We've had engagements with several agencies

where we've gone through the process of scanning

and discovering a discovery period, discovering

their vulnerabilities and helping them to identify

the ones that they should attack first. That makes them the most

vulnerable. And yes,

I think that's a good. Way to put it right. Because now is not the

time to panic. I'll paraphrase the Batman movie, Now is not the time to panic.

That'll come later. Quantum risk isn't about panic. It's

about timing. And that's exactly what we talk about on this episode

of Impact Quantum.

Hello and welcome back to Impact Quantum the podcast. We explore the

emerging field of quantum computing. And not just the field, the entire industry

where you're going to need not just PhDs, you're going to need marketers, sales reps,

et cetera. Just need really to be curious. And the most quantum

curious person I know is Candice Cooley. How's it going, Katus?

It's great, Frank, thank you for asking. Today is really

exciting. Okay. We're going to be speaking with Benita

Sassueta. Okay. And she does

quantum safe at IBM.

Interesting. We have a lot to talk about.

So quantum safe. Quantum safe what?

Safe from a cryptographically

relevant or a fault

tolerant quantum computer being able to crack

the cryptography once in the hands of

an adversarial threat. So

there are algorithms that

once on a fault tolerant computer it has enough

qubits, error correction is good.

The harvest now and decrypt later aspect

comes in where if an adversary has our

encrypted data, they're able to

use a fault tolerant or cryptographically relevant quantum

computer to decrypt that data that they

harvested that they weren't unable to encrypt. And this is

the time to do that will be shortened so it would be more

of a reality. And not only

is this part of my day job, but it's also my

dissertation subject. So I'm getting

a. I'm pursuing a doctoral degree in

business. I was really, really curious

from my career starting out as an engineer in the lab rat and research,

I was curious on how business decisions are made, especially

with emerging technologies. After my

MBA dug deeper and now I'm pursuing

my doctoral degree in business and my dissertation

topic is the impact of

a fault tolerant quantum computer on the

supply chain ecosystem

that use abominable software parts.

So they're already susceptible to Many cyber

attacks. So we know it's only going to

multiply and be more of an issue once

the adversaries have the capability to use a

quantum computer to attack the supply chain.

So without giving away any information that you don't want to

give away as you're, as you're putting your dissertation

together and stuff, are there any key insights that

you've that have emerged so far in your, in your,

in your work that you could share.

So the. I can share a little bit

about my methodology. And after being in science and

engineering so many years, we have a certain way of

addressing a problem, but by

using theories that aren't normally used in

the science world, like theories in psychology,

theories in sociology and other theories, decision making

theories. I'm viewing the issue from a different

lens and I haven't actually

began my research yet. I'm putting together my

design, designing my theoretical framework.

But I'm excited about the

theories that I'm applying to this problem. Looking

at it from a different viewpoint. Not

necessarily. Okay, it's

obvious on the innovation point,

innovation is, you know, happening rapid. You know,

we have to be able to adapt to these changes. We have to be able

to adopt this technology. But looking at a viewpoint from, okay, where is

the CIO or the CISO is coming from?

Why aren't they making these decisions to

implement or transform

their cybersecurity protocols to be ready for, for

when we have this fault tolerant quantum computer?

So yeah, you, you know, there's a lot of I want to unpack because in

your intro, you, you did bring up a lot of things that not every listener

may know. Right. So harvest now, decrypt later, I think would be a good.

Well, let's go back even further because I was listening to,

actually it was Joe Rogan podcast and he had Jensen Wong on there,

right. And it was an interesting thing because they, you know, I

think Jensen Huang is a very smart guy. Joe Rogan's

kind of like the everyday layman, so to speak, right? So he's like freaking out

about, oh my God, quantum computers are going to develop this super

sophisticated AI and it's going to blow through everything. And

Jensen tried to talk him down from the ledge. So I think it's important,

I think it's important that we level set here. Right.

So why are

quantum computers dangerous to

conventional encryption and basically everything we do? I think that's a good place to start,

then we can ask because that'll lead into harvest now to grip later.

Okay. Okay, so

we're not there yet. But we are

fastly approaching. Like I

mentioned previously, we

do have cybersecurity protocols.

Everyone knows about nist, and they have

protocols that we're supposed to

adhere to to protect our data. Right. To

protect our information. Well,

there are algorithms that can be ran on a

quantum computer that can

decrypt our once encrypted data

and it can do it in a time frame that won't take

thousands, hundreds, hundreds of years. So when it comes to

cryptography and the complexity of math that's

used to protect our data, so the threat of the

quantum computer is being able to solve those

supposedly unsolvable math

problems that protect, Currently protect our data. And that's where the threat of

the quantum computer comes in, because that's the whole,

that's his whole purpose is to be able to solve complex

problems not really solvable by

classical computer

in a shorter time span. So, so if you

encrypt your credit card data with convention and everything's

conventional, there's no quantum magic just yet. Right.

The idea is that by the time bad guys or bad gals

could decrypt that and

go on an Amazon shopping spree for you, it would be hundreds of

years. And honestly, in 100 years, you're probably going to have different problems, if you

have any problems at all. Whereas a quantum computer

could theoretically do that in to, say, an hour.

That's being generous. That's. Yeah, yeah, it won't be an hour, but,

you know. Yeah, yeah, yeah. Long enough to ruin your, ruin

your next credit card state, short enough to ruin your next credit card statement. Would

that be a good way to put it? Yeah, yeah. So, and then,

so then why are like national security types and

other people really freaked out about harvest now, decrypt later?

Because. Our data is so important.

And I've been working more on the federal side and

yes, they are aware and they are

putting protocols in place to protect

all of the data. I started out at Raytheon

Missile Systems, so I started out. Okay. So you've been in defense tech a while?

Yeah, I've been in defense on the hardware side with

missiles. Now I'm sort of indirectly on,

I think the next digital war being behind

protecting, helping our government and its

integrators protect our data. We

don't want our secrets in the hands of the

wrong person to use against us. Definitely

no, 100%. And the irony of the time we live in is

that while this is

coming soon, we don't know when is it. Three years, three months,

not three decades. Right. It's coming in some reasonable amount of time frame

and storage is cheap, right? So you have a lot of folks that are just

fine, your conversation is encrypted. I'm just going to store it.

And then whenever this happens, I'll be able to go back and decrypt

everything and kind of like the whole keys of the kingdom will be. Even

if it's a few years old, it's still going to be relevant enough.

And it's really scary. When I first heard that, I was like,

oh my God. Because I live in the D.C. metro area,

so, like, I'm not directly like in defense tech, but like, you

know, close enough to it that like, you know, it's not hard for me to

imagine, like, oh, this is like serious, seriously dangerous

stuff. Like, and I'm remembering a point to

answer Candace previous question.

Another thing that I discovered in my dissertation research

was that China,

China's criminal landscape, over 30%

is, are cyber crimes. So, and

that was as of what, five to seven years ago, and it's only

increasing. So by the time we do have a,

a cryptographically relevant quantum computer, who knows what that

number will be, but it'll probably be well above 50%.

So it's not just domestic, you know,

it's definitely foreign as well that we want to make sure that we

are protected. I mean, as a business model, looking at, from like the

criminal's point of view, cybercrime is like the best bang for

your buck, right? Or, or because

you're, you can be based anywhere in the world outside of

people's jurisdiction, sometimes even with your host country's

government's protection added to it. And you

could, you could, you know, if you walk downtown, don't do this,

kids at home. But if you can walk into a bank and you could, theoretically,

yes, you could rob a bank, but the chances of you getting caught, shot at

or elsewhere are pretty high. But if you rob a bank on the other side

of the planet, you know, your chances of getting caught are

way lower. They're not zero. But, you know, especially if

you're backed by a particular state, you know,

it's actually, I mean, from the criminal's point of view, it's safer and it's more

effective. Do you think that the governments are moving fast enough to

address this threat, or do you think they're getting stuck on

the policy gap? Well,

I don't think it's an easy

thing to do

looking at the vast amount of data, the

vast amount of information that needs to be protected and all of the

systems that's already in place, the transformation

that it's going to take to become cyber resilient,

which is meaning that, hey, we're not just protecting against

a quantum computer, but we're protecting against any other future

as much as possible emerging technology that can be a

threat to our modern day cryptography. So

I think they've already began, you know, and I

the first step being assess what you have, right?

So knowing where you're

vulnerable, knowing your cryptographic

vulnerabilities and then prioritizing those

vulnerabilities on which one we have to

address these first and have an action

plan to be able to

mitigate this. And so I can't

speak directly on if I think they're going fast enough

because I'm not aware of each

individual agency's plan. But there

have been, you know, there has been movement and they are

taking it serious. We've had, we've

had engagements with several agencies where

we've gone through the process of scanning

and discovering a discovery period, discovering

their vulnerabilities and helping them to identify

the ones that they should attack first. That makes them the most

vulnerable. And yes,

I think that's a good. Way to put it. Right. Because now is not the

time to panic. I'll paraphrase the Batman movie. Now is not the time to panic.

That'll come later. But

now's the time to assess and kind of reasonably through it.

I first heard about this probably

before I had my quantum computing aha moment in 2019.

I first heard about this in 2015, 2016 ish, when

he said basically like look, we don't know when this will happen at this

time. They were still measuring in decades, right?

But he's like, well, we should start

upgrading our encryption today because one, we all know how

slow federal it tends to work, right?

The best way to be ready in 10 years is to start five years ago,

right. And the second best way to be ready in 10 years to start today,

right? So that's one angle that's a very kind of very stoic,

very calm way to approach it. And then there's all the way on the other

side, the complete freakout thing, which like I said, I don't think it's time to

panic yet. I think that we'll get there, but not now. But I

think the best thing to do now, like is exactly what you said, right? Triage

and just slowly implement because what you don't want is you don't.

And I know there was some drama about this and maybe you can shed some

light into this. My wife actually works at nist, but not

on the quantum stuff. Right. So I kind of, I kind of hear some of

it. But wasn't there like some

algorithms that were ranked as quantum safe or quantum resistant and then

somebody broke them within a couple of weeks?

That was like a few years back. Might have been before the

pandemic. I don't remember exactly. Okay.

Or am I misremembering that wrong? Because. Yeah, I don't

recall. But you know, you're not speaking of the ones. Definitely

not speaking about the ones that were recently. No, not the recent ones.

Okay. Yeah, because remember they had kind of like a Hunger Games type thing

where it was like they had. You know what? I think that guy is an

IBMer who cracked it. I think he was on. I think you're right.

Zurich research team. Team was really, really smart people. Some

cartographers, cryptographers that were actually involved in

creating the, the newer algorithms that were

rolled out by nist. So yes, I think that guy is an IBM or. He's

a legend. Yeah. So like it's interesting because like, and, and,

and you, you probably, if you've not read the book, you've definitely

encountered it. The big giant red or is it blue now?

Bruce Schneier book called Applied Cryptography.

Have you ever read that? Okay, all right.

So yeah, yeah, yeah. So anyway, like in, in that, in that there's

plenty of stories about how everyone thinks their, their algorithm is

secure until they release it into the world and then suddenly it's not.

Right. Because they make you make certain. I mean it's just like software, it's software

development. Right, Like. Right. It's your imprint.

Right, right. So how do

you explain quantum risk to a non technical

executive in a way that actually motivates action?

Okay.

And motivates action without panic. Motivates action

without panic. Okay. I think that's the million dollar

or billion dollar question now that we're in the age of Nvidia.

Trillion dollar question. Right.

So sorry. Yeah, yeah, so I'll do it

in the point of view of my, of

my research topic. And the reason is because I'm accustomed to

audiences not being having

quantum experience, so I'm more comfortable

saying it that way. So for your

supply chain, you want to make

sure that not only the information

and the data that's being going from

one node to the next is protected, but you

also want to make sure that the

adversaries don't

enter the databases and the

infrastructure of the people that are

Trusted in within your supply chain. So there

were different instances where

software that was corrupted

got implanted and into the supply chain into

one, no weak node of the supply chain. And it impacted

governments, it impacted other, it impacted

everyone within the supply chain. So in order

to avoid not only people stealing your data,

but that's within that ecosystem,

but also having access to.

You want to make sure if this is, if this is the

state of how things are now

without the threat of

cryptographically relevant quantum computer, then we're, we're

further doomed. Right? It's, it's only going to, to get

worse. But I know I'm not doing a good

job of not making the scare tack is. Right. No, no, no. But, but I

mean like this is, I mean I think you're doing a great job because you're,

because you're right. Like it's not going to get any better on its own left

to its own devices. It is, it is going to get worse right from

here on out. Right. Because you have four for every developer you have.

We had another podcast guest talk about the

builder mentality versus the

attacker mentality. Right. And for every

builder you're going to have,

I think just the economic incentives of it. Before you

go into the geopolitical kind of Game of Thrones stuff.

Right. There are more incentives to

be an attacker than a builder. Definitely.

Definitely. So I think that

conservatively saying, you're talking about a five to one forever your

builder, you have, you probably have at least five attackers. And I think that's,

that's being conservative. It's probably way worse than that. Right.

And then with the builders, they have the, they have

constraints, right. So companies aren't going to invest

millions of dollars to protect something that, you know,

it's not as tangible or

something that, you know, they take a chance. Right. So

it's the risk that they know versus the risk that they

don't know. So it's like they're going to take on a known risk as

opposed to an unknown risk. And it just so happened to

be that that unknown risk may be protecting

itself against threat of a quantum computer.

So in your view, what are the top misconceptions that

leaders have about quantum technologies?

I think we've talked about this a little bit. One of the

top misconceptions is that it's decades away.

That's one top misconception. Another top

misconception is that it's just some

piece of hardware that does magic or

whatever. Another

misconception is that

I think that leaders think that the workforce

won't be prepared for it. I

do think that

we can upskill and we can retrain the

workforce to be able to make that adjustment. I mean,

we're doing it for AI and everyone that

is in the technical field know that you always have to be

constantly learning the latest and greatest

and constantly refreshing your skills.

I'm keeping it high level. Another

misconception is that it's going to cost

a lot of money or that I have to have my own

quantum computer. You don't. It's very expensive.

But another misconception is

that it's only for

researchers. It's on the academic

level and only researchers and PhDs

can do problems on it. But, you know,

partnering with researchers and partnering with

schools and other research

labs and companies

and finding use cases that

you're able to work with

a group of experts on, because you can

have the business view and they can have the algorithm or the

scientific view on how we can approach this problem.

I do think that it's not a field where

only people who have PhDs in quantum physicists can thrive

in. I do think it is going to take a

diverse group of thinkers from various backgrounds

thinking different ways to be able to address a

problem. And I think it's going to really transform how

executives make decisions. So

I don't see it as something that's going to disrupt the

market and replace all of class. No, we're still

going to have a laptop. We're not going to have a quantum computer in our

homes or quantum iPads or

quantum, you know, tablets for our kids. But I

do think it is going to transform

how we make decisions, how we make business decisions. And,

and it's going to be for the better. That's a good way

to put it. Right? Because I think, I think you're right. Like, you don't need

to be a PhD, you don't need to be a quantum researcher or a cryptographer.

Right? Like, you know, you don't need to understand all

the math behind it. But if you understand what's at risk here, and

you know, the cliche is, you know, big company has

a breach, right? Their stock tanks and all that,

all that financial drama. But the next day or two days later on LinkedIn,

what do you see? Infosec job openings for same company.

Right. I'm trying not to call anyone out in particular, but there was one.

There was one. It's not good karma. And like

some of them may or may not be customers of any one of our companies.

Now I'll Just stop right there. Right. But like, there's a

screenshot on LinkedIn, I'm sure elsewhere too, of like, you know, the

headline, the job openings, right? Which begs the question,

did they not value this prior to the breach?

Exactly. It's looking that way. Right. Because no one wants to see. My

wife has worked in some form of IT security for, I

don't want to say a number of years because I'll get in trouble, but

no one's happy when security comes knocking on the door,

right? Because especially developers, right? Because they're like,

I don't want to have to do that, you know? Right. Like, you want to

think security last. Right. If at all. Right. And it's even

worse, I think, with hardware companies, right?

Particularly consumer hardware companies. Right? Like, you

know, you probably heard the joke, The S in IoT stands for security,

right? Because it's never thought of, right. Or even just

resilience testing, right. Some of this is just good business practices, right? Like

when US East 1 went down on AWS, right? Not

calling them out, but, you know, outages happen. There was

a company that sold a smart bed. Did you hear about

this? That the bed would not

respond to. Like it was like one of those Craftmatic beds or

whatever. Like, it would beat up, it would go down. Like it would raise your

legs or whatever, but needed an

Internet connection to just

move the stupid bed. So it was literally stuck in

like whatever position until US east one came back,

right? And it's just like as a. As an architect, as a, you

know, as a developer, I'm like, how would you. Like you would not. Maybe I'm

just old and I remember the pre Internet days, right? Like, or when Internet

was Internet connections were very unreliable. Like, really, you

could just cache the data locally, you know,

do what the user wants and then cache it locally. I don't know, like, of

course it's, you know, I heard the best phrase the other day. It was the

easiest position on the team is the. The armchair quarterback.

So. Sorry I cut you off, Candace. No,

no, that's okay. I was thinking about, you know, you're. You're at a

really great intersection, right? You're. You're in highly

technical content, but you're also involved in

business best practices and supply chain.

So what kind of leadership lessons have you learned from

working at that intersection? Okay,

that's a very good question. So

one thing I did with one of my major clients,

leading the delivery of a

quantum safe transformation, one thing I did

was I looked up their values of

that company. I looked up the core values of that company and also

looked up the data that they had about

what the employees, how the employees feel about

those values. And so I picked three

things, right? So two things that really stuck out to me for that

client was they value technology

and they value innovation, but their feelings about

it is that they're not sure if they're able

to execute on it. Right. And another

key value that was by this

company was that they didn't have a

good feeling about

contractors or other companies coming in, closing the

deal, finishing what they started. So

I picked those two and that was the source of

our objectives and our key results. Number one, we're

going to make sure that they feel like they are in the driving seat

when it comes to this technology and innovation. We're going to

educate them as much as possible, but we're going to follow

their lead, but guide them at the same time. So that way

since we know they value innovation, that they feel like they

have a seat at the table. And the second thing we're going to do is

we're going to make sure we execute. We're going to communicate

our plan and we're going to show up and we're going to do

executive reports, we're going to do final reports, we're going to meet,

we're going to make sure they see the progress

and that did a huge impact on that

client and have follow up business. So

being in a leadership position and seeing

how really taking a look at not just what the

company you're working with, their core values are, but also

how they feel about those core values and acting accordingly,

really had a major impact on that engagement

and a potential follow up engagement with them.

It's fascinating. Thank you.

Interesting, because everyone can make a shiny toy, but

if no one wants to play with it or no one knows how

to operate it, they're just gonna put it to the side and

collect dust. But it was

a true lesson. And in

delivery and client success,

you. Know, in the broader picture, how should

organizations prepare for the talent needs

that they're going to have as tech like quantum computing and

advanced cybersecurity evolve?

Okay,

Get on IBM's Quantum website and take the free courses. I'm

just going to say it. We've been providing free coursework

not just with Quantum, but also with Quantum. Safe

free coursework, free certifications, free badges,

so many opportunities, YouTube channels, you can

learn for free. So

I think if clients

are, I mean, if companies focus more on

growing the interests and the passions of their

individual employees and I know that's hard because the purpose of business

is making money, but

having, I'm sure most companies have quantum champions,

people that are passionate about it and that like you, you both are

and that are quantum enthusiasts and, and read about it,

you know, in your spare time. Lean on these folks

and supporting them in every

aspect of getting the learning and the training, training that

they need. And not just the learning and the training. There's

hackathons, there's actual, you know, there's developer

conferences, there's so many opportunities to, to test

out that knowledge by, by having hands on experience

and creating an algorithm. So I think there's,

there's lots and lots of

artifacts, there's lots of things out there for

them to learn. So as a company you don't

have to recreate the wheel. IBM has done a lot of the work

for you already and they're providing for you for free because

we want our clients to be successful. And it is

one of the main concerns of our

clients. Like we, if we

purchase access to this quantum computer, who's going to program

it or who's going to create the algorithm?

Our leadership was aware of that. We've put things

in place to continue

providing educational content for

free to educate our next

generation of quantum developers. And I think that's good too.

Right. You know, IBM is recognized early that there is going

to be a pipeline shortage in the future. And the best way to know

the whole thing, the planting a tree. Right. You know, and I

will say, like even though I work for Red Hat, right. And this is not,

the show is not sponsored by Red Hat or anyway, it's completely independent.

Right. You know, and IBM,

IBM is the parent company of Red Hat, right. I don't want to put that

out there. Right? No, no, no surprises. IBM is

really one of the companies at the forefront, not just of quantum computing,

but the quantum training too. Right. With the, the kiskit stuff and

things like that. I think they created kiskit, if memory serves

too. Right. So like they're really at the forefront of this because I think they've

kind of, this is not IBM's first rodeo. Right. Like, you know,

IBM was there when the transistor came. Completely changed

what we thought of as computers or what's possible. Right. They were there during the,

you know, to this day they're called IBM PC compatibles. Right.

You know, so, you know, I think they kind of know

the long, the long haul picture of it. And fun fact, I don't know if

this came up in any previous Conversation you had with Candace. But Candace's

dad worked at IBM Research

in what, the 90s, 80s, 90s, like. Working on theoretical the 70s

through the 90s. But yeah, I mean his like theoreticals. In like quantum

stuff. Yeah, exactly. Nice. Right. I was that kid that go into school and didn't

know what her dad did for a living, you know, so. He was

your dad. That's what he did for a living. There you go. That's a great

answer. I love it. Yeah, I'm sorry, Frank, I cut you off. Go

ahead. Oh, no worries. That was, that was all I had.

So let me ask you this. How do you evaluate

whether an organization truly understands its crypto?

Agility, preparedness, versus just thinking

that they do? Ah,

so that's a good question. So we

do have a, an entire,

we have a software portfolio and

we do have an engagement where

we identified how prepared they are. And I talked

about it previously through the

software scanning tool, identifying their

cryptographic vulnerabilities

and the number that they have. Right. And so

from there we also identify if they have any

policies. Right, so. Or do they have a policy

team that

helps govern their cryptography,

their cyber security. And we also assess the

teams, the different teams that we will interact with. Right.

We take a look at their, if they have

lots and lots of applications or whatever

software they have, or whatever databases they have, we talk to

those database or software or application leads and

we can sort of, we have a questionnaires where we can assess where they are.

So what we're doing is we're, we have a heat map

and we go through that process, right? So in the

heat map, we ask a series of questions, we have a series of

interviews, and before we do any

scanning, we look at, you know, their

entire landscape of what needs to be protected,

and we ask questions based on

those items. We have, you know, certain categories. And

then based on their responses, we're able to create a heat map.

And the heat map actually show, okay, these, these

applications or these, this software that's

in the red. This, you know, these are the most

vulnerable. These are most at stake. And these are, you

know, really business, business relevant, right? So like, if

something happens to this, it can pretty much affect the entire business.

So we start off with that, that heat map and then from that

heat map we, we dive deeper,

right? So he heat map is on a higher level. Then we dive

deeper with the, the software tools

that we utilize and then we can get more details. And then,

so having the heat map from the top down and then the the

results from our software tools from a bottom up

we're able to come up with an action plan. And that

action plan prioritizes our findings from both the heat

map and the software tool results. And then once we have those

prioritized, we can provide them with a preliminary

roadmap. Right. So this preliminary

roadmap would ideally

give them from. You mentioned about. It's not going to take long. You're

dead on Frank, five to 10 years. So the roadmap can

be from five to 10 years long. Like we, we understand you're not going to

be able to do this in one year, but here are the things you can

do now and we provide that. And so I think I went

beyond your question. But

yeah. There'S a lot to think about is

there? And like there's no, it's the old

thing like there's no silver bullets but like if you don't think, if you do

nothing it's really bad. Doing nothing

is still something. So I learned that I like that in

dissertation. Right. So there's going to be an impact if you do nothing.

So and you just have to be prepared for what that is

or you, you will not be prepared for what that is. So,

so like if you, if you could go and, and advise

a mid sized enterprise today on preparing for

quantum era supply chain risks, what,

what three actions would you tell them to start with

immediately? Okay so the first

thing I would

tell them to do is to

take inventory of the

third party software vendors that you

have within your supply

chain network and I can explain more why later.

And the second thing I would tell them to do

is to, to work with them,

work with them in making their software

more secure. And the third thing I would tell them

to do is to really

communicate with everyone within that supply chain

ecosystem. It really should be first on, on what the weakness is

because you're only as strong as you know,

right. And that is definitely is the case with security

when the supply chain system. But the reason I say

to access the third party vendor software

solution is because found through my research that

this is. These are the weak points. A lot of times

the software vendors are reused

open source software and that's out for everyone.

So you're reusing this and it's even more vulnerable and it's easier

to inject bad

things into it to be able to, to, to

hack into whatever the adversary want to hack into.

So yes, thank you for giving me the space to talk about

my, my dissertation. I'm early on in it but

it's really, really help I talk

about it and the more questions that you all ask. Oh no, no,

it's like one of those things where it hits the nerve.

It hits the nerve that needs to be hit, right? Like how do you,

I mean any self improvement guru could tell you this, right? How do you, how

do you inspire action without inspiring panic, right? I'm sure

that, sure. Like that's, that's a tough, that's

a tough needle to thread, right? Like and I think

this is going to impact all of us, right? Like I don't think people really

realize that quantum computing isn't just hey look, you know, we'll get, you

know there will be that, right? We'll get better medicines faster, blah blah, blah blah.

Better materials like that will happen. But the thing that I think is and

you know, playing kind of the historical realist

here, right. Like what's driving investment in this largely is defense

and national security stuff right around the world, right? It's not just us.

Anybody with enough coin to throw at the problem

is throwing this coin at this problem. And that should tell you something

right there, right? And

you know, whoever figures this out first

and I think this also too, right, Whoever figured this out first is going to

have a significant tactical advantage. And I think also too like whenever

a functional quantum computer is actually built, we may never

know the first one. We'll know the second one probably,

but the first one is probably going to kept so there's such wraps for as

long as they can that. Because that's just. This is how

it works, right? It's not how it should work. But you know,

here we are. But no, I mean I think, I think, I

think, I think your, your dissertation really hits on a nerve of like how do

you educate people who are not educated. The people who can, can write the

checks, you know, the hippo as we like to call them, the highest paid person's

opinion. Ah, that's a good one. I have to take. Yeah, that's an old

Microsoft term so feel free to use it. Like more people need to know the

hippo, right? Like whoever, right? And the hippo is

not, you know, when we talk to startups like and things like that,

the person cutting the check for how much this quantum computer solution or quantum solution

is going to cost is not going to be a. Chances are they're not going

to have a PhD in quantum physics, right? Best you can hope for is an

mba, right? So how do you put that term

and how do you talk about this tech in ways they can understand. Right.

So what role do you see automation and

AI playing in helping organizations manage

their quantum era cybersecurity challenges? How,

how I see them, how I see automation

and AI helping in general

the supply chain ecosystem

is the

automation aspect being, I mean

really lowering the cost. Okay. Lowering transaction

costs. I just, I just studied this. So lowering the

transaction costs within the supply

chain system so the saving money

that way and the way it can help lower transaction

costs is automating

identifying products or automating finding

the right partner or

those types of things that

were more or less a manual thing previously,

but able to

shorten that that time or that

the space in between those two

nodes, supply chain nodes, whether it's a

transportation space or whether it's a, it's a time space

in getting from one spot to

one location to the next. But yes, I do

see

that in general for supply chain now for

quantum. Yes, there are lots of

machine learning

examples that can be

accomplished with both AI and quantum. And

I think that the use cases will

continue to, to increase.

I am looking forward to

the intersection of all of those. Right. So where we get to the point

where we're using AI and automation in a

way to make things better, you

know, repetitive operational

things, administrative things can be

done and that way the focus can be more on the

technical side. That is another way

I see time and space being

dedicated to the innovation

and nurturing, developing that innovation and

spending less time on the more operational

administrative tasks that can really

bog down the time of someone managing not just a supply

chain, but an entire ecosystem.

Interesting. That was a long way to that

I had to think it was a. Short question

with a long answer. Right. We've been at this as

a society like it work for,

I mean 60 to 40 to 60 years. Right.

And the larger the organization,

the same problems they all encounter, you know what I mean?

The secure bill of materials and all of this is really I think influenced

by. You build something, somebody breaks it and then you go back and fix

it. I think it's only been in the last maybe five, 10 years

there's been this kind of proactive approach, probably longer, but at

least I've only been aware of it for 5 to 10 year time

frame of you know, the red teaming, the blue teaming. Right. Like that sort of

thing, those types of exercises. And even then only

companies like IBM, Microsoft, those are two companies I worked

for that I knew that they had this. Right. And I, I talked with

people who's not in that field, you know, obviously red hat too.

But I just can't imagine, like, how would you

explain that 30 years ago? Well, what we're going to do is we're going to

have people try to hack you, but they're on our payroll, so they're okay. But

they'll report on like an incident. I mean, you can easily imagine.

I think there's a lot of people who are in kind of Fortune 500 leadership

today that, you know, they, they earned their,

you know, they earned their stripes or whatever analogy you want to use, like 30

years ago. Right. And they're kind of like in that government too, is actually

also in that, also in that space, barring some notable

exceptions. Right. So, like, how do you sell, I mean, ultimately, I think at

the end of the day, how do you sell being

proactive about this? Right. You know,

maybe it's like airbags and cars, right. Or seat belts and cars. Right.

Like, I, I, obviously it can't, it can't stop

accidents, but it can mitigate the risk of it. Right. Again, this is very

much top of my mind because of recent

events, but I mean, is that a good, healthy way to look at, is that

a good way to sell it to the hippos, so to speak?

I like this scenario that I've

used in the past. Let them know that you are

in a huge ship and you have to make

a turn in a tight spot, in a tight corner.

It's doable, but we have to start

now, right? Right, Right, right. Okay. We have to start

now. So this, this transformation is going to take some

time. And I know we can't do everything at once,

but if we start now, we can

gradually turn and get us going

in the right direction to where we achieve

cyber resilience. So.

Yeah, and that seemed to go over well. Cyber resilience,

I like that. Yeah, that feels strong. Awesome.

Yeah. Resilience, I think, is because you can't protect 100 of the

time. Right? Right. But resilience, right. Crumple zones and cars,

right. Like that sort of thing. For the next week or so, I'm. Probably gonna,

it's gonna be about cars. Yeah, cars. Because one of the worst things

about car totaling your car, aside from, you know, getting

injured, is you have to go shopping for a new car. And

that's just, I find that an unpleasant experience. But,

but I mean, like, you know, you can't predict, but you can at least mitigate.

Right? You can have the crumple zones, the airbags, the seat belts,

the, you know, anti lock brakes. Right. Like all those sorts of things. Right.

The good tires. Right. But, you know,

I think if you put it. I think everyone can kind of relate to that

as opposed to, you know, why am I going to pay these kids to try

to hack my site? You know, why am I going to do that? Right. I

could picture some, you know, somebody saying that with a gravelly voice, you know,

and it becomes. But. But I think if you kind of

see it as preventative kind of maintenance,

I don't know. I know we're coming to the top of the hour. I have

a hard stop, and I want to be respectful of your time, but this has

been a fascinating look to kind of like the overall notion

of this. And that's cool. Quantum safe, is it called? Yes,

yes. Cool. That's cool. I'm sorry, Candace.

No, I. Thank you so much for coming on. And, you know, we didn't even

get to really talk about the whole aerospace and defense

interest that you have, but. We do have another podcast in development

called Autonomous Warfare AI so just put that out there into the universe. So

hopefully by the time folks are listening, it's officially launched. But

I did register the domain name, so I do want to put that domain name

folks go to autonomouswarfare AI. You'll either see a signup

sheet or the actual podcast itself, depending on what happens between

here and when we launch season four. I do have one funny

story. If we have time on the aerospace

side. When I was at Honeywell

Aerospace, our team was responsible for creating,

like, over 60% of the cabin pressure control systems in the

world. And it was a small team of us, right?

And so one time I was flying with my family,

and the pilot got on and was like, wait a

minute, nothing's turning on. We don't know what's going on. We

can't do anything. I don't see any lights. And

so I had spent years in the lab, you know, with

the equipment that eventually went on

the airplane, you know, testing the subsystems, making sure

software, hardware, all that in the loop integration.

And so I. I yell out, do a

reset. Put

the off and on switch. And I don't know if they heard

me, but the pilot was like. And everything came

back on. He's like, oh, okay. I just turned it off and turned it back

on again. And the people around me start clapping. I was like, I'm not a

hero. I just been doing this in the lab. Every time stuff

hangs up, you know, the equipment hangs up, I just do a power. A

power reset and that and that does it. But, yeah, it reminds me of The

IT crowd. If you're. If you've not seen that show, it's. I think it's on

Netflix. You never seen that show? No. Oh my God. I

don't watch TV much. This is a show that's where at least the first

episode. It's hilarious. It's basically about this.

It. It. It's dated now. Like it's from like the early 2010s, but it's

basically a comedy about this. IT support department in this

posh British. They never explained what the company did, but they're basically

locked away in the basement. And it's like the support desk and the guy answers

the phone. Hello? Did you turn it off and turn it back on? Like that's

kind of. Yeah, it's always the first thing they ask you. But it's funny like,

and, and you could probably catch like clips of it on,

on YouTube and stuff like that. And there's like, you know,

every IT stereotype exists is like in

there. Whether it's the, the complete disrespect you get from

the higher ups to. To. Kind of, you

know, the, the socially awkward nerdy types working the work in the

D. It's funny. You'll enjoy it. I have to check it out

during my break. There you go. All right, so with that

we'll. It's a great place to end the show. We'll make sure in the show

notes, we have links to the IBM quantum safe program, the qiskit,

all the tutorial stuff and anything else of interest that you

would like to send. Send our listeners to. Yeah, sure, sure.

Definitely send them to the free training. So that'll be good.

Awesome. Awesome. Build your skills today. Because it's just like that

ship you're talking about, right? Like you're not. No one's going to be a Quantum

expert in 20 minutes. Right? There's not going to be that like, you

know, quantum computing for dummies type thing that you'll be able to read in 24

hours and then be an expert. Right. The. The time

to market and the time to learn is, you know, based on the time to

market. The time to learn is today. Obviously you can't be

like Candace's dad and start in the 70s, right. But the next best thing

is to start today. Yeah, yeah, yeah, yeah. Already started with my

8 year old. So we started with building a little

adult Legos computing chandelier.

So we're having fun. That's cool. Awesome. And

we'll play the outro music.

Quantum podcasts. They're breaking the mold Science has got beats

in bold and it's gold.

The multiverse is skanking Skanking in time? Black holes

are wailing in a horn line so fine From Planck scales to planets they're

connecting the dots Candace and Frank, they're the cosmic

hot shots.

Quantum podcast, turn it up fast Candace and Frank

blowing my mind at last Quantum podcast they're breaking

the mold Science has got beats it's bold

and it's gold.