Every organization that relies on public-key cryptography — which is to say, every organization — faces the same problem. The algorithms that protect their data, authenticate their transactions, and secure their communications will, within the planning horizon of infrastructure decisions being made today, become vulnerable to quantum computers. The question is no longer whether to migrate to post-quantum cryptography, but how — and the answer turns out to be far harder than anyone expected.

Quantum Ready is the first comprehensive, practitioner-grounded guide to planning, executing, and sustaining enterprise-wide PQC migration. It is written from the front lines — by an author who has led cryptographic upgrade programs for over two decades and PQC migration programs for over a decade, including one that generated over 120,000 discrete tasks in a single enterprise’s integrated master schedule. Of those, roughly 30,000 addressed direct cryptographic upgrades. The other 90,000 were the enterprise enablement work — governance, vendor engagement, training, policy, infrastructure modernization, and operational integration — that makes those upgrades possible. That 1-to-3 ratio reveals the truth most PQC guidance misses: the algorithm swap is the visible tip of an enormous organizational iceberg.
Across twenty-one chapters and more than 500 pages, this book covers the full arc of a real PQC migration program:

• How to secure executive mandate and build a team with the right skills — before the program stalls at Phase 0
• How to conduct a cryptographic inventory when 100% discovery is a mirage — and build a Cryptographic Bill of Materials that is operationally useful, not academically perfect
• How to score and prioritize risk when everything seems urgent — and produce a multi-year roadmap that survives contact with organizational reality
• How to choose the right mitigation for each risk — direct PQC upgrade, hybrid cryptography, proxy gateways, re-encryption overlays, tokenization, vendor replacement, or Plan B preparation — not just “migrate to PQC”
• How to run pilots, scale to production, and navigate the infrastructure reality of PKI upgrades, HSM limitations, and network performance impacts
• How to manage vendors who say “we’ll be ready” but cannot show you a validated timeline
• How to build crypto-agility as a permanent organizational capability — not a marketing checkbox
• How to integrate quantum risk into enterprise risk management, SOC operations, crisis exercises, and board reporting
• How to adapt the methodology for financial services, telecommunications, critical infrastructure, and government environments — with sector-specific playbooks

This is intended as the definitive practitioner reference — the book that security teams keep on their desks, that program managers reference in planning sessions, and that CISOs cite in board presentations.

Who This Book Is For

CISOs and security leaders who need to design, fund, and govern a multi-year PQC migration program — and who need to understand not just what to do but why each decision matters. Security architects and cryptographic engineers who will implement the migration — and who need architectural patterns, decision frameworks, and real-world lessons, not just algorithm names. Program managers leading complex, multi-year efforts — who need to understand the technical terrain they are managing, not just the project plan. CIOs and CTOs who must position PQC migration within broader technology strategy. And risk officers, compliance teams, vendor managers, and board directors who need to understand what quantum readiness looks like in practice.

If your organization relies on cryptography — and it does — this book is for you.

Inside the Book

Part I — Understanding the Threat
Chapter 1: Quantum Computing and Why It Breaks Cryptography
Chapter 2: Hype, Scams, and How to See Through the Noise

Part II — The Stakes
Chapter 3: The Migration Nobody’s Ready For
Chapter 4: The Quantum Threat in Business Terms
Chapter 5: What a Quantum-Ready Organization Looks Like

Part III — Preparation
Chapter 6: Securing the Mandate and Building the Team
Chapter 7: Finding What You’re Protecting
Chapter 8: The Cryptographic Bill of Materials
Chapter 9: What to Migrate First — Risk Scoring and Prioritization

Part IV — Strategy: Deciding How to Mitigate
Chapter 10: The Cryptographic Strategy — Choosing the Right Mitigation for Each Risk
Chapter 11: Hybrid Cryptography — Benefits, Costs, and Operational Reality
Chapter 12: Quantum Key Distribution — Promise, Controversy, and Practical Considerations

Part V — Execution
Chapter 13: The Multi-Year Roadmap
Chapter 14: Pilots, Migration Waves, and Scaling to Production
Chapter 15: The Infrastructure Reality — PKI, HSMs, and Network Modernization
Chapter 16: Vendors Are Not Going to Save You

Part VI — Resilience and Operations
Chapter 17: Defense in Depth for the Quantum Era
Chapter 18: Crypto-Agility — From Concept to Reality
Chapter 19: Integrating Quantum Risk into Enterprise Operations
Chapter 20: Sector Playbooks — Financial Services, Telecom, Critical Infrastructure, Government & Defense

Part VII — Looking Forward
Chapter 21: The Program That Never Ends

Plus ten appendices: Algorithm Quick Reference, Decision Trees, Regulatory Timelines, Vendor Questionnaire Templates, Crisis Exercise Scenarios, and more.

Marin Ivezic brings over thirty years of experience at the intersection of cybersecurity, cryptography, and enterprise risk, and over twenty-five years of involvement with quantum technologies.

His classical cryptography career spans more than two decades of cryptographic upgrade programs across some of the world’s largest enterprises. His post-quantum work began over a decade ago, with critical national infrastructure clients who recognized the need to prepare early — including PQC migration programs generating up to 120,000 tasks in a single enterprise’s integrated master schedule.

Marin has held regional and global leadership positions at IBM, Accenture, PwC, and KPMG. He founded Cryptosec (cryptography engineering), Boston Photonics (photonic quantum computing), PQ Defense (quantum-safe defense applications), and Cyber Agency (cybersecurity consultancy), and is the founder and CEO of Applied Quantum, a research-driven professional services firm focused entirely on quantum technologies and post-quantum security.

He writes at PostQuantum.com, a premier quantum security publication with over one million monthly readers. He is the author of Quantum Sovereignty: Strategic Leadership in the Quantum Era (2026) and The Future of Leadership in the Age of AI (2020, co-authored with Luka Ivezic). He is a SANS Institute author and instructor for quantum security / PQC courses.