Say Easy, Do Hard - Crypto-Agility - BSW #440
From Business Security Weekly (Audio) by Matt Alderman
March 25, 2026 · 52 min
About this episode
The episode discusses the challenges and frameworks for migrating to quantum-safe security in light of the approaching Q-Day.
With Q-day getting closer, regulatory guidance pushing firms to migrate to quantum security in the next five years, and an extensive remediation backlog waiting to be discovered, security leaders must start their quantum security migration today. Easier said than done. In this Say Easy, Do Hard segment, we discuss the quantum-safe journey using a framework for crypto-agility. In part 1, we define cryptographic agility, or crypto-agility for short, and why it's important. Crypto-agility is not just about transitioning to quantum-safe cryptography in the nimblest way possible, and it's not something that can be achieved merely by updating encryption algorithms and protocols. Instead, you need to adapt your organization's cryptographic architecture, automation, and governance to allow for greater control and flexibility. In part 2, we discuss a framework for discovery, prioritization, and remediation while keeping crypto-agility in mind. A quantum-safe journey requires: Inventory of Systems With Non-Quantum-Safe Algorithms And Protocols System Prioritization, Leading To A Migration Roadmap Remediation, Including Vendors And Partners Once a distant possibility, Q-Day is quickly…
People in this episode
Host: Matt Alderman
Topics covered
- quantum security
- crypto-agility
- migration roadmap
- cryptographic architecture
- remediation
- system prioritization
Keywords
- quantum security
- crypto-agility
- Q-Day
- migration roadmap
- cryptographic architecture
- remediation
- system prioritization
Mentioned in this episode
Organizations: IBM
Books & works: PQC-Migration-Roadmap-PQCC-2.pdf, PQCC-Inventory-Workbook.xlsx, cryptoscan-guide.html, quantum-safe-cbomkit
More episodes of Business Security Weekly (Audio)
- The Next Frontier: Autonomous Security and RSAC Interviews from Quantro & SandboxAQ - Marc Manzano, Mark Hughes, Mehul Revankar - BSW #445 · April 29, 2026 · 1h 10m
- From Shame to Fame: Changing Behaviors and RSAC Interviews from Tanium and Illumio - Andrew Rubin, Craig Taylor, Tim Morris - BSW #444 · April 22, 2026 · 1h 8m
- Not All CISO Gigs Are Created Equal and RSAC Interviews from ESET and Mimecast - Rob Juncker, Joanna Chen, Tony Anscombe - BSW #443 · April 15, 2026 · 1h 11m
- Zero Trust Readiness and Two RSAC 2026 Interviews from Fenix24 and Absolute Security - John Bruggeman, Christy Wyatt, John Anthony Smith - BSW #442 · April 8, 2026 · 1h 7m
- Executive Paralysis and Two Pre-Recorded RSAC 2026 Interviews from DigiCert and Okta - Amit Sinha, Ann Marie van den Hurk, Matt Immler - BSW #441 · April 1, 2026 · 1h 2m
- Language of the Board as CISO-Board Time Falls Short and CISOs Struggle with Risk - Ben Wilcox - BSW #439 · March 18, 2026 · 57 min
Explore listener stats, chart rankings, contacts and more on the Business Security Weekly (Audio) podcast page.