“Quantum computing isn’t science fiction—it’s the next frontier that can unravel our encryption faster than any classical machine. CISOs need to start prepping now, or risk being caught off guard.”

-– James Ringold, Technical Director, Microsoft Security Copilot 

Are you ready for the day quantum finally breaks your cryptography? 

James posed that question at a recent executive roundtable hosted by Seiso. The discussion was a helpful reminder that quantum computing—no longer limited to research labs—will one day fundamentally disrupt the security frameworks we all rely on.  

The urgency in his voice was clear: although quantum computing may still seem out of reach, its progress has accelerated to the point that CISOs, architects, and compliance leaders should begin to plan for post-quantum encryption. 

Key Discussion Points 

• Why your encryption inventory may be bigger than you realize 

• How a future “light switch moment” could force an abrupt cutover to new algorithms 

• When “harvest now, decrypt later” attacks become a real threat 

• Where quantum-safe standards like CRYSTALS-Kyber or CRYSTALS-Dilithium fit in 

• What immediate steps CISOs can take today to stay ahead 

Preparing for the Quantum Era 

Seiso invited James Ringold—a seasoned cybersecurity leader in Microsoft’s Security Copilot division—to shed light on why quantum computing and cybersecurity are inextricably linked. Organizations can no longer treat quantum as a distant science fair project. Instead, it’s evolving into a genuine risk factor that might invalidate core encryption protocols sooner than many expect. 

Quantum machines excel at factoring large prime numbers, the beating heart of current public-key encryption. Today’s environment depends heavily on the difficulty of factoring such numbers, making cryptography robust against brute-force attacks.  

But once a capable quantum computer comes online, all bets are off. Even if experts debate whether that’s five or ten years away, the mere possibility sparks questions about data being collected now, only to be decrypted later. If your data is still relevant in a decade, it’s already at risk. 

Recent Breakthroughs in Quantum Innovation 

A key point that James emphasized was that quantum’s pace of progress is anything but theoretical. Recent announcements from two tech giants highlight exactly how quickly real-world breakthroughs are unfolding. 

In February 2025, Google introduced quantum-safe digital signatures across its core encryption products, building on lattice-based cryptographic solutions vetted by NIST. This initiative goes beyond theoretical pilots, aiming to integrate post-quantum security into everyday user tools like Gmail and Google Cloud.  

By offering digital signatures resistant to future quantum decryption, Google has sent a clear message that the transition to PQC should begin now—not sometime down the road. Their engineering teams point to improved key management protocols and hardware optimizations that make early adoption both practical and strategic for customers. 

Meanwhile, Microsoft unveiled Majorana 1 on February 19, the world’s first quantum processor powered by topological qubits. This cutting-edge approach promises to reduce error rates and improve the stability of qubits, often the Achilles’ heel in quantum computing. Majorana 1’s topological design could pave the way for scalable quantum processing—a milestone many experts believed was still years away.  

With the potential to factor large numbers exponentially faster, Microsoft’s advancement brings quantum capabilities closer to the point where current encryption standards may be insufficient. For CISOs, both of these developments underscore how quantum-safe cryptography is swiftly moving from research to real-world deployment. 

Recognizing Your Certificate Jungle 

One of James’s key insights was that it is hard to fully grasp how pervasive encryption really is across your infrastructure. Certificates, both self-signed and issued by trusted authorities, are lurking everywhere. They exist in routers, switches, wireless access points, and older hardware security modules (HSMs). They also pop up in a vast array of business applications. When a post-quantum cryptographic standard arrives, every outdated or untracked certificate becomes a ticking time bomb. 

“You likely have far more certificate authorities than you think,” James insisted, urging security teams to do a comprehensive cryptographic inventory. It’s essential to know which devices can accept new algorithms and which ones will be left stranded, unable to keep pace with quantum-ready solutions. 

The Light Switch Moment 

James introduced the concept of a “light switch moment” for cryptography. This signifies that upgrading encryption won’t always happen in gentle increments. Organizations might not have the luxury of toggling between old and new protocols gradually. Once a major cloud provider or government agency announces they’ll no longer support legacy encryption, huge swaths of the security landscape could be forced to flip over at once. 

In practical terms, that means all those carefully planned “maybe in a few years” projects might become urgent almost overnight. Regulatory bodies could also impose firm timelines, much like we’ve seen in the past with major shifts in payment card standards or data privacy frameworks.  

Companies that have only dabbled in quantum readiness might face steep expenses and operational chaos if they’re forced into a last-minute scramble. 

Quantum Attacks: Harvest Now, Decrypt Later 

Another dimension to quantum risk is the “harvest now, decrypt later” scenario. Some advanced adversaries are already stockpiling encrypted data—everything from sensitive IP and confidential board communications to personal identifiable information—just waiting until the day quantum machines can break it. If that information still holds any value a few years from now, the damage could be tremendous. 

In certain sectors like finance, healthcare, and defense, this is already triggering a new wave of risk assessments. Leaders are questioning how to protect data that carries a long shelf life.  

Even if your organization doesn’t operate in a particularly regulated field, losing trust or intellectual property to delayed decryption attacks poses a significant business risk. 

Navigating A Changing Regulatory Landscape 

We also covered how government action might affect timing. The U.S. federal government—and other countries—has strong reasons to push quantum-safe mandates. 

 As soon as those mandates appear, organizations may have specific deadlines to adopt new encryption. Think about the seismic shift that occurred when the government enforced minimum encryption requirements for sensitive data. The same might happen for quantum-safe encryption, potentially with less notice. 

It’s worth noting, too, that the first player to achieve a cryptographically relevant quantum computer might not announce it publicly.  

If a state-aligned research program achieves a breakthrough, they could keep it secret, giving them a significant interception advantage.  

As James put it, “If you wait until there’s a headline that your rivals or adversaries have a working quantum computer, you’re already behind.” 

Outsmarting Tomorrow’s Threats 

Many companies struggle to balance quantum planning with urgent day-to-day security demands. Budgets and resources often favor more immediate concerns like network segmentation or zero-trust rollouts.  

But the staggering speed at which quantum progress is made suggests that ignoring futureproofing might carry grave consequences. 

Experts like James advocate for building quantum readiness into your ongoing strategic initiatives. That includes integrating quantum-safe experimentation into your labs and scanning vendor roadmaps to see how major providers plan to handle post-quantum algorithms. If you rely heavily on any single technology partner, it’s wise to understand their long-term approach. 

Our Tips for What CISOs Can Start Doing Now 

CISOs don’t need to reinvent the wheel tomorrow, but forward motion today can make all the difference. Small steps taken early can help your organization sidestep massive headaches when quantum-safe standards become non-negotiable.  

Here are nine actions you can take starting today: 

1. Inventory Your Encryption 
   Document every certificate authority (CA), self-signed cert, hardware security module (HSM), and encryption algorithm in use across your infrastructure. Hidden or outdated certificates are prime targets when quantum-safe standards become mandatory. 

2. Map Data Lifespans 
   Determine which data sets have long-term value—particularly those remaining critical for a decade or more. These assets call for early adoption of quantum-safe encryption to mitigate future “harvest now, decrypt later” threats. 

3. Plan For the ‘Light Switch’ Moment 
   Recognize that once the industry pivots to quantum-safe cryptography, older algorithms may lose support quickly. A cohesive plan prevents panic when backward compatibility or legacy devices suddenly become security liabilities. 

4. Check Vendor Roadmaps 
   Investigate how your cloud providers, hardware manufacturers, and software partners plan to implement post-quantum encryption. Align your transition schedule with theirs to avoid being caught off-guard by abrupt deprecations. 

5. Consider Managed PKI Services 
   Offloading certificate management to a trusted provider can reduce the complexity of issuing, revoking, and rotating certs as quantum-safe standards evolve—particularly for organizations with limited internal cryptography expertise. 

6. Set Up a Quantum Lab 
   Dedicate a small test environment to trial implementations of quantum-safe algorithms and protocols. Whether using open-source tools or vendor proof-of-concepts, hands-on testing builds comfort and reveals potential transition snags. 

7. Stay Proactive with Research and Skills 
   Assign security architects to explore lattice-based cryptography, NIST recommendations, and emerging best practices an hour a week. Even small, consistent learning invests your team in quantum readiness. 

8. Plan Budget Increments 
   Anticipate costs for upgrading HSMs, modernizing PKI infrastructure, and retraining staff. Spreading these expenses out over time lessens the financial jolt when compliance or partner mandates arrive. 

9. Engage Leadership 
   Brief your board and executive teams on quantum computing’s strategic implications. Early awareness paves the way for funding, staffing, and policy decisions that keep your organization ahead of the post-quantum curve. 

By carefully building quantum resilience, you’re not just preventing a far-off crisis. You’re future-proofing your environment, gaining a deeper understanding of your assets, and building stronger, modern cryptographic practices that will keep pace with evolving threats. 

How Seiso Can Help 

Seiso can guide you in mapping your cryptographic environment, prioritizing post-quantum transitions, and addressing board-level concerns before they become emergencies.  

Contact us today for a quick strategy session, and we’ll help you get prepared for whatever quantum breakthroughs lie ahead.