Resources
Cryptographic resilience, in practice.
Practical guides on cryptographic inventory, CycloneDX CBOM, post-quantum migration and EU regulation (DORA, NIS2, CRA) — written by a practitioner, not a marketing team.
DORA · ComplianceDORA Article 9 & cryptographic resilience: why it starts with a crypto inventory
What DORA and its RTS actually require for cryptography — and why a CBOM is the practical foundation for compliance and post-quantum readiness.
CBOM · CycloneDXWhat is a CBOM? The CycloneDX 1.6 Cryptographic Bill of Materials, explained
What a CBOM captures, a concrete CycloneDX 1.6 example, and how it generates — the foundation for post-quantum and compliance work.
Post-quantum · NIST FIPSPost-quantum migration roadmap: ML-KEM, ML-DSA & FIPS 203/204/205
What the NIST standards replace, how to prioritise by risk, and how to plan migration in waves toward crypto-agility.
HNDL · Quantum riskHarvest now, decrypt later: how to assess your HNDL exposure
The quantum risk that is already happening — and a practical method to quantify and prioritise it across your estate.