Nation-state adversaries are vacuuming up encrypted traffic today, waiting for quantum computers to decrypt it tomorrow. This attack strategy, "Harvest Now, Decrypt Later," isn't theoretical. It's happening right now.

G Mark Hardy sits down with Marcus Sachs (former White House cyber advisor, CSO of NERC, now SVP and Chief Engineer at CIS) to break down two executive orders just signed by the White House on post-quantum cryptography and what every security leader needs to do before the clock runs out.

What you'll learn:

• Why TLS, VPNs, and PKI are your most urgent exposure
• The Harvest Now, Decrypt Later threat model and what it means for your data retention policies
• How to build a Cryptographic Bill of Materials (CBOM)
• What cryptographic agility means and why hard-coded crypto is a ticking time bomb
• Lessons from Y2K that apply directly to the quantum migration

You can't name a date certain. But your adversaries are already running the clock.

Links, NIST resources, and both executive orders in the show notes.

https://www.nist.gov/cybersecurity-and-privacy/what-post-quantum-cryptography

https://www.nist.gov/pqc

On this episode of CISO Tradecraft, host G Mark Hardy talks with Gary Hayslip about cybersecurity career growth beyond the traditional CISO “apex,” drawing on Hayslip’s 25+ years across military service, US Navy civil service, the City of San Diego as its first CISO, Webroot (CISO/CIO), SoftBank (including cyber and physical security), and most recently a field CISO role before being laid off. They discuss how the CISO role is evolving into merged executive positions (technology, risk, and AI), why continuous learning is essential as security changes rapidly, and why humans remain accountable even as AI reshapes teams. Hayslip outlines alternative paths like field CISO, data center security leadership, and VC/PE operating partner roles, and shares practical ways organizations used AI to speed legal review and automate security reporting while highlighting cost, risk, and workforce concerns.

In this CISO Tradecraft episode, host G Mark Hardy interviews Steve McMichael, author of "How to Break into GRC: Mindset, Methods, and Skills," about entering cybersecurity through governance, risk, and compliance. McMichael shares his transition from accounting and explains GRC’s role as decision support and the interface between business and technical teams, breaking down governance, risk management, and compliance (including audits and third-party/supply-chain assurance). They discuss misconceptions that GRC is “just paperwork,” barriers like imposter syndrome, and strategies such as building T-shaped skills, targeting about 20% technical depth across domains, and developing credibility through a deep specialty. McMichael also describes an immersion mindset driven by emotional engagement, and showcases an open-source NIST Cybersecurity Framework Profile Assessment Database project on GitHub to help newcomers build skills and portfolio contributions.