As quantum computing accelerates, organizations can no longer treat cryptographic migration as a distant technical task. Dr Richard Searle of Fortanix explains how confidential computing and a software-first model enable enterprises to adopt post-quantum cryptography (PQC) rapidly while maintaining control, compliance, and agility. He describes how Fortanix integrates standardized PQC algorithms within trusted execution environments to protect data in use, at rest, and in motion, providing a verifiable layer of defense against quantum-era threats. Richard clarifies that crypto agility, not a one-off migration, is the real target, enabling algorithm rotation and policy enforcement as new standards evolve. He also outlines how global companies must account for regional algorithm preferences, such as those emerging in Europe and Asia, without fragmenting global operations. Through examples from finance and technology sectors, he highlights how auditability, attestation, and workload geolocation now define compliance readiness across DORA, GDPR, and CNSA 2.0 frameworks. The discussion reinforces that migration is as much about policy, inventory, and evidence as it is about cryptography itself. The lesson is direct: begin the transition now, build measurable posture, and design architectures that can adapt before regulators and attackers dictate the timeline. What You’ll Learn: How confidential computing underpins a secure execution base for PQC migration. Why crypto agility, not one-off migration, defines long-term resilience. How to manage regional algorithm differences while maintaining global compatibility. How attestation, geolocation, and immutable logs turn compliance into proof of control. The role of inventory management and performance assessment in sequencing PQC rollout. How to balance human approval with machine-based cryptographic execution through APIs. Why finance and technology are leading sectors in post-quantum adoption. Why starting now lowers cost, builds capability, and prevents a rushed, regulator-driven scramble. Dr Richard Searle is the Chief AI Officer at Fortanix, a global leader in confidential computing and data security. He leads Fortanix’s strategy at the intersection of cryptography, AI security, and post-quantum readiness, helping enterprises protect data across hybrid multi-cloud environments. With a background in systems engineering and safety-critical design, Richard brings more than two decades of experience in building secure, compliant, and resilient systems for both private and public sectors. Before becoming Chief AI Officer, Richard served as Fortanix’s Vice President of Confidential Computing and played a pivotal role in advancing the company’s confidential computing platform, which secures data in use through trusted execution environments. He has also served as the Chair of the End-User Advisory Council and General Members’ Representative to the Governing Board of the Confidential Computing Consortium under the Linux Foundation. A Doctor of Business Administration from Henley Business School, University of Reading, Richard continues to contribute to research in AI and defense security. He serves as Principal Investigator for Fortanix within the U.S. NIST AI Safety Institute Consortium (AISIC) and the UK Integrated Quantum Network (IQN) Hub. Known for his clarity and discipline in security architecture, Richard focuses on helping global enterprises design for crypto agility, regulatory assurance, and quantum-safe innovation. Your Roadmap to Quantum Resilience [03:14] Step 1: Establish a Confidential Computing Base - Quantum resilience begins with protecting what matters most, which is “data in use.” Richard explains how trusted execution environments create an invisible shield around sensitive workloads, keeping information safe even while it is being processed. Fortanix’s software-first foundation allows this protection to extend across cloud and on-premises systems, without the delays of hardware dependencies. Establishing this base gives enterprises the confidence to deploy new algorithms, test PQC performance, and maintain control wherever their data flows. Key Question: Which of your workloads process the most sensitive data and need in-use protection today? [05:45] Step 2: Design for Crypto Agility from Day One - Every organization entering the quantum era must prepare for change. Richard highlights the need to design systems that can adapt, rotating algorithms, refreshing keys, and updating parameters through policy rather than rebuilds. This mindset transforms cryptography from a fixed asset into a flexible service that evolves alongside emerging standards. By embedding agility from the start, enterprises can move with the pace of regulation and innovation instead of reacting to it. Key Question: How easily can your teams change algorithms when new standards arrive? [09:10] Step 3: Plan for Regional Algorithm Variants - Global operations demand awareness of regional differences in cryptographic policy. While NIST drives the global baseline, Europe and Asia are advancing their own approaches, such as Classic McEliece and FrodoKEM, to strengthen local sovereignty. Fortanix addresses this diversity through a single control plane that can manage multiple algorithms while maintaining unified governance. Organizations that prepare for regional variance today will stay compliant and operationally aligned as new mandates emerge. Key Question: Are your policies ready to accommodate regional algorithm choices without breaking global consistency? [16:15] Step 4: Turn Compliance into Evidence - Compliance becomes a source of trust when it can be proven. Richard shows how attestation and workload geolocation enable enterprises to demonstrate exactly where and how data was processed. Immutable logs and signed records create a transparent audit trail, satisfying frameworks like GDPR, DORA, and CNSA 2.0. This approach shifts compliance from a reporting exercise to a living proof of security discipline and accountability. Key Question: Can you present verifiable proof of control, location, and authorization for sensitive workloads? [19:22] Step 5: Inventory, Evaluate Performance, and Sequence by Exposure - A strong migration plan begins with visibility. Richard outlines how teams can build an accurate inventory of keys, certificates, and machine identities, then analyze which are most exposed or critical to business continuity. Fortanix’s data security platform supports this assessment, enabling phased implementation that balances performance with risk. By starting with the systems that face customers and regulators, organizations gain both resilience and credibility in their transition to PQC. Key Question: Which high-exposure services in your organization should move first toward PQC? [21:01] Step 6: Govern with Humans, Execute with Machine Identities - As automation expands, clarity of control becomes vital. Richard describes how Fortanix maintains human oversight through quorum approvals while allowing machine identities to perform cryptographic operations within defined boundaries. This structure preserves accountability and enables scale, empowering secure automation for code signing, data exchange, and AI workflows. True governance lies in this balance, human intent directing machine execution through policy and precision. Key Question: Where can you introduce automation that enhances control rather than replacing it? Episode Resources Richard Searle on LinkedIn Fortanix Website Johannes Lintzen on LinkedIn PQShield Website Want exclusive insights on quantum migration? Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts. ✔ Get insider knowledge from leading cybersecurity experts. ✔ Learn practical steps to future-proof your organization. ✔ Stay updated on regulatory changes and industry trends. Need help subscribing? Click here for step-by-step instructions.

Hardware security modules (HSMs) have quietly powered the digital economy for decades, but are they ready for the quantum era? In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen speaks with Bruno Couillard, CEO and co-founder of Crypto4a, about his journey from designing the original Luna HSM to building the next generation of quantum-safe hardware. Bruno explains the crucial difference between being PQC-ready and PQC-providing, why classic HSMs can’t simply be patched into the future, and how cloudification and crypto-agility will redefine security infrastructure for decades to come.

What if quantum computing grabs the headlines, but the real risk is complacency about cryptography? In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen welcomes Mike Silverman, Chief Strategy & Innovation Officer at FS-ISAC. Mike shares why treating cryptographic migrations as one-off projects leaves organisations exposed, how building inventories and risk-based models creates real readiness, and why crypto-agility, not quantum anxiety, is the foundation for long-term security. Learn how to prioritise crown-jewel systems, what timelines like 2030 and 2035 really mean, and why vendor coordination and PKI standards could decide the success of your migration.

Quantum threats may feel distant, but your migration shouldn’t be. In this episode of Shielded: The Last Line of Cyber Defense, host Jo Lintzen talks with Will Collison, Interim Global Head of Cryptography at HSBC. Will explains why enterprises must start now and measure as they go, how to separate PQC, QKD, and quantum computing, and why cryptographic agility is the real objective. Expect practical guidance on executive buy-in, vendor dependencies, critical-system prioritization, and the cost logic that makes an early start the only rational choice.

What if quantum computing feels like a distant threat, but your timeline to prepare is already running out? In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen welcomes Adrian Neal, Senior Director and Global Lead for Post-Quantum Cryptography at Capgemini. Adrian shares the urgent realities of PQC migration, from why a three-to-five-year plan is really an eight-year journey to the performance shocks of new algorithms and the critical need for crypto-agility. Learn why apathy is the greatest risk, how regulatory pressure could unlock boardroom action, and where CISOs must start to build quantum-ready systems today.

What does it take to keep the world’s most widely used cryptographic library secure in the quantum era? In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen welcomes Tomáš Mráz, Director of the OpenSSL Software Foundation, and Jon Ericson, Community Manager at the Foundation. Together, they explore OpenSSL’s evolution, from its 25-year legacy to its upcoming OpenSSL 3.6 release, hybrid cryptography, and the global effort to achieve FIPS certifications for post-quantum algorithms. Learn how community contributions, funding models, and industry partnerships are shaping OpenSSL’s role in securing the internet’s future.

What if quantum computing feels years away, but your migration to post-quantum cryptography needs to start today? In this episode of Shielded: The Last Line of Cyber Defense, host Jo Lintzen welcomes Kevin Hilscher, Senior Director of Product Management at DigiCert. Kevin shares the practical realities of PQC adoption, from TLS 1.3 prerequisites and hybrid cryptography to vendor readiness and global regulatory timelines. Learn where enterprises should begin and why early discovery is critical. Expect practical steps, clear insights, and a candid call for earlier discovery, smarter planning, and quantum-ready systems.

What if treating post-quantum cryptography like Y2K is your first and most dangerous mistake? In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen welcomes Yolanda Reid, former IBM Consulting leader and U.S. defense veteran, to explain why PQC is not a patch, but a permanent shift in how we secure systems, train teams, and think about risk. From executive blind spots to the realities of “designing for breakage,” Yolanda offers a clear-eyed view of what must change and why five years may already be too late. Expect sharp truths, practical direction, and a call for leaders to act now before quantum becomes the blindside nobody planned for.

It’s been one year since NIST finalized its post‑quantum cryptography (PQC) standards, a milestone that sparked urgency across government, industry, and security leaders. In this special episode of Shielded: The Last Line of Cyber Defense, we revisit those early conversations about PQC migration to see how far we’ve come (and how far we still have to go). Host Johannes Lintzen is joined by experts from NIST, DHS, Cloudflare, Signal and leading hardware security companies to reflect on what’s working, what’s stalled, and why this migration can’t wait any longer.

What if your hardware is leaking secrets before your software even boots? In this episode of Shielded: The Last Line of Cyber Defense, Johannes Lintzen sits down with Ferhat Yaman, a security researcher at AMD’s Product Security Office, to explore the front lines of post-quantum cryptography, hardware vulnerabilities, and AI privacy. From electromagnetic side-channel attacks to homomorphic encryption, Ferhat shares practical insights from years of research and testing across AMD, academia, and open source projects. Learn what it takes to build and test hardware for a post-quantum world.

What if the biggest threat to your cybersecurity strategy isn’t quantum computing, but humans? In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen welcomes Professor Bill Buchanan, OBE, FRSE, a global leader in applied cryptography, digital trust, and secure system design. Bill shares the origins of public key cryptography and the challenges of migrating beyond RSA and ECC. Learn why cryptographic agility is essential, where the biggest vulnerabilities lie, and how standards like FIPS 140 and TLS are laying the groundwork for a secure future. Expect blunt truths, clear insights, and an urgent call for better systems, smarter engineers, and more public understanding.

How do you prepare for post-quantum cryptography when your devices will still be in the field 20 years from now? In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen is joined by Cassie Crossley, Vice President of Supply Chain Security in the Global Cybersecurity & Product Security Office at Schneider Electric. Cassie shares the hard-earned lessons from a multi-year crypto agility program in one of the world’s largest OT environments. From supply chain transparency to legacy encryption risks, she breaks down what it takes to prepare critical infrastructure for the quantum era.

Quantum readiness isn’t about “predicting when,” it’s about “preparing now.” In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen sits down with Dr. Jeremy Bradley, Principal Technical Director at the UK’s National Cyber Security Centre (NCSC), to explore the UK’s newly released guidance on migrating to post-quantum cryptography. Jeremy shares why the NCSC chose a pragmatic, timeline-driven approach, how organisations can manage legacy infrastructure without fear, and why PQC migration is a cybersecurity challenge, not just a cryptographic one.

You can’t patch your way out of quantum exposure, especially when your hardware refresh cycle is a cryptographic deadline. In this episode of Shielded, Johannes Lintzen sits down with Mamta Gupta of Lattice Semiconductor to explore how hardware-rooted security must evolve to meet the post-quantum challenge. Mamta unpacks the real-world threat of “Harvest Now, Decrypt Later,” explains why crypto agility is essential for long-lifecycle devices, and shares clear, actionable steps to build quantum resilience from silicon to software. Learn how FPGAs provide a reprogrammable, future-ready foundation, what CNSA 2.0 mandates, and why your next hardware refresh cycle may be your last chance to stay ahead. If your business touches critical infrastructure, long-life devices, or digital supply chains, this episode is your wake-up call.

In this special RSA 2025 edition of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen gathers four leading voices from the world of hardware security to discuss a cornerstone technology powering the post-quantum migration: the Hardware Security Module (HSM). Featuring insights from Entrust, Thales, Futurex, and Utimaco, this episode breaks down how HSMs are evolving to support cryptographic agility, comply with new standards like CNSA 2.0 and FIPS 203/204/205, and why waiting to upgrade your HSMs is no longer an option.

Quantum threats aren’t hypothetical, they’re operational risks hiding in your cryptographic stack. In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen sits down with Dr. Garfield Jones from CISA to dive into the practical steps for post-quantum migration, making the case that waiting until 2035 is far too late. Dr. Jones breaks down his APA framework (Awareness, Preparedness, Action) and explains why organizations need to act now to secure their infrastructure against the quantum threat. Learn how to take inventory, align procurement, tackle legacy infrastructure, and embed PQC into your vendor strategy before the clock runs out.

Your cryptography may be stuck in 2010, and attackers are betting on it. In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen speaks with Hart Montgomery, Technical Director at The Linux Foundation, about how outdated cryptographic dependencies, hidden vulnerabilities, and poor crypto agility are putting critical systems at risk. From alarming audit findings in financial infrastructure to lessons from tech giants like Google and AWS, Hart shares practical strategies to secure your stack today and keep it adaptable for a quantum future. Learn why 90% of closed-source software depends on potentially vulnerable open-source components and how to bring cryptographic chaos under control.

The countdown has begun: by 2035, all public-key cryptography must be quantum-safe. Are you ready? In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen welcomes Dustin Moody, the mathematician leading NIST's post-quantum cryptography standardization project, for an in-depth discussion on why organizations must act now. Moody shares essential insights into the 2035 implementation deadline, debunks common misconceptions, and provides actionable advice for building crypto-agile systems. Learn why the "harvest now, decrypt later" threat is imminent, how to assess your organization's quantum risk, and the key steps to take in the next 12 months to secure your digital future. Essential listening for cybersecurity leaders, architects, and decision-makers navigating the quantum security landscape.

Quantum threats aren’t coming—they’re already here. In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen talks with Rolfe Schmidt, the man behind Signal Messenger’s quantum-safe migration. Learn how Signal protected billions of messages by prioritizing Harvest Now, Decrypt Later risks and deploying hybrid encryption—before PQC standards were finalized. Whether you’re a cybersecurity leader or product strategist, this is your playbook for staying ahead of quantum threats. Delays aren’t an option. Get Signal’s quantum-safe playbook and protect your data now.

Is your organization truly prepared for the post-quantum era? In the premier episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen is joined by Bas Westerbaan, Research Engineer at Cloudflare, to discuss why organizations must act now on post-quantum cryptography, how to navigate the two-phase migration process, and how to overcome key management, compliance, and performance challenges. Whether you're just starting or refining your post-quantum strategy, this conversation delivers the insights you need to future-proof your cryptographic security.