With Q-day getting closer, regulatory guidance pushing firms to migrate to quantum security in the next five years, and an extensive remediation backlog waiting to be discovered, security leaders must start their quantum security migration today. Easier said than done. In this Say Easy, Do Hard segment, we discuss the quantum-safe journey using a framework for crypto-agility.

In part 1, we define cryptographic agility, or crypto-agility for short, and why it's important. Crypto-agility is not just about transitioning to quantum-safe cryptography in the nimblest way possible, and it's not something that can be achieved merely by updating encryption algorithms and protocols. Instead, you need to adapt your organization's cryptographic architecture, automation, and governance to allow for greater control and flexibility.

In part 2, we discuss a framework for discovery, prioritization, and remediation while keeping crypto-agility in mind. A quantum-safe journey requires:

• Inventory of Systems With Non-Quantum-Safe Algorithms And Protocols
• System Prioritization, Leading To A Migration Roadmap
• Remediation, Including Vendors And Partners

Once a distant possibility, Q-Day is quickly approaching. Are you ready for 2030?

Segment Resources:

• https://pqcc.org/wp-content/uploads/2025/05/PQC-Migration-Roadmap-PQCC-2.pdf
• https://pqcc.org/wp-content/uploads/2025/06/PQCC-Inventory-Workbook.xlsx
• https://qramm.org/learn/cryptoscan-guide.html
• https://research.ibm.com/blog/quantum-safe-cbomkit

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-440

Security metrics often fail because they measure activity rather than actual risk, often failing to connect with business impact, making them difficult to explain to boards and executives. How do you build efffective metrics that are actionable, contextual, and valuable?

Ben Wilcox, CTO & CISO at ProArch, joins Business Security Weekly to help us speak the language of the board. Ben will cover how to develop measurable, strategic, and AI-ready security metrics.

In the leadership and communications segment, Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short, When the Team Gets the Recognition, Your Leadership Is Working, The communication lesson that changed my career, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-439

AI has created a dilemma for security teams. Attackers are using AI to develop exploits to newly disclosed vulnerabilities faster than security teams can patch them. Security teams have not fully leveraged the capabilities of AI to autonomously prevent these attacks. Without a radical change in approach, organizations will be exposed to an exponentially increasing attack surface. How long can your organization tolerate being exploitable?

Myke Lyons, CISO at Cribl, joins Business Security Weekly to discuss why organizations need to embrace AI to understand the behavior of attacks to effectively prevent them. For decades, we've focused on the Indicators of Compromise (IoCs) and have played whack-a-mole to try and patch them. Instead, we should focus on the Tactics, Techniques, and Procedures (TTPs) and leverage LLMs to understand the behavior of the attack. Once we understand the behaviors, we can implement preventative controls to minimize exposure. And yes, AI can also help us automate patching, when we're ready to trust it.

In the leadership and communications segment, Your Risk Tolerance Has Changed. Does Your Leadership Team Know That? , The New Leadership Structures that Unblock Innovation, How CISOs can build a resilient workforce, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-438