Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube
Transcript is auto-generated.
Josh Lupresto (00:00)
Welcome to the podcast designed to fuel your success selling technology solutions. I’m your host, Josh Lupresto SVP of sales engineering at Telarus and this is Next Level Biz Tech.
Everybody welcome back. we’re kicking off today. It’s called When Quantum Meets Cyber and it’s a field report from the front lines. Today on with us we have Sumera Riaz, Telarus Solution Architect over security. Sumera, welcome back.
Sumera Riaz (00:32)
Thanks, Josh. Great to be here and great to kick off cybersecurity awareness month with you.
Josh Lupresto (00:38)
love it. So you, you know, we like to get out to these conferences, we like to understand what’s going on. You know, in past episodes, we’ve talked about what we’ve seen at reInvent and Google Next, and we’ve sent folks to Dreamforce. And so ⁓ you got to go to a I think a pretty cool one, the, ⁓ you know, Quantum World Congress, there’s a lot to unpack here. And we’re going to get to that in in just a second. But maybe let’s give anybody that
that doesn’t know, that hasn’t met you, just give us a tiny, you you’ve been here a little while, not too long, but for anybody that doesn’t know, you give them a little bit of backstory on historically your role, kind of where you come from.
Sumera Riaz (01:18)
Sure. So I’ve been in cybersecurity now for almost 18 and a half years. My career started early with GSIs like HCL, USC Global, Capgemini being the last GSI I was with and ⁓ based in Europe for 11 of those wonderful years. ⁓ At the end I was with Capgemini, ⁓ one of the global CISOs that ran our internal security, but also managed ⁓ five of our strategic accounts, which was Bayer.
British Petroleum, HSBC, Vodafone and Orange. I had a team of 145 people, two SOC centers, one out of Scotland, one out of India, and then my GRC team was based out of Amsterdam and Poland. And 2017, I moved back stateside and been a CISO until the channel found me, end of 2023. and then about a year later, found my way to Telarus and here we are.
Josh Lupresto (02:13)
love it. love it so much. lot to unpack there. A lot of but I think what I want the advisors to understand is there is so much cool experience there that you have had so many things that you have seen so many different shoes that you have been in. And I know that will come out over time whether it’s on this podcast whether it’s when you’re working on opportunities with partners. Just seen it already happen. So love ⁓ love that and excited to have partners get more exposure more experience and bring you in on on deals and all that good stuff.
⁓ All right, let’s kick this off. First of all, ⁓ before we get into what you saw, what you learned, all these good things, let’s just level set on why quantum? What is quantum? Why does it matter? Help everybody understand that.
Sumera Riaz (03:01)
Sure, so I’m gonna give a disclaimer. I’m not a quantum physicist. I’m, you my master’s is in information technology, CISSP, Certified Ethical Hacker, CISO. I am not a quantum physicist. So about two and a half years ago when I CISO, I stumbled into quantum almost by accident. So at the time my company was going through a minor event.
And we have the best defenses in place. We had over 15 million in security spend every year. We have the best of suite. We have the best of free. And after the cleanup of this event, I just kind of paused and took a moment, reflected across my entire digital landscape. But one question kept gnawing at me is, if today’s top shelf defenses are already strained, what happens when tomorrow arrives? Faster than we can expect.
So I started digging into quantum at that time. ⁓ At first it felt like science fiction. I was listening to Willow, Google’s Willow pitch and Query and others, and they were talking about the multiverse and ⁓ all the different probabilities that quantum computes. So at first, of course, it felt like science fiction, particles in two places at once, computers that think in probabilities instead of absolutes. But then it hit me that this isn’t about physics alone.
It’s about trust, it’s about risk and opportunity colliding all at the same time. So the task for me wasn’t to understand physics, it was leadership, translating the future into decisions that we’re making today and then teach others so leaders can prepare, protect and grow in the quantum era. So, and that’s kind of what set me on this path, not chasing hype, but helping others see that quantum isn’t just a feature of computing, it’s a feature of trust.
Josh Lupresto (04:50)
So if we try to level set, I guess a little bit about, ⁓ I guess I don’t want to go too deep into this, but I think quantum is just a really hard thing to explain. And if we think about Moore’s Law, we’ve talked about that a lot on the podcast, things exponentially, let’s say within 18 months, the computing cycle, the things that we invented 18 months ago are obsolete, right? Because people are bringing in new chips, they can do more processes, more flops, all that good stuff.
Can you just maybe give us a 30 second on, this is not a, we can stack more GPUs, CPUs, more on off cycles, electrons are either on or they’re off, normally. And so we’ve been able to get in front of the latest and scariest security stuff. is it about, how does quantum work in 30 seconds or less that makes it so interesting to understand?
Sumera Riaz (05:34)
Mm-hmm. Yeah.
Sure. So quantum has the ability to compute faster than our classical computers today. Quantum works in qubits, where classical computers work in bits, one, zero, one, zero. Qubits are one and zeros. with superpositioning and entanglement, they can be in multiple places at once. So if you think of outside of time almost, a bat look into
a whole screen instead of looking at it in one frame at a time. So with that, the probabilities and the equations that go behind the scenes are not mathematics, they are physics. So what we have today is a set of equations for our classical computer. It’s math. With quantum computer, it’s physics. So it’s kind of law of physics meeting ⁓ math problem. But ⁓
The good part, the thing that is gonna create this intrinsic trillion dollar economic value here in the near future, it’s about processing speed. How can we, the drugs to discovery, to market, it’s gonna speed that process. Quantum security is mind blowing. Some of the stuff that we’re gonna talk about at the QWC, some of the things I saw, they were like, this is amazing.
and that we’re taking security into account when we build out an entire ecosystem. That was very encouraging to see that, of course.
Josh Lupresto (07:20)
all right, Quantum World Congress. You went, what is it, help us kind of set the stage for the rest of what we’re gonna talk about.
Sumera Riaz (07:29)
Sure, so Quantum World Congress has been going on for, I believe, the last five years. And this year, was my first time going. you know, first, thank you Telarus for allowing me to attend this amazing gathering. So basically, it’s a global gathering. This year, it was over 31 nations that came, delegates from every nation for 31 countries were there. There was the people, the quantum physicists and scientists who actually thought up
the theoretically what quantum computers can do. And then in the same room, you had companies who took that theory and converted it into practicality. And then you had the Microsoft, the IBMs, the Queras, the Quentinium, Zion Qs in the room, who took that practicality and made it marketable and commercialized it. And then you had, you know, the government, you had the industries there, you had DoD, had NSA there.
⁓ and all these different branches, Nest was there. And so all these companies have come together to see how are we gonna, how are we gonna, this has moved out of the lab into marketplace. Now how are you gonna build a runway together instead of ⁓ one industry at a time? It’s just, was a very collaborative effort. ⁓ So the message was clear, Quantum has actively moved from the lab into the marketplace.
And then when you see supply chains, standard bodies, major providers already laying the groundwork, you realize this isn’t a someday conversation, it’s a now conversation.
Josh Lupresto (09:01)
Yeah, what I guess what are some of the other what’s the ground truths here? What what started to stand out to you the most right? I mean, we we it seems like we tried to talk about and started hearing quantum a couple years ago, but we didn’t know how far away it was. We didn’t hear about Willow or IBM’s cubits or we see everybody dumping the money into it. We see the companies coming out. We see big companies making investment. It’s it’s much more plausible, right? And much more real. So maybe walk us through.
Sumera Riaz (09:26)
Yes.
Josh Lupresto (09:30)
what stood out to you the most in some of those initial things that you saw.
Sumera Riaz (09:34)
Sure, there are four things actually that stood out the most. First one was all the nations that were there together in the international meeting room, every single nation got up and said the same thing, that there cannot be a quantum supremacy. If one country has quantum supremacy, then it just becomes a zero sum game. And that was the whole reason why we all came together in this, in D.C. last week. So the conversations at this point aren’t about if anymore, they’re actually about how soon.
Government, tech giants, investor, they’re already aligning on commercialization timelines. So, and then the second is post-quantum cryptography isn’t something we read about or theorize about anymore. It’s a now a boardroom topic. The urgency about safeguarding today’s data against quantum threats is one of the top things that, you know, most everybody’s talking about. That’s kind of the buzz. So from Washington to Europe, to Asia, policies and standards are forming.
the level of international alignment signals that quantum is becoming infrastructure, not just innovation anymore. So we had, and lastly, had Microsoft, IBM, Booz Allen, NVIDIA, IONQ, startups, supply chain leaders, SaaS providers, government programs, and the whole ecosystem is building this runway together. So that was amazing. It was awe-inspiring. ⁓ I’m in room with panels, with NSA, with MIST.
Just the conversations now are how do we help companies ⁓ get this message out to the companies and help them with their roadmaps.
Josh Lupresto (11:12)
I love ⁓ it.
So let’s think about ⁓ quantum threats today versus what’s coming tomorrow and kind of when. think as a Bill Gates quote, we underestimate the results of the long term, we maybe overestimate the short term. And so it feels like,
with what we’ve learned foundationally with quantum about how it exponentially increases compute power in just a different way, physics versus math, taking that into consideration about quantum kind of breaking current encryption standards, right? That’s probably some of the talk track. So with what you saw, how real is that threat, timelines, and I guess really how do you want customers and customers thinking about that?
Sumera Riaz (11:54)
Sure and that’s such a great point you bring up and a great question too. So we know that this is a real threat, that our today’s encryption will break. NIST last year came out with new post-quantum cryptography standards that companies and governments are now moving to. So the threat is very real. You hear a lot of buzz around it, but I believe the issue is a little bit deeper.
than just that initial breaking encryption. Quantum computing is large scale, right? So it’s going to break encryption at some point. It’s going with, when that happens, companies are gonna be out of compliance. So it’s gonna be a multi-fold, you know, instead of just the encryption alone, but large scale fault tolerant computers are already here. IonQ and NVIDIA.
⁓ who has a great GPU, IonQ launched their first fault tolerant computer earlier this year. Quantinium is about to launch Helios, their first fault tolerant computer. Cloud is a service, hardware is a service. So the consumption today is a hybrid model. So it went from theory, practical, marketable to hybrid, where we are now. And then in the near future, in the next two to three years, we’re going to see it commercialized.
So that’s kind of the trajectory that I saw at the conference and, you know, in everyday life, that’s kind of where we’re headed. So the issue of the threats, the risks, it is real. And I believe that all companies out there, our clients, our own companies, we must have trust and confidence in our data and our systems. I mean, that’s the bottom line. And because data has a shelf life.
If someone is stealing and storing our data today, they may decrypt it once those machines arrive. That is why governments, major providers, they’re already moving to a post-quantum cryptography standard.
Well, and I will add actually one more thing. If you’ve seen Nvidia’s Jensen Huang ⁓ earlier in January when he and Bill Gates, they were ⁓ interviewed for ⁓ a magazine article. ⁓ He said quantum is 15 to 30 years away. And just a couple of months ago, he revisited that statement and he said quantum is at an inflection point now.
which it’s nearer than we realized, where NVIDIA also launched their hybrid model this year. So the pace that it’s going and the trajectory it’s setting, it’s incredible.
Josh Lupresto (14:29)
and
So we tend to see ⁓ events like this, we get big groups together as we start to see companies sink money, people making investments, groups getting together thinking about how do we make this better for everybody. And then once we start to see frameworks and standards bodies, we know what’s coming. I think we can all attest to we saw that when…
you know, the federal government got into the DOD side of things and CMMC, if you’re going to be doing business with contractors. And we saw that formalization and now we’ve seen that over the last couple of years come into the channel of people trying to get prepared for certain levels of CMMC compliance. That was just an idea a few years ago. It was like, ⁓ don’t worry about it. It’s not a big deal. And then all of a sudden it became a big deal. So it feels like ⁓ NIST is kind of figuring this out, right? NIST is
this standards body that creates some of these things. So maybe walk me through where was NIST a part of this? Where are they at on standards? How do they look at quantum? What’s the thought there?
Sumera Riaz (15:41)
Sure, so ⁓ I actually met ⁓ people from NIST at the conference and they took part in many panels and then they actually invited me to have dinner and drinks with them one of the evenings and got to know them better. just, you you think of NIST as a standard body and I never think of like, there’s actually a bunch of people who make this possible. So I got to meet those amazing people behind the scenes that do all the work and… ⁓
It was amazing, just wonderful meeting them. Their mood was of course excited and focused. Excited because this tech is going to solve so many problems that today’s classical computer simply cannot. And they were focused because of the work that lies ahead. So last year in August 2024, they updated their encryption standards, NIST did.
⁓ to post quantum cryptography, which federal agencies are already preparing to adopt the new PQC standards. In the coming months, we’re going to see another post quantum standards update from bodies like ISO, from IEFT, which is the Internet of Engineering Task Force, the second standardized ⁓ organization for internet protocols like TCP IP. And then you’re going to see 3GPP, which is Telcom. ⁓
they’re gonna update their PQC standards. So it’s kind of a ripple effect. So NIST started it, ISO, and then all the other bodies are gonna eventually within the next two to three years adopt the PQC standards. So that was pretty cool. And we heard from NASA, NASA, NSA, other agencies on the specific roadmaps. For the United States, the date was by January, 2027, January 1st, we have to have a roadmap in place. When…
we heard from the rest of the delegations in EU and APAC, their roadmaps are, we have to have one by middle or end of 2026. So I think US is now revisiting their date to roadmap and we’re gonna keep you posted on all that good information as it comes out. But one interesting point I will mention that was brought up by NIST and other bodies there was that,
Companies, our clients are waiting for supply chains to upgrade their quantum standards so that they can adopt once these companies have upgraded like Microsoft, for example, or Google, or other ERMs, CRMs, and SAS’s service, which is understandable, right?
I think there’s a miss because the company’s data, our clients data doesn’t belong to Microsoft. It doesn’t belong to Google. It doesn’t belong to any Salesforce or any other CRMs out there. It belongs to the company. And as a company, we must take responsibility to safeguard our data.
Josh Lupresto (18:30)
I agree. ⁓ It’s interesting. mean, it fits into the timelines of what you mentioned, right? We saw quantum as an idea just a few years ago, and then these things have happened. The Quantum World Congress happens. We talked about investments already. And ⁓ the time horizon is definitely shortening. And so it’s interesting. mean, the middle of 2026 is not very far away. So it’s awesome to see.
everybody kind of getting in front of this, getting ahead of this, because it wouldn’t surprise me. mean, think about, did anybody that’s out there listening think that LLMs and OpenAI would drop the product that they dropped in 2023 and it would be as effective as it was on day one? No, ⁓ I don’t think so. I don’t think we expected that for a little while yet. If you’ve driven in a self-driving car, did you expect it to be that good yet? It’s not perfect. They still make errors.
but I’m constantly surprised at how good these things are already and how fast they’re moving. So it just seems to me like we have to take ⁓ quantum seriously, I think. Same side, right? And these timelines line up. ⁓ Let’s think about, right, think about for the partners listening to this. Obviously, we wanna make sure that we’re bringing you these angles, these threads, these things that are out there that are relevant.
Sumera Riaz (19:38)
Yeah.
Josh Lupresto (19:54)
And then how do we help you translate that? How does this go into a meaningful conversation with your customers? Of course, you’ve got amazing folks such as yourself here in the broader Telarus Engineering and Architecture team to help you in those conversations. I guess, Sumera, from your perspective, how do they start the conversation? What are these questions like? How do we make it so that it doesn’t sound like it’s just something out of Star Wars? ⁓ How do we walk through this?
Sumera Riaz (20:22)
So very good question. So kind of bringing it back and landing this is the way you have the conversation, the key to this is grounding the conversation in trust and reality. You don’t have to start with quantum physics. In fact, I would urge you not to. You start with business impact, right? So you remind clients that every major technology shift wants to Josh, like you said, sounded like science fiction, ⁓ the internet, who’d have thought?
You know, that could be something. The cloud. I remember all the hype. Let’s move to the cloud. Well, where is the cloud? You know, all ⁓ the mystery around the cloud a few years ago and now AI. To your point, it was science fiction at once. It was something we saw in the movies, but now we’re in that reality. We live it and quantum is going to be just like that. It’s just simply the next chapter.
And the real risk isn’t that it’s coming, it’s pretending that it’s not coming. So as technology advisors, the win is when we can translate the complex into practical. Mr. Client, what does this mean for your data? What does this mean for your compliance? What does your long-term resilience look like? Clients, the ones that are in critical infrastructures today. ⁓ So I’m thinking FedRAMP, CMMC clients. ⁓
banking clients. They should start their cryptography inventory, their post quantum pilots, and building this into their long term risk planning. So I think by framing quantum as a foresight rather than fear, we’re giving clients the confidence that preparing today isn’t just about buying into hype. It’s about protecting the future that they’re working so hard to build.
Josh Lupresto (22:14)
⁓ As you think about things like this, always like to go, when we started the security practice years ago, it was who are they going after first? Because I remember when we would talk to customers and we would get advisors all excited about this, we’d go and talk to customers and they’d go, ⁓ I’m not big enough. You tell me about these hacks that happened to Target and to these other banks and stuff like, I’m not that. I’m a much smaller whatever. Nobody knows about me. And that was the thesis early on.
And we’re sitting here, we were sitting there then saying, Hey, ⁓ do you use the internet? ⁓ And do you do business? If you checked yet and do you breathe air? If you checked yes to any of those boxes, then let’s have a conversation because it turns out the bad guys don’t care whether you’re a one or two person shop, or they don’t care if you’re a hundred thousand employee healthcare organization with a bunch of very valuable black market, you know, personally identifiable pieces of information. So.
From your perspective, ⁓ what industries, do we think about the quantum things the same way? Are there verticals that we think that are the most impactful first or should be worried? What’s your thoughts there?
Sumera Riaz (23:29)
So it’s such a good point you bring up. this is the question I asked most all the vendors on the expo floor last week is who is your ideal client profile right now? Which are the industries that are coming to you and asking for roadmaps, asking for solutions. And it was a resounding message across the board. They said the first ones coming to us are the governments, different governments across the world, the for United States, our DOD, aerospace.
So that translates into our world as your FedRAMP clients, your CMMC clients, any SLED clients, any government agency, whether it’s state or federal, those are goods for a talk track or to start engaging in these conversations. it’s a close second is the banking industry.
Banking in the United States, I’m speaking of. So banking is already, there’s a couple of very large banks that are already on their post quantum journey. They’ve already done the roadmap, they’re on their journey now and they were also at this event. So banking is a close second in when having these conversations. And then after that, I believe we’re just gonna see the ripple effect from healthcare, manufacturing, so on and so forth.
Josh Lupresto (24:48)
I love it. ⁓ Yeah, I think it’s just like a little bit of before where he or she who has the most valuable records and is the least armed ⁓ is the most susceptible. And so how do we continue to help those customers think forward? And what I like about this is that ⁓ this isn’t something that they’re already deeply entrenched in. This is something that we’re gonna have to continually have a lot of education conversations. We’re gonna have to continue to bring
vendors and things like that into the landscape over time as products mature and as this product commercializes. And so excited to kind of see where all that goes. We’ll keep a close eye on it. We’ll keep bringing that to you. And we’ll keep going to these things. And I think they’re super valuable, right? For us to see how does that time horizon shorten, expand, you know, does it go into different dimension? Who knows? The point is, we’ll keep an eye on it. And we’ve got amazing resources. You’re hearing from
one of them right here to help lead out that conversation. So ⁓ I guess as we kind of wrap up some of this talk track here, ⁓ we know that exponentially ⁓ quantum computing will impact security, right? The things that took hours and years before to crack could potentially take seconds and minutes once quantum kind of proliferates, right? So those are the things that we’re trying to get ahead of.
As a security architect, how did this conference change the way that you will advise partners or customers going forward?
Sumera Riaz (26:24)
That’s a great, another great question you bring up. So, Telarus, at Telarus, we are ahead of the curve in many ways. And if you have worked at all with our engineering team, it’s second to none. We’ve got brilliant people on this team, on our staff. So the solutions that I and my team bring, they not only solve today’s business challenges, but are foresight on tomorrow’s emerging tech.
and emerging threats. They ensure that our partners and our clients are armed with the information they need on this growth journey. So it’s a difference between handing someone an umbrella when it’s pouring versus telling them, please carry one because we can see the storm forming on the horizon. So our conversations, they go beyond using technology to achieve business outcomes. We focus on turning in those outcomes into real impact. So ⁓
All that to say is we can help you have these conversations. We can help you earn and build and maintain that trust with your clients. We’re built at Telarus to lead this next wave of this new frontier. We’re ready.
Josh Lupresto (27:31)
I love it. I think that’s a great place to wrap it. Sumera ⁓ awesome stuff, exciting, leading it out, leading the charge on Quantum, kind of first out there. Appreciate all your efforts and ⁓ great stuff, lots of great nuggets. Hope everybody can go back, listen to this, and just figure out one or two talk tracks. Think about it with your customers. Are you thinking about this yet? Is this on your mind yet? If so, we should have a conversation. If not.
we should have a conversation. I love when things go that way. So Sumera, I really appreciate you coming on. Thanks so much.
Sumera Riaz (28:04)
Thanks.
Josh Lupresto (28:06)
All right, everybody that wraps us up for today. As we mentioned in the beginning, this is kicking off Cyber Security Awareness Month. We got multiple sessions coming ⁓ through for you in the next couple of weeks. So keep an eye out for those. I’m your host, Josh Lupresto SVP of Sales Engineering at Telarus. Sumera Riaz, Telarus Security Solutions Architect. Field report from the front lines when quantum meets cyber. Until next time.