A Field Guide to PQC Migration: Tactics, Techniques, and Procedures скачать в хорошем качестве

A Field Guide to PQC Migration: Tactics, Techniques, and Procedures

Mark Carney reveals Santander’s open-source toolkit and OODA loop for large-scale PQC migration. SANS Emerging Threats Summit 2025 Bank-grade roadmap—see how Santander maps, monitors and modernizes cryptography for Q-day. Mark Carney, Head of Quantum Tech, Santander Global Tech, shares an agile “OODA loop” for continuous discovery, decision and action. He details CodeQL queries that scan millions of lines for weak ciphers, cryptomon eBPF sensors capturing live TLS/SSH suites, and a GitHub-based cryptographic Bill of Materials that treats standards as code. Regulatory drivers and data-retention math set priorities; Mark shows risk heat-maps aligning crypto fixes with business impact. Open-source tooling links allow teams to replicate the approach and cultivate internal champions who keep momentum. Key Takeaways Use CodeQL & eBPF to inventory code and traffic cryptography GitHub “crypto-as-code” delivers audit trails and rapid updates OODA loop turns inventory into repeatable improvement cycle Q-day timing tied to data-lifetimes and compliance mandates Success depends on cross-functional champions, not just tools View upcoming Summits: http://www.sans.org/u/DuS #EmergingThreatsSummit #PQMigration #CryptoModernization