As quantum computing inches closer to real-world impact, organizations can no longer afford to treat post-quantum cryptography as a future concern. In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen speaks with Professor Bill Buchanan, OBE, FRSE, to examine what it takes to transition into the post-quantum era. They explore the importance of cryptographic agility, the myths around PQC performance, and why human error remains the biggest vulnerability in cybersecurity. From hybrid adoption to hardware integration and upcoming regulatory mandates, Bill offers a candid and practical look at how organizations can prepare for the next generation of encryption before it’s too late.

What You’ll Learn:

Professor Bill Buchanan, OBE, FRSE, is a cybersecurity professor at Edinburgh Napier University and one of the most recognized voices in applied cryptography and digital trust. With over 30 books, 400+ research papers, and multiple spin-out companies to his name, Buchanan has dedicated his career to bridging the gap between theoretical cryptography and real-world implementation. His work spans homomorphic encryption, digital identity, secure system design, and blockchain-based trust frameworks. As a passionate advocate for privacy, fairness, and resilience in digital systems, Buchanan has contributed extensively to shaping both academic research and public policy in cybersecurity. He regularly advises governments and organizations on the future of secure infrastructure in a post-quantum world and is a driving force behind efforts to improve cryptographic literacy and engineering practices. Known for his clear thinking, technical depth, and human-first approach to security, Buchanan remains a trusted voice in the global conversation on quantum readiness and digital transformation.

With the shift to post-quantum cryptography accelerating, Buchanan’s message is clear: crypto agility and system design, not just new algorithms, will define the next era of trust.

The cryptography may be bulletproof, but your people aren’t. Bill Buchanan emphasizes that most large-scale breaches don’t happen because of broken algorithms; they happen because of human error, poor design, or social engineering. Whether it’s a $1.4 billion hack or a misconfigured certificate, humans remain the biggest vulnerability. A truly quantum-secure strategy starts with investing in security-conscious design, reducing friction in authentication, and eliminating avoidable weak points. Key Question: Are your systems secure by design, or are they just relying on perfect human behavior?

Crypto agility isn’t theoretical; it’s working today. Buchanan highlights TLS as a mature, proven model that allows for graceful cryptographic upgrades through suite negotiation. Rather than waiting for a full system overhaul, organizations can build agility now by supporting multiple cryptographic algorithms and migrating incrementally. Agility lets you test, evolve, and deprecate without downtime or disruption. Key Question: Have you adopted TLS-style agility to allow for future upgrades without breaking your systems?

Worried about latency or massive key sizes? Don’t be. Buchanan debunks the myth that post-quantum cryptography is too resource-intensive. NIST-approved algorithms like ML-KEM and ML-DSA perform on par with elliptic curve cryptography and better than RSA in many cases. Even the increased key sizes are well within modern bandwidth and storage capabilities. With PQC performance now optimized, the only thing slowing you down is outdated assumptions. Key Question: Are your security decisions based on current facts, or outdated fears?

PQC doesn’t have to be all or nothing. Hybrid schemes, where classical and post-quantum algorithms are used together, offer a safe and flexible transition path. Buchanan explains how hybrid key exchanges and dual-signed certificates allow you to maintain interoperability while testing and rolling out quantum-safe components. Just like TLS evolved over time, your infrastructure can too. Key Question: Have you identified where hybrid cryptography could enable early wins without full replacement?

Post-quantum security isn’t just about new math, it’s about building smarter systems. Buchanan challenges organizations to think bigger: from fully homomorphic encryption to secure enclaves and multi-party computation, the goal isn’t just secrecy, but trust and resilience. Encryption at rest and in transit is not enough. Security in processing is the next frontier. Key Question: Is your roadmap just about compliance, or are you designing for privacy, performance, and future-proof trust?

Want exclusive insights on quantum migration? Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.
Need help subscribing? Click here for step-by-step instructions.