Abstract
Post-quantum cryptography often enters organizations as a headline problem, then quickly turns into an operational one. In this episode of Shielded: The Last Line of Cyber Defense, Jan Schaumann, Chief Information Security Architect at Akamai Technologies, approaches PQC from the perspective of someone who has spent decades operating real systems at internet scale.
From his view, the challenge is not quantum theory, but sequencing change safely across infrastructure that cannot all move at once. Jan walks through how Akamai approached PQC over several years, starting before standards fully settled and aligning progress with customer demand, compliance timelines, and platform resilience. He explains why TLS 1.3 migration remains the most common blocker, especially on the origin side, where legacy stacks, embedded clients, and IoT devices stretch upgrade timelines far beyond expectations. Rather than pushing PQC everywhere at once, Akamai split the problem into distinct traffic paths: client-to-edge, edge-to-origin, and internal connections. Each path carries a different threat model and operational risk. This framing enabled opt-in deployment, staged rollouts, and safer change, while still delivering meaningful protection against harvest-now-decrypt-later threats. Throughout the conversation, Jan returns to a single idea: PQC is not the finish line. It is a forcing function that exposes how well an organization understands its cryptography, how quickly it can upgrade, and whether it can repeat the process when the next cryptographic shift arrives.
What You’ll Learn
- Why PQC migration is primarily an operations and change-management problem
- How unfinished TLS 1.3 migrations block post-quantum progress
- Why Akamai separated PQC rollout by traffic leg instead of one global switch
- How customer risk tolerance and regulation shape real deployment timelines
- Why hybrid key exchange works today without locking teams into permanent compromise
- How PQC can be used to build crypto agility, not just meet compliance deadlines
Jan Schaumann is Chief Information Security Architect at Akamai Technologies, where he guides cryptographic strategy, infrastructure security, and safe-change practices across one of the internet’s most critical platforms. He previously served as Principal Architect at Akamai and has held senior security roles at companies including Yahoo, Twitter, and Etsy. Jan is also an Adjunct Professor of Computer Science at Stevens Institute of Technology, where he has taught graduate-level systems and Unix programming since 2001. He is a long-time developer with the NetBSD Foundation and describes himself, accurately, as an actual human on the internet who refuses to grow up.
……………………………………….
Want exclusive insights on post-quantum security? Stay ahead of the curve—subscribe to Shielded: The Last Line of Cyber Defense on…