Building Resilient Security in the Age of Quantum Computing

Quantum computing is rapidly emerging as a major disruptor for information security. Current public key cryptosystems (such as Rivest‒Shamir‒Adleman [RSA] and elliptic curve algorithms) rely on mathematical problems that classical computers cannot efficiently solve. But quantum computers will be able to exploit the algorithms that efficiently solve these problems. For example, Shor’s algorithm for factoring and discrete logarithms could break RSA and elliptic curve-based schemes.¹ Today’s cryptographic infrastructure, embedded in hardware, software, and networks worldwide, could be rendered insecure as soon as sufficiently powerful quantum machines exist. Indeed, as the US National Institute of Standards and Technology (NIST) warns, a “sufficiently capable quantum computer” would defeat current encryption by breaking many widely used public key schemes.² Experts agree that it is no longer a question of if but when, and many roadmaps project that a cryptographically relevant quantum computer (CRQC) could be built by the 2030s.³ Given the decades-long deployment cycle of cryptographic infrastructure, organizations cannot wait until then to act, as adversaries may be harvesting encrypted data now with the expectation of cracking it later. Policies are beginning to explicitly mandate preparation: A 2022 US National Security Memorandum, NSM-10, directed government agencies to begin transitioning to quantum-resistant algorithms, and a 2025 executive order requires federal systems to support post-quantum cryptography (PQC)-ready protocols (e.g., Transport Layer Security [TLS] 1.3 or successors) by 2030.⁴

The goal of PQC is to design new cryptographic primitives whose security relies on mathematical problems believed to be difficult to solve, even for quantum computers. These include lattice-based schemes (e.g., CRYSTALS–Kyber and CRYSTALS–Dilithium), hash-based signatures (e.g., SPHINCS+), code-based systems (e.g., Hamming Quasi-Cyclic [HQC]), and others.⁵ Importantly, PQC algorithms must interoperate with existing networks and hardware, unlike specialized technologies such as quantum key distribution (QKD), which requires new infrastructure. As the US National Security Agency (NSA) notes, quantum-resistant schemes are applied on present platforms and influence known cryptographic principles, whereas QKD requires special-purpose equipment and lacks flexibility.⁶ Thus, the goal is to embed quantum-safe math into today’s systems through software updates and protocol changes.

However, this transition poses many challenges. PQC algorithms tend to have significantly larger key and signature sizes and require heavier computation, which can strain networks and devices. For instance, lattice-based key encapsulation (Kyber) uses keys of thousands of bits, and hash-based signatures (SPHINCS+) can be tens of kilobytes long.⁷ Resource-constrained devices, such as Internet of Things (IoT) sensors and embedded medical monitors, are constructed on 8- or 32-bit microcontrollers with limited RAM and CPU and may struggle to fulfill these requirements. Experts have advised that at least one PQC method must be appropriate for low-power, long-lifetime devices, prioritizing minimal memory and fast execution. Key management becomes more complex due to systems potentially requiring hybrid certificates or layered algorithms to coexist with both legacy and quantum-safe keys during the migration process. Industry proposals comprise hybrid cryptographic key exchange in TLS 1.3, which combines a classical algorithm with a PQC algorithm so that breaking security would require defeating both.⁸ All of these factors, including scalability, firmware, and OS support; certificate revocation; and rollout strategies require careful planning to avoid performance bottlenecks or service disruptions.

PQC Standards and Algorithms

Recognizing the urgency, national standards bodies have been driving rigorous developments toward the standardization of PQC. In 2016, NIST announced a multi-year competition to evaluate new quantum-resistant schemes; experts worldwide submitted nearly 70 candidate algorithms.⁹ By 2022, after extensive analysis, NIST had selected four finalists for public key encryption and signatures. Those selected were CRYSTALS–Kyber (a lattice-based key encapsulation mechanism [KEM], now called ML KEM in Federal Information Processing Standards [FIPS] 203), CRYSTALS–Dilithium (lattice-based digital signatures, i.e., ML DSA in FIPS 204), SPHINCS+ (stateless hash-based signatures, i.e., SLH DSA in FIPS 205), and FALCON (a “fast-Fourier NTRU lattice” signature).¹⁰ The first three were finalized in FIPS standards in 2024, with FALCON expected to complete the suite thereafter. NIST has since moved to a fourth round, selecting HQC, a quasi-cyclic code-based KEM, in 2025 as an additional encryption standard.¹¹

Each of these algorithms represents a different mathematical approach. Lattice-based schemes (Kyber, Dilithium, Falcon) rely on the hardness of structured lattice problems and generally offer good performance. They have been championed in part due to efficient implementations. Significant contributions have been made by IBM researchers, underscoring the role of industry in shaping PQC standards.¹²

Hash-based signatures (SPHINCS+) utilize Merkle tree constructions over cryptographic hashes. A Merkle tree is a method of organizing many hashes into a tree structure. Each leaf node represents the hash of a piece of data, and every internal node is the hash of its child nodes. At the very top sits the root hash, which serves as a compact fingerprint of the entire data set. A signer can then prove that a particular hash belongs to the tree by revealing only a short authentication path rather than all of the data. This approach results in large signatures, often tens of kilobytes, and slower computation, but it has the advantage of relying solely on the long-studied security of hash functions.

Code-based and multivariate schemes (e.g., HQC, Rainbow) were also considered, though some (such as Rainbow) were broken in post-submission cryptanalysis. NIST’s process continues to vet alternatives; for now, implementers are advised to follow the new standards (e.g., FIPS 203–205) or employ hybrid schemes that combine a PQC algorithm with a proven classical algorithm to ensure defense in depth.¹³

Key Industries and Real-World Initiatives

The impact of PQC is not confined to laboratories or standards bodies. Its urgency is already visible across key industries that manage sensitive, long-lived, or high-value information.

Financial Services
The finance sector is acutely focused on PQC due to the high value of financial transactions and the long shelf life of records. A breach of banking secrets today could allow for the decryption of transactions years from now. Major banks and payment platforms have launched initiatives to combat this. For example, in 2024, HSBC, a financial services enterprise, piloted quantum-safe cryptography for tokenized assets, utilizing PQC algorithms to secure the transfer of digital tokens representing physical gold on its distributed ledger platform.¹⁴ In a separate test, HSBC also used QKD alongside PQC in a simulated €30 million Foreign Exchange (FX) trade, making it the world’s first bank to trial quantum-safe protection of a trading terminal.¹⁵ HSBC has openly shared these experiences and urged others “We all need to move forward” in terms of industry collaboration. Similarly, JPMorgan Chase implemented a high-speed quantum-secured crypto-agile network (Q-CAN) in Singapore, linking data centers over existing fiber with a PQC-enabled key exchange.¹⁶

The broader payments industry is also organizing. In Asia, HSBC and PayPal joined a working group on quantum-safe cryptography in payments alongside other banks and tech firms. This group explores use cases, requirements, and roadmaps (for example, how to upgrade payment rails and digital signatures) to beat “the next quantum threat.”¹⁷ Industry research has already warned that quantum computing could make even the most secure financial systems vulnerable.¹⁸ In practice, financial institutions are starting with asset transfers, foreign exchange platforms, and blockchain/distributed ledger technology (DLT) systems—upgrading TLS and virtual private network (VPN) links, archiving with quantum-resistant encryption, and preparing for hybrid certificates. The lesson is that banks must treat PQC as a strategic priority. Experiments, including HSBC’s gold tokenization and JPMorgan’s Q CAN, demonstrate both the risk of, and feasible paths to, protecting high-value assets with post-quantum methods.

Healthcare
Healthcare data is another high-impact domain for PQC, driven by privacy imperatives and the lifespan of medical devices. Medical records and patient histories remain sensitive for decades. As one industry analysis notes, health data is “prime target” material: A breach now could have repercussions far into the future.¹⁹ Healthcare organizations already face strict regulations (e.g., the US Health Insurance Portability and Accountability Act [HIPAA], EU General Data Protection Regulation [GDPR]), so the potential quantum threat adds urgency.²⁰ Challenges include integrating PQC into legacy medical systems and devices, contending with budget constraints, and ensuring that staff are trained on new cryptography tools.

Some healthcare providers and vendors are already taking action. For instance, Otio, a healthcare software as a service (SaaS) provider, partnered with security enterprise QuSecure to implement QuProtect, a PQC solution for patient data. They managed to secure data transmission without disrupting existing applications, demonstrating a seamless way to future-proof medical systems against quantum attacks.²¹ This case highlights that with careful planning and cryptographic agility tooling, even complex healthcare IT ecosystems can be made quantum-resilient. Broadly, institutions are advised to take inventory of all existing cryptographic assets (e.g., electronic health record [EHR] databases, medical device firmware, network links), assess which data must remain confidential, and initiate upgrades in accordance with NIST’s PQC framework.

Government and Defense
Protecting national security information is inherently a long-term task, and governments have been among the first to issue directives on public key cryptography (PKC). In the United States, NSM 10 explicitly warned that a “cryptanalytically relevant quantum computer (CRQC) … will be capable of breaking much of the public key cryptography used today,” ordering federal agencies to prepare for a transition to PQC.²² The US Cybersecurity and Infrastructure Security Agency has launched a PQC initiative to coordinate industry and interagency efforts on PQC for critical infrastructure.²³ Agencies are already being instructed to incorporate PQC requirements into procurement and product roadmaps and to adopt the new NIST standards in upcoming system upgrades (e.g., the transition to TLS 1.3 by 2030 was mandated in 2025).²⁴ The US NSA has also indicated it will update its guidance (CNSSP-15) when NIST finalizes algorithms, implicitly favoring PQC over exotic hardware solutions.²⁵

Allied militaries and governments face similar pressures. A recent RAND analysis urges the United States and allied forces to prepare for the quantum threat, noting that uncoordinated approaches could hinder future secure communications interoperability.²⁶ In April 2024, the European Commission published a recommendation urging member states to adopt a harmonized roadmap to PQC. The Commission emphasizes that PQC is a software-based solution compatible with existing infrastructure and can be “deployed relatively swiftly” to secure digital services.²⁷ Overall, government policy is converging on the notion that the cryptographic transition must begin now, with laws and standards backing it, to safeguard both civilian and military data for the post-quantum era.

Telecommunications
Telecom operators face exceptional intricacies in the quantum transition. Mobile networks often span multiple technology generations (2G, 3G, 4G, 5G) and thousands of vendor products, carrying not only subscriber data but also critical control signals and emergency communications. Disruption during migration could jeopardize service continuity. Recognizing this, industry bodies have issued direction: For instance, the Global System for Mobile Communications Association (GSMA’s) Post-Quantum Telco Network Taskforce (a consortium comprising major operators and vendors) released Guidelines for Quantum Risk Management for Telcos in 2023.²⁸ Likewise, the 3^rd Generation Partnership Project (3GPP) and the European Telecommunications Standards Institute (ETSI) are studying how to embed NIST-approved algorithms into LTE/5G protocols.²⁹

The threats in telecom are varied. IBM has identified key risk factors, including harvest now, decrypt later (HNDL) signaling traffic, fraudulent authentication (fake firmware signed with compromised keys), and digital signature forgery for legal documents.³⁰ Mitigations include transitioning to PQC-based identity concealment, upgrading core network encryption keys, and implementing hybrid PQC methods for protocols within the network (e.g., IKEv2/IPSec, TLS). Telecom providers must conduct a comprehensive cryptographic inventory (e.g., radio-to-core links, SIM card data, open application model [OAM] interfaces) and plan phased upgrades. The GSMA guidelines recommend steps such as assessing quantum risk in each subsystem, planning for cryptographic agility, and partnering with standards bodies to define new profiles.³¹

Implementation Challenges: Scalability and Key Management

Deploying PQC is not as simple as flipping a switch. Significant challenges include:

• Scalability—PQC algorithms generally demand more computational power and bandwidth. For example, some lattice schemes require more CPU cycles for key exchange, and hash-based signatures produce signatures that are several kilobytes long. This is especially significant for high-throughput systems (e.g., 5G baseband processors and financial trading platforms) where latency is crucial. Network engineers must account for larger packet sizes and potential handshake delays when integrating PQC into protocols such as TLS or secure shell (SSH).
• Resource constraints—IoT and embedded devices have limited memory and CPU. They often run for 10 to 20 years in the field, so their cryptography requires longevity. The NIST PQC community has emphasized that standards should include at least one variant suitable for microcontrollers with 8-bit to 32-bit capabilities. Without such an option, vendors risk leaving large swaths of critical infrastructure vulnerable to attack. In practice, small devices may initially rely on symmetric cryptography (augmented by larger keys) or lightweight post-quantum candidates (which may sacrifice speed for smaller code size) and reserve PQC for larger gateways or servers.
• Key management and migration—Transitioning public key infrastructure (PKI) and identity management is a complex process. Organizations must substitute or augment certificate authorities, authentication protocols, and cryptographic libraries. One realistic approach is hybrid cryptography, which includes issuing certificates or performing handshakes that incorporate both traditional algorithms and PQC algorithms. This way, an attacker must break both algorithms to compromise a session. Standards work is underway—for instance, an Internet Engineering Task Force (IETF) proposal for hybrid key exchange in TLS 1.3 combines Kyber (ML-KEM) with elliptic curve Diffie–Hellman. Enterprises may run dual-stack systems where TLS or IPsec supports both PQC and classical cipher suites. During the transition, careful planning is necessary to phase out old keys, such as setting expiration dates for Elliptic Curve Digital Signature Algorithm (ECDSA)-based certificates and issuing new PQC-backed certificates. DevOps processes must incorporate PQC algorithm agility in their tooling and continuous integration/continuous delivery (CI/CD) pipelines.

Organizations on their quantum journey must strike a balance between security and practicality. They should evaluate whether their threat models and regulatory requirements justify the increased overhead of PQC and design an architecture (layered or hybrid) that will remain secure now and in the future, including during the quantum era.

Current Standards and Leading Proposals

The cornerstone of PQC deployment is adherence to emerging standards. Many standards bodies are aligning with or complementing NIST’s FIPS standards. For example, the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) are drafting international standards based on the mentioned algorithms. The IETF has several working groups that define how to use PQC in internet protocols (e.g., an experimental TLS 1.3 hybrid cipher suite, an SSH extension). The ETSI has a quantum-safe cryptography working group exploring use cases in electronic IDentification, Authentication and Trust Services (eIDAS) and more.³²

Leading algorithm proposals (beyond those already standardized) remain an active area of research. Notable ones include:

• NTRU variants—The NTRU family (related to lattice cryptography) has many versions, including Falcon (soon to be FIPS 206). Falcon uses fast fourier transforms (FFT) to achieve minor signatures, though it requires high-precision arithmetic.³³
• SIKE (isogenies)—SIKE was an isogeny-based KEM with small key sizes; however, it was broken in 2022 and is no longer considered secure.³⁴
• Rainbow (multivariate)—Rainbow (a signature scheme) was broken in 2022; subsequent multivariate proposals are currently being scrutinized.³⁵
• Alternative code-based—Besides HQC, schemes such as Classic McEliece (based on Goppa codes) remain under consideration, although their large public keys (hundreds of kilobytes) limit their practicality.³⁶
• Symmetric upgrades—Independently, symmetric cryptography is being hardened for quantum threats; for example, AES-128 is widely believed to remain secure (Grover’s algorithm only offers a square-root speedup, so doubling key lengths to AES-256 suffices). Hash functions (e.g., SHA-3) also have security margins against quantum attacks.³⁷

Overall, implementers should focus on approved standards but stay aware of new developments. The community anticipates that PQC algorithms will also evolve future cryptanalysis breakthroughs or side-channel attacks³⁸ that could reveal vulnerabilities, so designs often include alternative algorithms as backups (NIST includes SPHINCS+ as a stateless backup for signatures).

Future Trends and Policy Implications

Looking ahead, several trends and policy issues will shape the PQC landscape. First, quantum computing hardware is advancing, and enterprises such as IBM, Google, and startups are steadily increasing qubit counts and coherence times.³⁹ Although practical large-scale quantum computers are still years away, progress in error correction and quantum control is accelerating. If breakthrough quantum hardware arrives sooner, the cryptography community will need to move even faster.

Second, hybrid and agile cryptography will become standard practice. Security solutions will likely employ multiple algorithms in parallel (e.g., a system might attempt an elliptic curve key exchange and a lattice-based one simultaneously). This cryptographic agility—the ability to add or swap algorithms without redesigning the system—is now a primary design goal. Organizations can regularly test new PQC libraries, and vendors will likely offer firmware updates that support new schemes.

Third, international collaboration and policy will intensify. Beyond the United States and European Union actions already noted, countries worldwide are crafting quantum strategies. For example, the UK’s National Cyber Security Centre (NCSC) and China’s State Cryptography Administration have also issued guidance on PQC.⁴⁰ Industries such as finance and telecom are global, so the interoperability of PQC standards across borders is crucial. The European Union’s recommendation explicitly calls for a harmonized transition to avoid fragmentation.⁴¹ On the policy side, questions remain about compliance deadlines: Will regulations eventually mandate PQC for specific data categories? Entities handling data with 20-year confidentiality requirements (e.g., military, healthcare) may face government directives to migrate their data by a particular date.

Fourth, side-channel and implementation security will be an area of research. As new algorithms roll out, attackers may look for practical vulnerabilities (timing attacks, fault injection, etc.). Thus, alongside pure cryptanalysis, there will be a push for robust, constant-time PQC implementations, and the evaluation of algorithmic resilience in real-world settings.

Last, QKD and quantum networks will continue to develop in parallel. While PQC secures data using classical channels, QKD offers provably secure key exchange based on quantum physics. Some organizations (notably in finance and defense) are exploring hybrid architectures that combine both: using QKD for some high-security links and PQC for general communications.⁴² However, QKD’s need for dedicated hardware means it will remain a niche solution for specific use cases (e.g., banking corridors or government backbones).

The cryptography community is at the beginning of a multi-year transition. The imminent threat of quantum decryption has catalyzed unprecedented collaboration between academia, industry, and government. While the technical challenges are significant, there is a clear consensus that action must start now. Early pilots, standard ratifications, and policy mandates together are charting a course to a quantum-resilient future. Organizations that plan proactively by inventorying cryptography, training staff, and participating in PQC testing will gain a security edge. The transition will not be smooth for everyone, but the alternative—inaction—will inevitably lead to a wave of breaches with no defenses.

Endnotes

¹ Fortinet, “Understanding Shor’s and Grover’s Algorithms and Their Impact on Cybersecurity”
² National Institute of Standards and Technology (NIST), “NIST Releases First 3 Finalized Post-Quantum Encryption Standards,” USA, 13 August 2024
³ Ivezic, M.; “Combatting CRQC: Cryptographically Relevant Quantum Computers,” PostQuantum, 10 January 2023
⁴ NIST, “Post-Quantum Cryptography,” USA; The White House, Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144, USA, 6 June 2025
⁵ NIST, “NIST Announces First Four Quantum-Resistant Cryptographic Algorithms,” USA, 5 July 2022
⁶ National Security Agency/Central Security Service, “Quantum Key Distribution (QKD) and Quantum Cryptography (QC),” USA
⁷ Pq-crystals.org, “Kyber Home”; Sphincs.org, “SPHINCS+”
⁸ Internet Engineering Task Force, “Hybrid Key Exchange in TLS 1.3” July 2025; Amazon Web Services, “Using Hybrid Post-Quantum TLS With AWS KMS,” AWS Key Management Service Developer Guide, 2014
⁹ Carielli, S.; Cser, A.; et al.; “The Interminable Wait: The NIST Post-Quantum Competition,” Forrester, 29 June 2022
¹⁰ NIST, “NIST Announces”
¹¹ NIST, “NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption,” USA, 11 March 2025
¹² Harishankar, R.; Thorpe, L.; “Securing Telecoms Networks for the Post-Quantum Era,” IBM, 23 October 2023
¹³ NIST, “NIST Releases”; NIST, NIST Internal Report (IR) 8547 IPD, Draft Transition to Post Quantum Cryptography, USA, November 2024
¹⁴ HSBC, “HSBC Pilots Quantum-Safe Technology for Tokenised Gold,” 19 September 2024
¹⁵ HSBC, “HSBC Pioneers Quantum Protection for AI-Powered FX Trading,” 6 December 2023
¹⁶ JPMorgan Chase, “JPMorgan Chase Establishes Quantum-Secured Crypto-Agile Network,” 8 May 2024
¹⁷ Baker, B.; “HSBC, PayPal Join Quantum Safe Cryptography Group,” IoT World Today, 30 April 2024; Emanuel-Burns, C.; "EPAA Forms Working Group With IBM, HSBC, AP+, and PayPal to Explore Quantum-Safe Cryptography" FinTech Futures, 29 April 2024
¹⁸ Depository Trust and Clearing Corporation (DTCC), “DTCC Outlines Post-Quantum Security Risks & Considerations for the Financial Industry as Technology Capabilities Continue to Advance,” 21 September 2022
¹⁹ Gleason, M.; “Quantum-Resilient Data Security in Healthcare: A Critical Imperative,” QuSecure, 30 July 2024
²⁰ US Department of Health and Human Services, “The Security Rule,” USA; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation [GDPR])
²¹ Gleason, “Quantum-Resilient Data”
²² The White House, National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems, USA, 4 May 2022
²³ Cybersecurity and Infrastructure Security Agency, “Post-Quantum Cryptography Initiative,” USA
²⁴ Stubbs, M.; “Executive Order: Strengthening the Nation’s Cybersecurity,” PQShield, 10 June 2025
²⁵ National Security Agency, The Commercial National Security Algorithm Suite 2.0 and Quantum Computing FAQ, USA, December 2024
²⁶ Parker, E.; “US Allied Militaries Must Prepare for the Quantum Threat to Cryptography,” RAND, 6 June 2025
²⁷ European Commission, “Commission Publishes Recommendation on Post-Quantum Cryptography,” 11 April 2024, European Union
²⁸ Global System for Mobile Communications Association, Guidelines for Quantum Risk Management for Telco, Version 1.0, 2023
²⁹ Ivezic, M.; “Telecom’s Quantum-Safe Imperative: Challenges in Mobile Network Specifications,” PostQuantum, 26 February 2024
³⁰ Harishankar, et al., “Securing Telecoms”
³¹ Global System for Mobile Communications Association, Guidelines for Quantum
³² International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), Joint Technical Committee on Information Technology (ISO/IEC JTC 1), ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection; Internet Engineering Task Force, “Hybrid Key Exchange”; European Telecommunications Standards Institute, “Quantum-Safe Cryptography (QSC)”
³³ Regenscheid, A.; Update on the NIST Standardization of Additional Signature Schemes, NIST, January 2025
³⁴ Schneier, B.; “SIKE Broken,” Schneier on Security, 4 August 2022
³⁵ Teske, E.; “NIST PQC Finalists Update It’s Over for the Rainbow Algorithm,” Cryptomathic, 26 March 2022
³⁶ NIST, Official Comments (Round 3) - Classic McEliece, USA, 4 July 2022
³⁷ D.S.; C.P.; On the Practical Cost of Grover for AES Key Recovery, NIST Fifth PQC Standardization Conference, 2024
³⁸ NIST, “NIST Releases”
³⁹ AbuGhanem, M.; “IBM Quantum Computers: Evolution, Performance, and Future Directions,” The Journal of Supercomputing, vol. 81, 2025; AbuGhanem, M.; “Superconducting Quantum Computers: Who Is Leading the Future?,” EPJ Quantum Technology, vol. 12, 2025
⁴⁰ National Cyber Security Centre, “Timelines for Migration to Post-Quantum Cryptography,” United Kingdom, 20 March 2025; Swayne, M.; “China Launches Its Own Quantum-Resistant Encryption Standards, Bypassing US Efforts,” Quantum Insider, 18 February 2025
⁴¹ European Commission, “Commission Publishes”
⁴² IDQ, “New QED-C Publication – QKD: Part of a Defense-In-Depth Security Strategy,” 3 July 2024

ANKIT GUPTA | CISA, CISM, CRISC

Is a principal security engineer with more than 15 years of experience securing digital transformation at scale across highly regulated industries. A recognized thought leader in cloud security architecture, identity protection, and artificial intelligence (AI) governance, Gupta has driven major initiatives that integrate zero trust principles, regulatory compliance, and advanced threat mitigation into enterprise environments. With a strategic focus on emerging technologies and evolving cyberthreats, Gupta specializes in designing resilient security ecosystems. His work spans threat detection engineering, automation via PowerShell and Graph API, governance policy orchestration, and secure onboarding of workload identities.

SHILPI MITTAL | CISA, CISM, CRISC, CCSP, CISSP

Is a cybersecurity leader specializing in application security, cloud security, and secrets management. She has extensive experience guiding enterprise-scale transformations, building resilient architectures, and aligning security initiatives with business strategy. Mittal is also actively engaged in academic studies in information science, with a focus on the intersection of cybersecurity, AI, and supply chain resilience.