Quantum Cyber Breakfast at RSAC 2023 is a fundraiser for the International Cybersecurity Championship. Don’t miss this Quantum community event with industry leaders and professionals—including our own OODA CTO Bob Gourley and Katzcy CEO Jessica Gulick.
Following is a Panel Description, Panelist Bios, and a compilation of resources from the companies represented on the panel and/or the panelists themselves.
All of the links included here are related to the following questions (which will also be addressed by the panel):
- Why does preparing for a post-quantum future figure so prominently in the national cybersecurity strategy?
- What do board members need to know about “quantum effects”?
- How should technology executives better communicate quantum risks with nontechnical executives including members of the board?
- What should board members should know about Shor’s algorithms and ongoing Harvest Now, Decrypt Later (HNDL) attacks? and
- What should CISOs be asking the board for now to improve quantum resilience?
What the Board Needs to Know About Quantum Science
Panel Description: With the release of the new National Cybersecurity Strategy, the White House has declared war on systemic cyber risk. The government plans on working with commercial firms to reduce systemic risk while enabling businesses to smartly increase the value they deliver to stakeholders. The need to improve resiliency in the age of advanced technologies (including quantum computing) is a central pillar of this new strategy, as delineated in Section 4 of the document:
4. Invest in a Resilient Future – Through strategic investments and coordinated, collaborative action, the United States will continue to lead the world in the innovation of secure and resilient next-generation technologies and infrastructure, including by:
- Reducing systemic technical vulnerabilities in the foundation of the Internet and across the digital ecosystem while making it more resilient against transnational digital repression;
- Prioritizing cybersecurity R&D for next-generation technologies such as postquantum encryption, digital identity solutions, and clean energy infrastructure; and,
- Developing a diverse and robust national cyber workforce
This includes preparing for our post-quantum future.
Shifts in regulations including new SEC guidance mandating corporate board action in cybersecurity mean all boards will need a better understanding of why quantum preparedness needs to start now. This panel will examine board governance in the quantum age.
Panelists’ Bios and Research Resources
NIST, Division Chief – Computer Science Division
Matthew Scholl | LinkedIn
National Institute of Standards and Technology (nist.gov)
by Matthew Scholl and/or NIST:
According to The Quantum Insider, $5 billion of private capital has poured into quantum technologies since 2002, with $3 billion of this being in 2021 alone.
How Is Quantum Risk a Thing Now?
One of the biggest risks at present is what’s known as an HNDL attack. This is an acronym for “Harvest Now, Decrypt Later” where encrypted data is captured, stored, and held onto until a quantum computer is able to unlock it. While this intercepted data is encrypted, this is a false sense of security — it will easily be decrypted by a threat actor with access to a quantum computer. So, the risk is very real today. Further, recent significant investments in quantum tech globally, as well as geopolitical motivations, have proven the debate over the quantum risk threat has shifted from no longer if, to when.
By Bob and/or OODA:
Clément Jeanjean leads commercial efforts for the Quantum Security Group at SandboxAQ. Prior to that, he was the COO of Cryptosense, which was acquired by SandboxAQ in 2022.
Clément holds a degree from Sciences-Po Paris with a major in Law and Economics, and a degree from Ecole Nationale des Ponts et Chaussées with a major in Mathematics and Computer Sciences. He has founded or co-founded 4 tech companies, 2 of them having been acquired. Serving as CEO or COO, he built teams of dozens and go-to-market strategies delivering multi-million dollar deals with large partners in a wide range of industries spanning from consumer goods to banking, automotive, and health sciences. Clément also advises start-ups and large companies on innovation and entrepreneurial projects.
By Clement Jeanjean and/or SandboxAQ:
Peter “Pete” Clay is a serial entrepreneur based out of Charlottesville, VA. He has served as a CISO for global companies, and he has more than 20 years of experience in managing the growth of technology and security risk assessment and management services to public and private sector entities globally. Extensive domain experience includes security operations center innovation, enterprise risk management, identity & access management, information security consulting, organization and process improvement, application design and implementation, application security, business continuity, privacy, and information systems auditing. He has also organized and led multidisciplinary business and technical teams for assessing, designing, implementing, and testing the security and control environment for a broad range of enterprise security, enterprise resource planning, information systems, and eBusiness transformation projects. Mr. Clay attended Oxford University as an undergraduate and has a degree from Hendrix College. He has been a Certified Information Systems Security Professional for the last 22 years.
Solving Problems for a Safer World | MITREDaniel Apon is Cryptography Lead at the MITRE Corporation, based in McLean, Virginia, and is currently involved in MITRE’s effort to stand up a long-term and full-scope industry coalition to accelerate the real-world adoption of Post Quantum Cryptography. Recently, he played a central role in standing up the 1st annual Real World Post Quantum Cryptography workshop in Tokyo (March 2023), which aims to bring together industry, academia, and standardization bodies to help address the core challenges involved in migrating modern computing systems and architectures to total quantum-resistance.Prior to that, he was a member of the National Institute of Standards and Technology’s Cryptographic Technologies Group working on the Post Quantum Cryptography standardization project, where he specialized in novel cryptanalyses of Lattice-based Cryptography, Hash-based Cryptography, Code-based Cryptography, and Multivariate-based Cryptography plus a focus on hardware side-channel analysis.Daniel holds a Ph.D. in Computer Science with a focus on Cryptography from the University of Maryland, College Park. After that, he held a Postdoctoral Scholar position at the University of California, Berkeley.By Daniel Apon and/or MITRE:
Jessica Gulick is a recognized cybersecurity practitioner and thought leader with over 25 years of experience in engineering and cybersecurity. She has led cybersecurity teams and contributed as an author on national cyber standards. She is also a VT MBA alumna and entrepreneur, having launched and grown IT and cyber firms. Her current focus is on tackling the cybersecurity talent problem with cyber games. She founded PlayCyber in 2019, a social impact initiative to address workforce challenges with games and epic events to raise funding for important initiatives. In 2021, she founded the U. S. Cyber Games in collaboration with the National Initiative for Cybersecurity Education (NICE) program and leads efforts to build an inclusive, cyber community that accelerates cyber talent and inspires the workforce of tomorrow. She is the president of the board of Women’s Society of Cyberjutsu, and a member of the BayPath University cybersecurity education board.
Breakfast for a Cause
Profits made will be donated to the International Cybersecurity Championship and Conference (IC3). IC3 is a global event designed to foster awareness, skills development, and career opportunities in cybersecurity. It proactively addresses the critical workforce issues in the industry, speaking to both the ongoing skills shortage and the need for continued cybersecurity skills development.