Send us Fan Mail

Someone is stealing encrypted data right now and they are not trying to read it today. They are saving it for later, betting that quantum computing will eventually break the encryption that protects it. I dig into the “Harvest Now, Decrypt Later” strategy, why it matters most for long-term confidentiality, and how security leaders can talk about it as a present-day risk instead of science fiction.

From there, I get practical with post-quantum planning: what the NIST post-quantum cryptography standards signal, why quantum key distribution is still niche for most organisations, and the big architectural idea to remember for the CISSP and for real enterprise security programs: crypto agility. We walk through concrete steps like building a cryptographic inventory, mapping where RSA and elliptic curve crypto live, identifying data with 10 to 20 year secrecy needs, and pushing vendors for a clear PQC roadmap.

Then we pivot into CISSP Domain 1 supply chain risk management (SCRM and CSCRM). I explain why supply chains are a prime target, how modern supply chain attacks can ride in through poisoned open source packages, and what SolarWinds showed the world about scale and impact. We close with the nuts and bolts that actually reduce third-party risk: lifecycle supplier management, meaningful assessments (on-site when it matters), document and policy review, audits, and minimum security requirements baked into contracts and SLAs.

If you want more training, check out CISSP Cyber Training, subscribe for weekly updates, share this with a friend who owns risk, and leave a quick review so more CISSP candidates can find the show.

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!