Shielded: The Last Line of Cyber Defense

Phased Timelines: DSCI roadmap for India's PQC migration

India is accelerating its transition to quantum-safe systems to protect its vast digital public infrastructure. The Data Security Council of India has been instrumental in shaping a roadmap that addresses the unique challenges of the Indian ecosystem. High transaction volumes and deeply interconnected systems make organizational security a paramount concern for national stability. The roadmap defines two distinct tracks for migration based on the criticality of the systems involved. Critical information infrastructure must achieve full migration by the end of 2029, while general enterprises have a slightly longer horizon ending in 2033. These timelines reflect recent scientific updates suggesting that cryptographically relevant quantum computers may arrive sooner than previously anticipated. Successful migration requires more than just replacing algorithms; it demands a focus on cryptographic agility and sovereign security needs. By aligning with global standards like NIST while maintaining the flexibility for national requirements, India aims to ensure long-term viability in the quantum era. The strategy emphasizes that quantum resiliency is a broad organizational mandate rather than a simple technical update. What you’ll learn * The specific milestones for India’s critical information infrastructure transition. * How India’s digital public infrastructure influences its national quantum strategy. * The difference between national advisory guidelines and sectoral enforcement. * Why the 2029 horizon is becoming a global benchmark for quantum readiness. * The importance of cryptographic agility in modern system design. * Practical steps for organizations to begin their quantum risk assessments today. About Teja Chintalapati and Vinayak Godse Vinayak Godse is the CEO of the Data Security Council of India and has spent nearly three decades building national cybersecurity frameworks. He chaired the committee responsible for devising India’s quantum migration roadmap.  Teja Chintalapati is a senior consultant at DSCI specializing in quantum resiliency and cybersecurity strategy. Your roadmap to quantum resilience [02:17] Step 1: Analyze the historical context of India’s quantum focus Vinayak shares how India’s interest in quantum technology dates back to 2015. He explains the evolution from theoretical research to the creation of a national task force for quantum-safe migration. Key Question: Does your organization’s history with emerging tech inform your current security strategy? [10:19] Step 2: Understand the scale of India’s digital public infrastructure The guests describe the massive volume of digital transactions in India facilitated by systems like UPI and Aadhaar. They discuss how this democratization of digital access necessitates a robust quantum defense. Key Question: How does the interconnected nature of your digital ecosystem increase your quantum risk? [23:44] Step 3: Implement aggressive timelines for critical sectors Teja outlines the specific milestones for critical information infrastructure, aiming for full migration by December 31, 2029. He discusses why these aggressive targets are necessary given the changing geopolitical landscape. Key Question: Are your internal migration deadlines aligned with the accelerating threat of quantum computing? [33:08] Step 4: Balance global interoperability with sovereign security The discussion covers the use of NIST standards alongside the potential for sovereign Indian algorithms. Vinayak emphasizes that cryptographic agility is the primary tool for managing this balance. Key Question: Is your infrastructure agile enough to adopt new algorithms without system-wide failures? [41:24] Step 5: Leverage existing best practices for immediate action The guests advise organizations to start with available global materials and risk assessment frameworks. They highlight that the vendor ecosystem is already shifting to support quantum-safe capabilities. Key Question: What steps can you take today to evaluate your most critical cryptographic dependencies? Episode resources Vinayak Godse on LinkedIn [https://www.linkedin.com/in/vinayakgodse/] Teja Chintalapati on LinkedIn [https://www.linkedin.com/in/tejachintalapati/] Want exclusive insights on quantum migration? Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.  ✔ Get insider knowledge from leading cybersecurity experts.  ✔ Learn practical steps to future-proof your organization.  ✔ Stay updated on regulatory changes and industry trends. Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so [https://www.fame.so/?utm_medium=podcast&utm_source=bcast&utm_campaign=masters-of-community-with-david-spinks?utm_medium=podcast&utm_source=bcast&utm_campaign=fame-client]

Curing Inventory Paralysis: Perfect Data is the Enemy of real-world Progress

The migration to quantum-safe systems is often stalled by a desire for perfect visibility. Antti Ropponen joins host Jo Lintzen to discuss why waiting for a 100% accurate inventory often leads to inaction. Drawing on years of experience in cloud modernization, Antti highlights the similarities between "lifting and shifting" workloads and simply swapping cryptographic algorithms. The conversation covers the necessity of moving beyond technical silos. Antti shares insights from an IBM study showing that the majority of quantum-safe programs now live outside the CISO office, often residing within CTO or digital transformation departments. He provides a framework for prioritizing migration based on risk, regulation, and business value, while offering practical advice on funding these multi-year programs by integrating them into existing IT refresh cycles. What You’ll Learn * Why the 2019 South European bank project served as a lightbulb moment for quantum risk * How to avoid the trap of "inventory paralysis" during discovery phases * The dangers of treating quantum migration as a simple "flick of a switch" exercise * Why post-quantum cryptography programs are moving from the CISO to the CTO office * Methods for using regulation as a prioritization factor rather than just a checkbox * Strategies for quantifying risk reduction to build a compelling financial business case * Nuances in migration priorities between the financial and pharmaceutical sectors * How to treat quantum-safe transitions as "business as usual" engineering About Antti Ropponen  Antti Ropponen serves as the Global Quantum Safe Transformation Leader at IBM Consulting. He drives the execution and scaling of quantum-safe programs across EMEA, working directly with CISOs and CTOs to move organizations from theoretical risk toward real-world migration. With a background in cloud migration and security modernization, Antti focuses on the organizational and architectural complexities of large-scale cryptographic transitions. Your Roadmap to Quantum Transformation [00:08:19] Step 1: Avoid the Inventory Paralysis Trap  Organizations often stall their progress by trying to achieve a perfect, 100% accurate inventory before taking action. Data quality fluctuates quickly as systems change, making a complete snapshot nearly impossible. Focus instead on risk-based classification to identify where the most critical vulnerabilities live.  Key Question: Are you waiting for a perfect list of assets before starting your mitigation planning? [00:16:36] Step 2: Adopt Cryptographic Landing Zones  Drawing on cloud migration best practices, organizations should utilize reference architectures and target patterns. Following established templates ensures that necessary security boxes are checked without requiring a deep dive into every individual system component.  Key Question: Can you simplify your transition by applying standardized architectural patterns to your critical trust flows? [00:21:10] Step 3: Elevate the Program Beyond Technical Silos  Successful migration is an organizational and cultural transformation rather than a localized security project. Because these programs require coordination across hundreds of teams, they often find a more natural home in the CTO office or a digital transformation department where they have broader visibility.  Key Question: Does your quantum-safe program have the organizational authority to influence the backlogs of application and platform teams? [00:26:19] Step 4: Use Regulation as a Prioritization Factor  Compliance frameworks like GDPR or the Cyber Resilience Act should be treated as tools for making a business case. By integrating regulatory requirements into your risk score, you can prioritize efforts that offer the highest value in terms of both resilience and legal standing.  Key Question: Is regulation driving your roadmap, or is it one factor in a more holistic risk-based strategy? [00:31:08] Step 5: Embed Migration into Existing Refresh Cycles  Building a business case is easier when you align quantum-safe requirements with existing digital transformation or infrastructure refreshment programs. This approach avoids creating a "net new" legacy and ensures that future projects are quantum-safe by design from day one.  Key Question: Which upcoming IT modernization projects can serve as a vehicle for your post-quantum upgrades? Episode Resources * Antti Ropponen on LinkedIn [https://www.linkedin.com/in/antti-ropponen/] * Johannes Lintzen on LinkedIn [https://www.linkedin.com/in/jolintzen/]  * PQShield Website [http://www.pqshield.com]  Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so [https://www.fame.so/?utm_medium=podcast&utm_source=bcast&utm_campaign=masters-of-community-with-david-spinks?utm_medium=podcast&utm_source=bcast&utm_campaign=fame-client]

Moving From Awareness To Action: The Board's Role In Organizational Resilience

Most organizations currently view the arrival of a cryptanalytically relevant quantum computer as a distant technical concern, but Louise Davey argues that it is a present-day governance crisis requiring immediate board-level action. In this episode, she explores how technical practitioners can successfully carry this issue to the top of an organization by moving the conversation away from qubits and toward fiduciary duty and operational resilience. Louise highlights the unique timing offset inherent in the "harvest now, decrypt later" threat, which complicates traditional risk management because the decisions made today affect a security landscape that will manifest long after current leaders have moved on. The discussion further examines the three primary breakages that quantum computing causes in standard risk models, specifically regarding ownership, remediation, and the foundational assumptions of digital trust. Louise points out that many organizations fail by treating the quantum transition as an IT project. She clarifies that while IT is an essential enabler for execution, the business must own the strategy and accountability to ensure multi-year programs receive the necessary budget and sustained focus. When the strategy lacks business-led ownership, it risks stalling during the long slog of defending the program through various political complexities. The discussion concludes with actionable advice for boards to move from awareness to execution through expert advisory and rapid risk assessments. Louise explains the incredible power of an inquiring board to shift organizational priorities overnight. By asking the right questions and recording them in meeting minutes, boards can transform a slow-moving technical initiative into a high-priority mandate for organizational resilience.  What you’ll learn * How to translate technical quantum risks into the language of business. * Why the timing offset makes quantum risk different from traditional cyber threats. * * The three primary breakages in standard risk management caused by quantum computing. * Why IT should be the executor rather than the owner of a transformation. * The importance of a business-led steering committee for accountability. * The first practical steps boards can take to begin the transition. About Louise Davey Louise Davey is the president of LDIQ and an expert in quantum readiness and post-quantum cryptography. She is the author of Quantum How, a guide for leadership in the quantum era, and brings a unique perspective as a former experimental nuclear physicist who transitioned into business leadership. Your roadmap to quantum resilience [01:14] Step 1: Connect physics with business dynamics Louise shares how her background in experimental nuclear physics helped her understand the structural dynamics of large organizations. She discusses the transition from laboratory research to the business world and how these two fields intersect in the quantum era. Key Question: Is your leadership team viewing quantum readiness through a scientific lens or a business lens? [08:37] Step 2: Reframe the conversation for the boardroom Technical practitioners often focus on qubits and algorithms, but these concepts can lose the attention of executive leadership. Louise explains how to shift the dialogue toward operational resilience and the potential impacts on an organization’s long-term viability. Key Question: How can you translate cryptographic vulnerabilities into measurable business impacts like reputation and compliance? [15:30] Step 3: Address the timing offset and digital trust The risk of harvest now, decrypt later means that the actions taken today affect the security of the organization in the future. Louise describes how this dynamic invalidates current assumptions about digital trust and identity. Key Question: Does your current risk management framework account for threats that will manifest long after the initial data harvest? [23:08] Step 4: Establish business ownership of the transformation A common failure mode in large transformations is the assumption that IT should lead the initiative. Louise emphasizes that IT is an enabler and that the strategy must be driven by business leadership through structured committees. Key Question: Who in the business is presiding over the committee that is accountable for your quantum transition? [37:00] Step 5: Move from awareness to actionable advisory The final step involves securing expert guidance to educate the board and senior executive teams. Louise outlines the importance of performing a rapid risk assessment to ensure the organization is directionally correct from the start. Key Question: Has your board been equipped with the right questions to challenge the information they receive about quantum risk? Episode resources Louise Davey on LinkedIn [https://www.linkedin.com/in/louisedavey/] LDIQ Website  [https://ldiq.ca/] Johannes Lintzen on LinkedIn  [http://linkedin.com/in/jolintzen/?skipRedirect=true] PQShield Website [https://pqshield.com/] Want exclusive insights on quantum migration? Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts. ✔ Get insider knowledge from leading cybersecurity experts. ✔ Learn practical steps to future-proof your organization. ✔ Stay updated on regulatory changes and industry trends. Need help subscribing? Click here [https://www.fame.so/follow-rate-review] for step-by-step instructions. Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so [https://www.fame.so/?utm_medium=podcast&utm_source=bcast&utm_campaign=masters-of-community-with-david-spinks?utm_medium=podcast&utm_source=bcast&utm_campaign=fame-client]

RSA Conference 2026: Views on quantum-safe migrations

At RSA Conference 2026, the conversation around post-quantum cryptography has clearly shifted. The “why” is no longer the challenge. Organizations understand the risk and the real struggle now lies in execution.  In this episode, Aisling Dawson of ABI Research and Itan Barmes of Qiz Security unpack what’s slowing progress. From fragmented cryptographic inventories to unclear ownership and budget constraints, the barriers are as much organizational as they are technical.  They explore why chasing a perfect inventory can stall action, why ecosystem coordination is the hardest problem to solve, and how regulation, vendor readiness, and internal alignment all play a role. The takeaway is: start small, focus on what matters, and build momentum. Quantum migration isn’t a one-time project. It’s a long-term shift in how organizations approach security. What You’ll Learn: * Why quantum conversations are losing visibility despite growing importance * What is actually slowing down post-quantum migration today * Why cryptographic inventory alone is not enough * What cryptographic posture management really means * How to avoid “analysis paralysis” in crypto discovery * Why ecosystem synchronization is the biggest challenge * How regulation is shaping (and slowing) adoption * Why organizational alignment matters as much as technology * What practical first steps enterprises should take in 2026 * Why starting imperfectly is better than waiting Your Roadmap to Quantum Readiness [01:19] Step 1: Awareness Is No Longer the Problem Quantum risk is now widely understood. The challenge has moved on from convincing people that it matters to figuring out how to act on it. Organizations are moving from strategy discussions to real implementation decisions, and that is where progress slows down. Key Question: Are you still discussing why quantum matters, or have you started figuring out how to act on it? [02:17] Step 2: Execution Is Harder Than Expected Budget constraints, performance limitations, and incomplete standards are making implementation difficult. Many organizations underestimated the complexity of integrating quantum-safe cryptography into existing systems. Key Question: Have you accounted for the real operational and financial cost of migration? [05:59] Step 3: Visibility Comes First, But Perfection Is a Trap Cryptographic inventory is a necessary first step, but chasing 100% visibility can stall progress. Getting partial visibility and acting on it is far more effective than waiting for a perfect picture. Key Question: Are you waiting for complete visibility before taking action? [07:39] Step 4: From Inventory to Posture Management Knowing what cryptography exists is not enough. Organizations need to understand risk, prioritize assets, and take action. Cryptographic posture management connects visibility with remediation. Key Question: Do you know not just what you have, but how secure it actually is? [10:02] Step 5: This Is a Business Problem, Not Just a Technical One Quantum migration decisions depend on business context. Parameters like asset criticality, lifecycle, cost, and operational impact all matter, and technical fixes alone are not sufficient. Key Question: Are your quantum decisions aligned with business priorities? [24:29] Step 6: Start Small, But Start Now Organizations do not need perfect plans to begin. Building internal alignment, securing executive buy-in, and taking incremental steps can unlock progress. Waiting only increases risk. Key Question: What is the smallest meaningful step you can take today? Episode Resources Aisling Dawson on LinkedIn [https://www.linkedin.com/in/aisling-dawson-76378a262/]ABI Research Website [https://www.abiresearch.com]Itan Barmes on LinkedIn [https://www.linkedin.com/in/itanbarmes/]Qiz Security Website [https://qizsecurity.com]PQShield Website [http://www.pqshield.com]  Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so [https://www.fame.so/?utm_medium=podcast&utm_source=bcast&utm_campaign=masters-of-community-with-david-spinks?utm_medium=podcast&utm_source=bcast&utm_campaign=fame-client]

Breaking Silos: Resilience as a Cross-Functional Mandate

Post-quantum cryptography is often framed as a future technical upgrade. Carolina Polito approaches it as an organizational transition that is already underway. In this episode of Shielded: The Last Line of Cyber Defense, Carolina explores how quantum readiness moves beyond awareness into execution. She begins by reframing how we think about technology itself. Systems are not neutral tools. They are shaped by societal decisions and, in turn, shape the institutions that rely on them. This perspective helps explain why quantum readiness cannot be confined to technical teams alone. The conversation then moves into operationalization. While most organizations recognize the quantum threat, translating that awareness into action remains a challenge. Carolina explains why attempting a complete inventory of cryptographic assets can slow progress and why prioritization is more effective. By focusing on high-value, long-lived, and exposed assets, organizations can begin building a practical migration strategy. Vendor ecosystems emerge as a central theme. Many cryptographic dependencies sit outside direct control, making vendor engagement critical. Carolina outlines what organizations should look for, including transparency around cryptographic usage, transition roadmaps, and crypto agility. At a policy level, the discussion explores Europe’s approach to quantum readiness. While there is progress across member states, coordination remains complex. Standards, procurement, and national strategies need to evolve together rather than in sequence. The absence of post-quantum requirements in emerging digital systems also highlights missed opportunities that could increase future costs. Carolina closes with a practical lens. Organizations do not need to solve everything at once. Assigning ownership, prioritizing key assets, and embedding quantum readiness into existing processes can create momentum without overwhelming the system. What You’ll Learn: * Why quantum readiness is an organizational and managerial challenge * Why complete cryptographic inventory is less useful than prioritization * How to identify high-value, no-regret starting points * What defines a quantum-ready vendor * Why crypto agility is critical for long-term resilience * How supply chain dependencies shape migration complexity * Where Europe stands on PQC coordination and policy * Why standards, procurement, and strategy must move in parallel * How new digital systems can create future retrofit challenges * What the first practical step toward quantum readiness looks like Carolina Polito is a researcher in the cybersecurity program at the Center for European Policy Studies and a PhD candidate in international relations at LUISS University in Rome. Her work focuses on cybersecurity, governance, and geopolitics, with a particular emphasis on how emerging technologies shape institutional capabilities and policy decisions. YOUR ROADMAP TO QUANTUM RESILIENCE [03:39] Step 1: Technology Shapes Institutional Boundaries Carolina introduces a broader lens. Technology is not neutral. It influences how institutions operate and what they are able to do. This framing shifts quantum readiness from a technical upgrade to something structural within organizations. Key Question: Are your systems shaping your capabilities in ways you fully understand? [08:04] Step 2: Moving From Awareness to Execution Awareness of quantum risk is already widespread. The challenge now is turning that awareness into a structured transition. Carolina explains why organizations need a workable approach that aligns migration with existing processes. Key Question: Do you have a transition plan that fits how your organization already operates? [11:41] Step 3: Prioritization Over Perfect Visibility Trying to map every cryptographic asset can create more noise than clarity. Carolina highlights the importance of focusing on what is critical rather than attempting completeness. Key Question: Are you focusing on what matters most or trying to see everything? [19:19] Step 4: Vendor Readiness Shapes Your Progress A large portion of cryptographic risk sits within vendor ecosystems. Carolina outlines what organizations should look for when evaluating vendors and why their readiness directly impacts your own transition. Key Question: Do your vendors enable your transition or create hidden dependencies? [20:41] Step 5: Start With No-Regret Use Cases Rather than solving everything at once, organizations can begin with assets that are high value, highly exposed, and difficult to replace later. These decisions shape long-term resilience. Key Question: Which assets would you regret not protecting early? [34:52] Step 6: Coordination Must Happen in Parallel Quantum readiness requires multiple efforts to move at the same time. Standards, procurement, and strategy cannot wait on each other. Progress depends on coordination across these areas. Key Question: Are your efforts moving together or waiting on each other? Episode Resources Carolina Polito on LinkedIn [https://www.linkedin.com/in/carolina-polito]Center for European Policy Studies (CEPS [https://www.ceps.eu/]) Johannes Lintzen on LinkedIn [https://www.linkedin.com/in/jolintzen]PQShield Website [https://pqshield.com/] Want exclusive insights on quantum migration? Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts. ✔ Get insider knowledge from leading cybersecurity experts. ✔ Learn practical steps to future-proof your organization. ✔ Stay updated on regulatory changes and industry trends. Need help subscribing? Click here [https://www.fame.so/follow-rate-review] for step-by-step instructions. Shielded: The Last Line of Cyber Defense is handcrafted by our friends over at: fame.so [https://www.fame.so/?utm_medium=podcast&utm_source=bcast&utm_campaign=masters-of-community-with-david-spinks?utm_medium=podcast&utm_source=bcast&utm_campaign=fame-client]