SANS Workshop
Day 1 - 26th November - Executive Session
Time: 14:00 - 17:00
Location: Capital Suite 20, above hall 11
Title: Readiness for Executives - From Regulatory Mandate to Board-Ready Action Plan
Brief Synopsis:
This workshop equips senior leaders with the clarity and artifacts to move from quantum headlines to execution. We ground quantum timelines using a signal-based tracking method, then demonstrate why waiting for precise Q-Day prediction is no longer viable: "harvest now, decrypt later” (HNDL) and "trust now, forge later” (TNFL) threats are active today, standards are finalized (NIST FIPS 203/204/205), hybrid patterns exist, insurers and shareholders are asking questions, and regulatory clocks have started.
We translate strategy into an executable program: sponsor/SteerCo governance structure, a 90-day kickoff delivering a first-cut Crypto-BOM and two low-risk pilots, plus KPI cadence that boards, auditors, and regulators recognize. This will likely be the largest, most complex IT/OT transformation your organization has ever undertaken - spanning every system, vendor, and certificate. We'll show you how to build the cross-functional team, secure multi-year funding with stage-gates that justify continued investment, and engineer early wins that demonstrate progress to stakeholders while the heavy lifting proceeds in parallel.
You leave with a board-ready one-slide brief, phased budget request framework (milestones and evidence), procurement contract language that embeds PQC and crypto-agility requirements, and a lightweight assurance pack demonstrating measurable progress during larger migrations.
Day 2 - 27th November - Technical Session
Time: 10:00 - 13:00
Location: Capital Suite 20, above hall 11
Title: Quantum Readiness for Senior Technical Leaders and Architects - Discovery, Hybrid Controls & Crypto‑Agility
Brief Synopsis:
Designed for leaders who bridge strategy and engineering, this session focuses on quantum readiness in the wake of NIST's finalized standards. We'll show why waiting for precise Q-Day prediction is no longer prudent: adversaries are already harvesting encrypted data for future decryption ("harvest now, decrypt later"), quantum computers will enable signature forgery that undermines system integrity ("trust now, forge later"), standards are finalized, hybrid approaches are proven, and regulatory timelines are set. You'll learn how to reduce risk in complex estates without breaking interoperability.
You'll discover how to make cryptography observable - producing a first-cut CBOM and risk heatmap - then deploy hybrid and interim controls to protect confidentiality and integrity while full PQC upgrades land. We cover high-leverage compensating controls (segmentation/isolation, tokenization/re-wrapping, dedicated encryptors, and quantum-safe gateway overlays) that blunt both "harvest now, decrypt later" (HNDL) confidentiality exposure and "trust now, forge later" (TNFL) integrity threats - the lesser-known but potentially more dangerous risk where quantum computers enable signature forgery
Sector-specific plays keep it practical - financial services (tokenization for long-lived data) and OT/critical infrastructure (gateway overlays for legacy links) - with performance guardrails and pilot patterns that avoid operational surprises. You leave with a repeatable discovery approach, a risk-reduction toolkit deployable now, vendor-engagement prompts that convert promises into roadmaps and SLAs, plus a 90-day execution cadence with metrics leadership cares about.
SANS Workshop Speaker
