Abstract
As executives continue to postpone action, the window for preparing secure systems in the quantum era is rapidly closing. In this episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen speaks with Adrian Neal, Senior Director and Global Lead for Post-Quantum Cryptography at Capgemini, about the real timelines and challenges of PQC migration. Adrian explains why a “three-to-five-year” plan is unrealistic, why organizations should expect closer to eight years, and how unprepared boards risk panic and triage once the first quantum breakthrough hits. They discuss why crown-jewel systems must be prioritized, how banks and governments face different pressures, and why performance under PQC will shock existing infrastructure, illustrated by tests where an HSM fell from 10,000 transactions per second to just 200. From regulatory pressure that may be needed to drive boardroom buy-in to the hard truth that today’s algorithms may not last, Adrian delivers a candid warning: apathy will kill you. The time to act is now.
What You’ll Learn
- Y2K vs. Y2Q: Why “non-event” thinking is dangerous without upfront work
- Timelines that hold: Why “3–5 years” is best-case and ~8 years is realistic at enterprise scale
- Performance truth: How PQC can crush TPS and impact SLAs, capacity, and cost models
- Crypto-agility: Abstract crypto from apps, enable policy-driven selection, and automate swap-outs
- Governance first: Why poor implementations, not just algorithms, will break your security
- Regulatory unlock: How mandates/bodies (BIS, NCSC, sector groups) drive C-suite action
- Where to start: Crown-jewel systems, dependency mapping, and critical-path scheduling
Adrian Neal is Senior Director and Global Lead for Post-Quantum Cryptography at Capgemini, where he advises governments, financial institutions, and global enterprises on preparing for the quantum era. With nearly four decades of experience spanning banking, defense, telecoms, and startups, Adrian has been at the center of major security transformations, from the early days of PKI to today’s post-quantum migration programs. His work focuses on helping organizations identify critical systems, manage dependencies, and design long-term strategies that combine technical execution with board-level buy-in.
Known for his candid perspective, Adrian warns that migration is closer to an eight-year journey than a three-year sprint, that crypto-agility is the only sustainable defense as algorithms evolve, and that apathy will kill you. His message is clear: the sooner organizations begin planning, the better chance they have to avoid panic, triage, and systemic disruption when the first quantum “black swan” arrives.
……………………………………….
Want exclusive insights on post-quantum security? Stay ahead of the curve—subscribe to Shielded: The Last Line of Cyber Defense on…