Quantum Cyber Breakfast at RSAC 2023 is a fundraiser for the International Cybersecurity Championship.  Don’t miss this Quantum community event with industry leaders and professionals—including our own OODA CTO Bob Gourley and Katzcy CEO Jessica Gulick.

Following is a Panel Description, Panelist Bios, and a compilation of resources from the companies represented on the panel and/or the panelists themselves.

All of the links included here are related to the following questions (which will also be addressed by the panel):

• Why does preparing for a post-quantum future figure so prominently in the national cybersecurity strategy?
• What do board members need to know about “quantum effects”?
• How should technology executives better communicate quantum risks with nontechnical executives including members of the board?
• What should board members should know about Shor’s algorithms and ongoing Harvest Now, Decrypt Later (HNDL) attacks? and
• What should CISOs be asking the board for now to improve quantum resilience?

What the Board Needs to Know About Quantum Science

Panel Description:  With the release of the new National Cybersecurity Strategy, the White House has declared war on systemic cyber risk. The government plans on working with commercial firms to reduce systemic risk while enabling businesses to smartly increase the value they deliver to stakeholders. The need to improve resiliency in the age of advanced technologies (including quantum computing) is a central pillar of this new strategy, as delineated in Section 4 of the document:

4. Invest in a Resilient Future – Through strategic investments and coordinated, collaborative action, the United States will continue to lead the world in the innovation of secure and resilient next-generation technologies and infrastructure, including by:

• Reducing systemic technical vulnerabilities in the foundation of the Internet and across the digital ecosystem while making it more resilient against transnational digital repression;
• Prioritizing cybersecurity R&D for next-generation technologies such as postquantum encryption, digital identity solutions, and clean energy infrastructure; and,
•  Developing a diverse and robust national cyber workforce

This includes preparing for our post-quantum future.

Shifts in regulations including new SEC guidance mandating corporate board action in cybersecurity mean all boards will need a better understanding of why quantum preparedness needs to start now. This panel will examine board governance in the quantum age.

Panelists’ Bios and Research Resources

Matthew Scholl
NIST, Division Chief – Computer Science Division
BIO
Matthew Scholl | LinkedIn
National Institute of Standards and Technology (nist.gov)

by Matthew Scholl and/or NIST: 

Migration to Post-Quantum Cryptography | NCCoE

NCCoE Releases Preliminary Draft NIST SP 1800-38A, Migration to Post Quantum Cryptography for Public Comment | NCCoE

Migration to Post-Quantum Cryptography: NIST SP 1800-39A Prelim Draft | CSRC

CHIPS for America Outlines Vision for the National Semiconductor Technology Center | NIST

Vikram Sharma
QuintessenceLabs
Founder and CEO
BIO
QuintessenceLabs Overview | LinkedIn
Vikram Sharma | LinkedIn

Source:  QuintessenceLabs

How Is Quantum Risk a Thing Now?

One of the biggest risks at present is what’s known as an HNDL attack. This is an acronym for “Harvest Now, Decrypt Later” where encrypted data is captured, stored, and held onto until a quantum computer is able to unlock it. While this intercepted data is encrypted, this is a false sense of security — it will easily be decrypted by a threat actor with access to a quantum computer. So, the risk is very real today. Further, recent significant investments in quantum tech globally, as well as geopolitical motivations, have proven the debate over the quantum risk threat has shifted from no longer if, to when.

Bob Gourley
OODA
Co-founder & CTO
BIO
Bob Gourley | LinkedIn
OODA LLC | LinkedIn

By Bob and/or OODA:

What Corporate Directors Need To Know About Coming SEC Cybersecurity Rules

The Quantum List Updated: Companies leveraging quantum effects for real world functionality and security

How to Manage Cyber Risk as a Board Director

Bob Zukis and the Digital Directors Network: Helping corporate boards mitigate systemic risk

Every Director of Every Corporate Board Should Read What Larry Fink Writes

The OODA Network on the 2023 National Cybersecurity Strategy

The Missing Piece of the National Cybersecurity Strategy

What Executives Need To Know About The Annual Threat Assessment from the U.S. Intelligence Community

Clement Jeanjean
Senior Director
SandboxAQ
Clement Jeanjean | LinkedIn
SandboxAQ: Overview | LinkedIn

Clément Jeanjean leads commercial efforts for the Quantum Security Group at SandboxAQ. Prior to that, he was the COO of Cryptosense, which was acquired by SandboxAQ in 2022.

Clément holds a degree from Sciences-Po Paris with a major in Law and Economics, and a degree from Ecole Nationale des Ponts et Chaussées with a major in Mathematics and Computer Sciences. He has founded or co-founded 4 tech companies, 2 of them having been acquired. Serving as CEO or COO, he built teams of dozens and go-to-market strategies delivering multi-million dollar deals with large partners in a wide range of industries spanning from consumer goods to banking, automotive, and health sciences. Clément also advises start-ups and large companies on innovation and entrepreneurial projects.

By Clement Jeanjean and/or SandboxAQ:

SandboxAQ Response to the National Cybersecurity Strategy | SandboxAQ

Transitioning Organizations to Post-Quantum Cryptography

The Future of Quantum Technologies: Opportunities and Challenges

Inside WEF: Industry Leaders Outline the Keys to Building National Quantum Ecosystems

Pete Clay
QryptoCyber, CEO
Peter Clay | LinkedIn
QryptoCyber: Overview | LinkedIn

Peter “Pete” Clay is a serial entrepreneur based out of Charlottesville, VA. He has served as a CISO for global companies, and he has more than 20 years of experience in managing the growth of technology and security risk assessment and management services to public and private sector entities globally. Extensive domain experience includes security operations center innovation, enterprise risk management, identity & access management, information security consulting, organization and process improvement, application design and implementation, application security, business continuity, privacy, and information systems auditing. He has also organized and led multidisciplinary business and technical teams for assessing, designing, implementing, and testing the security and control environment for a broad range of enterprise security, enterprise resource planning, information systems, and eBusiness transformation projects. Mr. Clay attended Oxford University as an undergraduate and has a degree from Hendrix College. He has been a Certified Information Systems Security Professional for the last 22 years.

Jessica Gulick
U.S.Cyber Team Commissioner
Jessica Gulick | LinkedIn
KATZCY: Overview | LinkedIn

Jessica Gulick is a recognized cybersecurity practitioner and thought leader with over 25 years of experience in engineering and cybersecurity. She has led cybersecurity teams and contributed as an author on national cyber standards. She is also a VT MBA alumna and entrepreneur, having launched and grown IT and cyber firms. Her current focus is on tackling the cybersecurity talent problem with cyber games. She founded PlayCyber in 2019, a social impact initiative to address workforce challenges with games and epic events to raise funding for important initiatives. In 2021, she founded the U. S. Cyber Games in collaboration with the National Initiative for Cybersecurity Education (NICE) program and leads efforts to build an inclusive, cyber community that accelerates cyber talent and inspires the workforce of tomorrow. She is the president of the board of Women’s Society of Cyberjutsu, and a member of the BayPath University cybersecurity education board.

https://oodaloop.com/archive/2023/02/09/usa-to-host-global-cybersecurity-competition-and-conference-ic3/

Breakfast for a Cause

Profits made will be donated to the International Cybersecurity Championship and Conference (IC3). IC3 is a global event designed to foster awareness, skills development, and career opportunities in cybersecurity. It proactively addresses the critical workforce issues in the industry, speaking to both the ongoing skills shortage and the need for continued cybersecurity skills development.

https://oodaloop.com/archive/2023/03/17/what-corporate-directors-need-to-know-about-coming-sec-cybersecurity-rules/

https://oodaloop.com/archive/2023/03/03/the-ooda-network-on-the-2023-national-cybersecurity-strategy/

https://oodaloop.com/archive/2023/03/06/the-missing-piece-of-the-national-cybersecurity-strategy/

https://oodaloop.com/archive/2022/12/21/ooda-loop-2022-a-federal-ecosystem-for-accelerating-at-scale-quantum-computational-power-and-quantum-networks-emerges/

https://oodaloop.com/ooda-original/2022/12/19/the-greatest-cryptographic-migration-in-history-the-quantum-cybersecurity-preparedness-act-to-be-signed-into-law/

About the Author

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.