The Main Scoop Ep. 41 | Preparing for Quantum Computing: This is Your Wake-up Call

Quantum computing is not just a future opportunity. It is a present-day data protection challenge.

On this episode of The Main Scoop, hosts Daniel Newman, CEO and Chief Analyst at Futurum, and Greg Lotko, SVP and GM of the Mainframe Software Division at Broadcom, are joined by Tom Cosenza, Director and Individual Board Member at SHARE, to discuss Y2Q, post-quantum cryptography, and why organizations need to prepare now for a quantum-safe future.

While quantum computing brings meaningful innovation, it also creates new pressure on the systems that protect sensitive data. Encryption standards used today were not built for a world with quantum-level computing power, and organizations that wait too long to act may leave critical information exposed.

Watch the full conversation as the group examines what Y2Q means for enterprise security, why post-quantum readiness matters now, and how businesses can begin assessing the cryptography embedded across their environments.

Key Takeaways:

🔹 Y2Q is the next major security challenge: Organizations need to prepare computing environments for a shift to quantum-safe algorithms before existing protections become inadequate.

🔹 Quantum creates both opportunity and risk: The same advances that make quantum computing powerful also introduce new vulnerabilities in cryptology and encryption.

🔹 Preparation starts with visibility: Enterprises must identify where encryption and cryptographic dependencies exist across systems, applications, and infrastructure.

🔹 Post-quantum readiness requires proactive planning: Waiting until quantum capabilities fully mature could leave sensitive data exposed to long-term security threats.

🔹 A transition strategy matters now: Businesses need a deliberate approach for moving toward quantum-safe cryptography without disrupting current operations.

The question is not whether quantum computing will affect enterprise security. It is whether organizations will be ready when it does.

Subscribe to our YouTube channel so you never miss an episode.

Listen to the audio here:

Disclaimer: The Main Scoop is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded, and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.

Greg Lotko:
Hey folks, welcome to the next episode of The Main Scoop. I'm joined here with my co-host, Daniel Newman. 

Daniel Newman: 

Hey Greg, how you doing? 

Greg Lotko: 

Good to see you. 

Daniel Newman: 

Welcome back. 

Greg Lotko: 

Yeah, I'm delighted to be back. I'm Greg Lotko. We're going to be talking about quantum cryptography today. Some people talk about this as a world, you know, post-quantum computing being out there en masse. I mean, we know there's quantum computers in the world already, but Quantum cryptography and the quantum computer's ability to break what is classical encryption today is quite the topic.

Daniel Newman: 

It's an interesting one. I mean, we've spent a lot of our time lately thinking about AI, but quantum is coming fast and furious.

Greg Lotko: 

There you have it. We went like 25 seconds before AI came up.

Daniel Newman: 

Well, in fairness, I mean, when you jump to quantum, this is something that is really moving fast. It's kind of interesting because you've sort of seen the rise and there's a lot of interest in it, Greg. But at the same time, quantum usefulness is very debated, how useful it is.

Greg Lotko: 

Whether or not it’s going to be broadly applicable.   

How much it’s going to be applied, how much today with machines, you know, 32-cubit level machines, what can you really do? You know, you see quantum supremacy and some are saying, hey, it can finally add two numbers at the same time, everyone is sort of paying attention, knows whether it's quantum sensing, quantum networking, quantum computing, that there are these different applications. And then, of course, the problems they can solve. You know, I kind of look at AI as something that solves a lot of digital problems really well. Quantum has the potential to be something that solves problems in the real world particularly well. And, of course, working in combination with, you know, traditional high-performance computing to do some really interesting things. So it's an exciting time. But when we break quantum, or sorry, when we break cryptography with quantum … 

Greg lotko: 

Card cryptography.n

Daniel Newman: 

 …as we know it. Yeah. It's a really interesting inflection. I mean, all those Bitcoin maximalists, you know, have to have a little panic somewhere in the back of their mind of what happens.

Greg Lotko: 

Well, and I think it's really interesting to think about, you know, we've been talking for years about typical standard computing emulating human thought and getting into the AI type of thing. And I always thought that was pretty bizarre because when you think about how a traditional computer works, the answer to every question is either yes or no. The bit is either on or off. And the world, people have an awful lot of shades of gray and in the middle ground of, hey, you know, is the answer to this yes or no? And it's like, well, maybe, or it depends, or I might do this if there's other factor. And I agree with you, the idea of quantum computing being more broadly applicable and getting closer to what is a human train of thought can get really interesting but the scary part about right is about all the cryptography that we built our world around all the keys all the stuff that you say, hey, With a traditional computer, it would take hundreds of years to break. Quantum computing can break that really quick. Now the cryptography available with quantum or making traditional computers employ cryptography that is quantum safe, that's what everybody's talking about now because the reality is we're right on the verge and we have to worry about people getting our data now, right?

Daniel Newman: 

What a stateful answer that was.

Greg Lotko: 

Somewhere between zero and one. That's right. It was a quantum perspective. But this shouldn't just be us talking about this. Let's bring in our guest for the day. We have Tom Cosenza. He's a shared director and an independent board member. And I know he spent a lot of time thinking about this topic. thinking about, hey, what do we have to do today versus what are the opportunities tomorrow? So you've kind of heard what we're talking about. I'm curious to hear your initial thoughts.

Tom Cosenza: 

Well, Greg and Dan, thank you for having me. So first, I think you're right on on this. I think you have a lot of attack vectors that we as a community and really the whole IT community and all, but mainframe especially because we are so important to the business ecosystem. $3 trillion worth of commerce goes through the mainframes every day, right? So if you think about that, think about what happens if that gets broken. And RSA encryption, which is something that Shor's algorithm, which can be run on a quantum computer, can break, it becomes a very, very precarious place to be in right now. And it's very important that we as the community start looking at this and start addressing this and start taking the steps to protect our customers, our firms, and really our countries too.

Greg Lotko: 

And you've had quite a bit of experience in this space, right? I mean, give us a little bit of background. I mean, I know you're in the financial space. It's not like the area of worrying about cryptography or security is new to you.

Tom Cosenza: 

No, we've been, in my other life, we've been working on creating a better footing for our security for the last seven or eight years. We've actually been on a very long journey, and then PQC came around. Now we've had to kick it up a little bit. We've got to make sure things like we have TLS 1.3 encryption standards going on. We have to make sure that we're using the right level of encryption. And we got to make sure that all our businesses and all our applications are adhering to that. So having that inventory and being able to do that on the mainframe. And I would say that for where I am in my regular line of work, we are way ahead of a lot of places, which I know are now starting to catch up. That fire is starting to come in. So I think this is a really prime time to talk about this. This is a very good opportunity this year to start really looking at this problem and this challenge that we're all going to face. I know you've, I've heard you talk about this as Y2Q. Everybody remembers Y2K and all that. Now the Y2K, we had a particular date. We knew. And it wasn't going to move. It wasn't going to move. Like we knew it then. Unless we did 1999.5 and started reinventing years. Well, first of all, with Y2Q, right, we don't really know the date, right? It could be 2030. It could be as far as 2035. It may be sooner than 2030. We really don't know, right? Because there are a lot of state actors, governments, large corporations that are building quantum computing. 

Daniel Newman: 

Yeah. What do they say about quantum? It's five years away from being five years away? Yeah, but I feel that it's, yeah. It is.

Greg Lotko: 

I know people, people worry about when you're going to get there and whether or not you ever hit the date. But the, the thing I worry about is the reality of somebody can, you know, harvest our data now. 

Tom Cosenza: 

Ah humm, Yeah.

Daniel Newman: 

We just go out and we just share everything. 

Greg Lotko: 

Well, if you're on Facebook and Instagram… 

Daniel Newman:

I'm just saying, you know, the entire corpus of knowledge that you get out of Anthropic and ChatGPT was all stuff we just voluntarily gave the internet. I mean, they, I mean… 

Tom Cosenza: 

Well, but that's not all our PI data, right? 

Daniel Newman: 

No, I'm joking. It's like 95% of the Internet's behind the firewall. I get that. I just mean like we gave it an awful lot because it's pretty darn good without actually having…and that's why we have to protect the rest of it because there is no business value if we give it all away to these bloggers.

Greg Lotko: 

Right. But your worry is whether it be your bank, your credit card, your social security number, all that kind of stuff. If somebody can hack and get in and get it today, they may not be able to unencrypt it. However, if they sit on it and you're not changing your passwords or protecting yourself or changing encryption styles and keys and everything, they can then We'll decrypt it later.

Tom Cosenza: 

It even goes further than that, though, Greg. So you think about it, your social security number doesn't change. I know. Your bank account numbers usually don't change unless you're changing.

Greg Lotko: 

Although I'll tell you, my social security number did get hacked. So when I go to do my taxes, I get a unique secure PIN every year sent to me. And it blows my mind. I mean, think about this. Somebody decided to hack my social security number. I had to chuckle. I'm like, I don't get a refund. I have to pay. So, I was like, hey, if you want to pay my bill instead of me, have at it.

Daniel Newman: 

I'm sure there's other things they consider they could do, like get credit cards with your social security. 

Tom Cosenza: 

Yeah, credit cards.

Greg Lotko: 

I do worry about that stuff, right? Because you can lock down your credit. But what if somebody hacks one of the credit agencies and gets your password to be able to unlock your credit? Which has happened. And it has.

Daniel Newman: 

Yeah, it has happened. Let's take a step back just a little bit. You know, you heard our sort of preamble on what quantum is, what quantum is like. You know, when you talk about like quantum computers, What are your thoughts? How do you describe how it's different than classical?

Tom Cosenza: 

So it's like being in infinite states, right? So where you have a 1 or a 0, you can go. In a quantum computer, as we get more qubits, which is how you measure the strength strength of quantum computing, you can be in multiple and multiple states. So if you think about it, you can have an infinite number of states. Now, there's some great things with this, right? I mean, we're hoping for cancer treatments, right? I mean, like… I lost my father to cancer 12 years ago, right? Kills me every day. I think I miss him all the time, right? I'd love to have him see his great-grandson. But …

Greg Lotko:

Wait, you have a grandson.

Tom Cosenza:
Oh, yeah. Oh, yeah. One year old. He's about that big. 

Greg Lotko: 

That's a big year old. That's a big one year old.

Tom Cosenza: 

Yeah, he's he's he's he's he's growing like a weed. He's from good stock. So. The thing is though, like you're gonna be able to simulate things at a much faster rate under quantum, right? So that's great. That's awesome. So like any technology, there are really good things that are gonna come for this. And I am really excited about it, but we have to protect ourselves too, right? So like you said, harvest now, decrypt later, that's a big problem. But think about, and you mentioned it before, blockchain, right? Blockchains are all built on RSA encryption, right? I mentioned Shor's algorithm earlier today. Shor's algorithm will eat RSA encryption like cocoa puffs. I mean, it will just eat right through it. So you've got that, right? You've also got Grover's algorithm, which can make even symmetric encryption, while we don't think it's going to be broken with it, can make it a bit leaky, right? So you can find patterns in that encryption too, right? So you're talking about like things if you, I forget the movie was about Alan Turing. where that's how they broke Enigma was they were able to find patterns and through those patterns be able to break the encryption, right? But even just having the patterns out there gives you information, right? So it's very important that we as a mainframe community come up with it. And just in the state of security, so here's a really broad thing I remember about this platform. I started coming to Share back in 2006. And back then, there was barely a security track. There was probably three security pieces. We have now grown the security track. It's one of our strongest tracks here at Share. We have multiple sessions, and a lot of the sessions this time around were about post-quantum compute. We want to stay on top of this because as a community we know, and I've mentioned this before, we are the crown jewels of all enterprises.

Greg Lotko: 

So for those who don't know, Share is the longest running user community in the IT industry. Founded actually just before the birth of the modern mainframe, you know, the one that you could bring code forward. Longest running, independent, and you're one of the directors there and they focus on the mainframe environment.

Daniel Newman: 

So you started to tease this, but we sort of got back to the bad and got away from the good. You mentioned your father and losing the cancer. And I think you were insinuating the opportunities with quantum, because we talked a lot about what it's going to be like.

Tom Cosenza: 

So financial forecasting, right? I mean, think about the number of Monte Carlo simulations you're going to be able to run now with quantum, right? Think of how you're going to be able to look at stock markets and try to predict those stock markets, right? Because, I mean, a lot of the predictions are really about running trends and codes. And the more you can run, the more you're kind of leaning into them.

Daniel Newman: 

But, like, there's some really exciting, I mean, things like anyone that's ever been trapped at the the airport using quantum for, you know, it's incredibly good for optimization, right? Like gate optimization, like, how do we get all these people in and out?

Greg Lotko: 

Yeah, I'm not crazy about the gate optimization. How many times have you gone to the airport and you get there early, an hour and a half, and it says, hey, your gate is C23. And then after about 10 minutes, it says, you've been moved to B12. And then a few minutes later, yeah, but they're trying to optimize and I'd rather have them non-optimize and let me get on right where you sent me.

Daniel Newman: 

Well, so Greg wants everyone to wait, so he doesn't. That's the moral of the story. But the net is that, like … 

Greg Lotko: 

I want the plane to stay put until I get out. 

Daniel Newman: 

But it's like manufacturing, like the ability to understand in a complex manufacturing environment where you have different processes that take different amounts of time  how to optimize the production.

Tom Cosenza: 

You're going to be able to run so many simulations on things. You're going to really be able to know. And that's really the strength of it, right? But the problem is, like if we say we go back, I'm going to go back to the bad, the simulations also allow them to break those larger key encryptions, especially asymmetric encryptions.

Null.

Daniel Newman: 

100%. But we can discover good things faster. And I think that's worth pointing out to everybody, doesn't it?

Tom Cosenza”

Oh, no. I don't think we run away from ourselves. 

Greg Lotko: 

But yeah, I think there's two sides to the equation. Everybody's going to naturally talk about the positives of quantum, which we're not naturally. We're focusing on the negatives. The reality is there's a lot of things with the way it fans out and the infinite possibilities, problems that it can tackle and everything. The reason we're talking about it now and the reason we're concerned, and in large part raising the alarm, is that people don't realize how fast this is coming. People are not preparing in their environments to get to quantum safe algorithms with their cryptology and their encryption. And we want to make sure people realize that even though quantum computing at scale is not there today, the threat, the problem, the protection of the data needs to be done.

Daniel Newman: 

So let's get after that with Tom. What should enterprises be doing? What are… 

Tom Cosenza: 

Well, so right now, the first thing they should be doing is they should be taking inventory of what they have cryptographically wise, right? What are they doing in flight, right? What are they doing at rest, right? Making sure their keys are good, making sure they're up to date. Look, if you're still running under TLS 1.1 in your environment, you're already way behind, right? You need to be a TLS 1.3, which is least quantum resistant. 

Greg Lotko: 

But it is crawl, walk, run. You've got a lot of businesses out there that aren't even encrypting a bunch of data that they should be encrypting. Then you have ones that are saying, oh, I encrypt everything. I'm OK. But they're on old standards, and they're not up to date. So you've got to bring forward. And then you go, OK, if you're at the best of the rest, now you need to get to quantum safe.

Tom Cosenza: 

Yeah, and that's what it is. That comes from the CISO down, right? So we need the CISOs out there to start pushing this stuff down and having their people putting this as a priority, putting security on the platform first. 

Greg Lotko: 

They need to make it a requirement, mandatory. 

Tom Cosenza: 

The mainframe is the most secureable platform in the world. 

Greg Lotko: 

Secureable. 

Tom Cosenza: 

Secureable. I said that, right? So I said secureable because you have to actually go and do the steps necessary to do that and make that a priority. A lot of years leading up to, and this is going back to my 2006, a lot of these businesses, and I was a consultant back then, they did not take security. I would usually come in and it wasn't anything about security. It was about high performance, it was about availability, that kind of thing. over in my consulting life, which ended in 2016, the last six years was almost exclusively security. So there has been more awakening at that top level that we have to treat the mainframe in that security context and make sure that's part of our security framework, our security roadmap, and make sure of that. But this quantum, this is going to sneak up on people. And here's the real problem is that right now, the ITF hasn't settled on all the RFCs yet, right? So we don't have a standard yet for some of the stuff that we can deploy, especially like with TLS. What can you do? You can start getting the TLS 1.3 right now. You start looking at all your applications, making sure they're doing the proper encryption, they're getting rid of any old IDs, things like that. All that security stuff, get that all cleaned up now, so then two years from now, Once this stuff starts rolling off and vendors such as Broadcom can add to their portfolio these quantum safe encryptions, you can start moving right into that.

Greg Lotko: 

So it's kind of inventory where you are, you know, figure out what needs to be encrypted and whether or not you're on the latest and greatest standards. Have a plan and accomplish that. Then have a plan for how do you get to quantum safe. 

Daniel Newman: 

Exactly. 

Greg Lotko: 

Beyond that. And start executing. Don't just put it on the shelf.

Tom Cosenza: 

Yeah. Don't wait. Because here's the risks you run, right? So here's the risk you run as a business. One, you run a financial risk, right? Because you could have your data compromised. Even today, if you're not on the strong standards, you could have your data compromised. You also have regulatory risk, which you could have fines, you have reputational risk. And let's say you do wait and you say, you know what, we don't have to wait until…they said 2030, we're going to do this in 2030. We're going to do this in 2029. We're going to plan this in 2029. Well, now you're going to speed through everything, which is a high cost. Not only makes it expensive, it's going to be a lot more costly to do it that way.

Daniel Newman: 

So let's have a, you know, a little fun to sort of wrap up this conversation. By the way, I appreciate all your insights. I'll ask Tom first, then I'll ask you, but what's your five years away from being five years away? When do you think, if you had to make an estimate right now, when's this going to actually happen based on what you know about the roadmaps of these quantum companies and the bad actors in China and everything else.

Tom Cosenza: 

I wouldn't think… Adam Chapnick Honestly, I'm more worried about the states I don't know about, so I'm already like, we're at the five-year. Marc Thiessen Okay. You think we're genuinely counting down to five? Adam Chapnick We're counting down. We're probably past that, because think about it, and not to bring politics into it, but think Social Security. Every time they said, well, in 2040, it's going to run out. Now in 2038, it's going to run out. Now in 2036, it's going to run out. Now in 2032, it's going to run out. They're basing these estimates on no information, but we also know technology increases exponentially. And I don't think you can take the risk. I know in my business, I can't take the risk of, oh, it's not going to be that five years of five years, right?

Daniel Newman: 

So what about you?

Greg Lotko: 

And I don't mean this as a quip, as easy as it sounds. We're going to be there before we know it. And by that, I don't mean, oh, it's coming really fast. We will be there. The data will have been compromised and we will be exposed because the technology will be there. And we won't even realize it probably until months or a year later. I do think this is coming really fast. We're in 2026. It's not 2030. I do not believe that this is a five years, a five years, a five years thing. We're going to be there before 2030. And the first breaches that happen, you're not going to hear about it. You're not going to hear about it until it's too late. So businesses need to be on their horses and protecting themselves today.

Daniel Newman: 

I actually agree. I'm such a tech optimist that unfortunately, even the negative things I think will happen fast. So, you know, that's good though. That's good. We aligned on something for once.

Greg Lotko: 

I'd rather be aligned on a reality that was a rosy picture. So it's good that you and I both believe in doom and gloom.

Daniel Newman: 

Well, you know, let's put it this way. This may be the most actionable episode of The Main Scoop ever. For every CISO out there paying attention, I think you just got the warning shot. But at the same time, it's a really exciting future for those that get it right, for those that are on the right side of it with all the things that quantum are going to be able to do. And like I said, I've always said it's a quantum plus AI story. It's not, or there will be some things one does, some things the other is, by the way, you got to give me some credit. I think I only said AI like three times that entire show. And I'm pretty bad. 

Greg Lotko: 

You just said it three times in the last 30 seconds. 

Daniel Newman: 

Well, that was only once before that.

Greg Lotko: 

I think it was three.

Daniel Newman:

Three?

Greg Lotko: 

But we'll let our viewers decide.

Daniel Newman: 

But who's counting? Tom, thank you so much for joining us on this show. Great to have you here. Thanks for all the work you're doing at Share. And thanks for all the great advice you gave to our audience.

Greg Lotko: 

Thank you for having me. Totally agree. And I also agree with you. The importance of this episode is the call to action. It's not whether or not you believe what we're saying, or you can pin down the actual date. It's get on your horses, get working to protect that data and protect your business.

Daniel Newman: 

And of course, get online, hit subscribe, be part of our MainScoop community. Join us, check out all the great content here on the MainScoop, but we gotta go for now. I'll see you all later. We're out, bye.

‍