CyberWire Daily Quantum [CISOP]
Dec 16, 2025
Michael Sottile, CISO at a quantum computing firm, shares his extensive cybersecurity experience spanning fintech, healthcare, and defense. He explains why CISOs must prepare for quantum computing now, discussing the risks of data longevity and the looming 'harvest now, decrypt later' threat. Michael demystifies qubits and superposition, outlines how quantum can bolster fraud detection while jeopardizing encryption, and stresses the importance of phased migration plans. He also highlights the challenges posed by legacy devices and emphasizes precise asset inventorying to mitigate risks.
AI Snips
Chapters
Transcript
Episode notes
Inventory And Build Crypto Agility
- Start inventorying quantum-vulnerable assets and ask where encryption keys and third-party dependencies live.
- Build crypto agility so you can swap algorithms and follow NIST post-quantum standards now.
Harvest-Now, Decrypt-Later Risk
- Data harvested today can be decrypted later once quantum becomes powerful enough.
- Long-lived secrets are already at risk from a "harvest-now, decrypt-later" strategy.
Demand Vendor Roadmaps And Follow NIST
- Ensure vendors have post-quantum migration roadmaps and ask why they don't.
- Keep up with NIST-selected post-quantum algorithms and plan transitions proactively.