: 7:00 PM CEST | 6:00 PM BST | 9:00 PM GST (Dubai) | 1:00 PM EDT | 10:00 AM PDT

All events in the series: Quantum Security Awareness for Practitioners – Free Technical Webcast Series

---

Want the hands-on version?

This webcast is an awareness-level extract of the material. All topics above will be covered in far greater depth in a 5-day, hands-on course (SEC531) currently being developed by SANS Institute and Applied Quantum, including practical exercises, implementation patterns, and real-world migration playbooks.

---

Registration

This event is co-hosted by SANS Institute and Applied Quantum. Registration is free. RSVP Below.

Please register below using your email address. Within minutes, you will receive a confirmation email containing a calendar invite and the unique Zoom link for the day. If the email does not arrive shortly, please check your junk or spam folder, or contact us at admin@appliedquantum.com.

---

No fluff. No jargon. Just the clarity and next steps security practitioners need. For questions or group registrations, contact Applied Quantum.