SECON NJ 2025 - Quantum Computing and AppSec: Preparing for the Post-Quantum Threat - 7th Talk

June 10, 2025

About SECON NJ Conference

SECON NJ (Security Conference New Jersey) is New Jersey’s premier annual cybersecurity conference, bringing together the state’s security community for learning, networking, and collaboration. Held June 10, 2025, at Kean University in Union, NJ, SECON is organized by the ISC2 NJ Chapter and NJ ISACA.

The conference serves CISOs, security practitioners, compliance professionals, and cybersecurity leaders, featuring expert speakers, panels, workshops, and career development on topics including AI security, threat intelligence, incident response, risk management, and privacy.

Talk: Quantum Computing and AppSec: Preparing for the Post-Quantum Threat

Talk Overview

Quantum computing represents an existential threat to modern AppSec. Current encryption (RSA, ECC) securing web applications, APIs, and sensitive data risks becoming obsolete due to quantum attacks via Shor’s Algorithm.

The critical "harvest now, decrypt later" threat: adversaries are already intercepting encrypted communications for future quantum decryption. For sensitive data (financial, healthcare, government, IP), the clock is ticking—data encrypted today may be vulnerable within a decade.

Key Topics Covered

Quantum Fundamentals: Qubits, superposition, entanglement, and threats to public-key cryptography
Vulnerable Systems: At-risk algorithms (RSA, ECC, Diffie-Hellman) vs. quantum-resistant (AES-256, SHA-256/SHA-3)
NIST PQC Standards: CRYSTALS-Kyber (key encapsulation), CRYSTALS-Dilithium, SPHINCS+ (signatures)
Risk Assessment: Inventory cryptographic assets, prioritize by data sensitivity and lifespan
Migration Strategies: Hybrid approaches combining classical and PQC algorithms
Crypto-Agility: Building systems that can swap algorithms without major refactoring
Implementation: Libraries like liboqs, Bouncy Castle, OpenSSL 3.x with PQC support

Phased Implementation Approach

Now: Inventory cryptographic implementations, create quantum risk register
Near-term: Implement hybrid cryptography in new and high-risk systems
Medium-term: Full migration of critical systems to PQC
Long-term: Complete organizational transition, sunset legacy algorithms

Slides can be found here: View Slides

Share on

Twitter Facebook LinkedIn

Sheshananda Reddy Kandula

SECON NJ 2025 - Quantum Computing and AppSec: Preparing for the Post-Quantum Threat - 7th Talk

About SECON NJ Conference

Talk: Quantum Computing and AppSec: Preparing for the Post-Quantum Threat

Talk Overview

Key Topics Covered

Phased Implementation Approach

Share on

You may also enjoy

LLMSec Demo: Interactive Security Training Platform for LLM Vulnerabilities

ISC2 & IIA Joint Cyber/AI Training Day 2025 - LLMsec: A Practical Guide to Attacks and Mitigations - 10th Talk

BSides Delaware 2025 - LLMsec 2025: A Practical Guide to Attacks and Mitigations - 9th Talk

HOPE_16 2025 - Quantum Computing and AppSec: Preparing for the Post- Quantum Threat - 8th Talk

Sheshananda Reddy Kandula

About SECON NJ Conference

Talk: Quantum Computing and AppSec: Preparing for the Post-Quantum Threat

Talk Overview

Key Topics Covered

Phased Implementation Approach

Share this post

Share on

You may also enjoy

LLMSec Demo: Interactive Security Training Platform for LLM Vulnerabilities

ISC2 & IIA Joint Cyber/AI Training Day 2025 - LLMsec: A Practical Guide to Attacks and Mitigations - 10th Talk

BSides Delaware 2025 - LLMsec 2025: A Practical Guide to Attacks and Mitigations - 9th Talk

HOPE_16 2025 - Quantum Computing and AppSec: Preparing for the Post- Quantum Threat - 8th Talk