Last year, I asked a room of infrastructure, identity and application leaders a simple question: “Where in our environment do we rely on RSA or elliptic curve cryptography?” The first answers were the usual suspects: TLS on the edge, our VPN and the certificates on laptops. Then we pulled up a dependency map and the mood changed. Crypto wasn’t just in a few obvious places. It was buried in API gateways, service meshes, database drivers, firmware update pipelines and third-party SaaS. Some of it was configurable. A lot of it wasn’t. That exercise is why I think the post-quantum conversation has to move from “interesting someday” to “start now.” Even if large, fault-tolerant quantum computers ...