A Field Guide to PQC Migration: Tactics, Techniques, and Procedures
Mark Carney reveals Santanderās open-source toolkit and OODA loop for large-scale PQC migration. SANS Emerging Threats Summit 2025 Bank-grade roadmapāsee h...
SANS Institute
672 views ā¢ Jun 2, 2025
About this video
Mark Carney reveals Santanderās open-source toolkit and OODA loop for large-scale PQC migration.
SANS Emerging Threats Summit 2025
Bank-grade roadmapāsee how Santander maps, monitors and modernizes cryptography for Q-day.
Mark Carney, Head of Quantum Tech, Santander Global Tech, shares an agile āOODA loopā for continuous discovery, decision and action. He details CodeQL queries that scan millions of lines for weak ciphers, cryptomon eBPF sensors capturing live TLS/SSH suites, and a GitHub-based cryptographic Bill of Materials that treats standards as code. Regulatory drivers and data-retention math set priorities; Mark shows risk heat-maps aligning crypto fixes with business impact. Open-source tooling links allow teams to replicate the approach and cultivate internal champions who keep momentum.
Key Takeaways
- Use CodeQL & eBPF to inventory code and traffic cryptography
- GitHub ācrypto-as-codeā delivers audit trails and rapid updates
- OODA loop turns inventory into repeatable improvement cycle
- Q-day timing tied to data-lifetimes and compliance mandates
- Success depends on cross-functional champions, not just tools
View upcoming Summits: http://www.sans.org/u/DuS
#EmergingThreatsSummit #PQMigration #CryptoModernization
SANS Emerging Threats Summit 2025
Bank-grade roadmapāsee how Santander maps, monitors and modernizes cryptography for Q-day.
Mark Carney, Head of Quantum Tech, Santander Global Tech, shares an agile āOODA loopā for continuous discovery, decision and action. He details CodeQL queries that scan millions of lines for weak ciphers, cryptomon eBPF sensors capturing live TLS/SSH suites, and a GitHub-based cryptographic Bill of Materials that treats standards as code. Regulatory drivers and data-retention math set priorities; Mark shows risk heat-maps aligning crypto fixes with business impact. Open-source tooling links allow teams to replicate the approach and cultivate internal champions who keep momentum.
Key Takeaways
- Use CodeQL & eBPF to inventory code and traffic cryptography
- GitHub ācrypto-as-codeā delivers audit trails and rapid updates
- OODA loop turns inventory into repeatable improvement cycle
- Q-day timing tied to data-lifetimes and compliance mandates
- Success depends on cross-functional champions, not just tools
View upcoming Summits: http://www.sans.org/u/DuS
#EmergingThreatsSummit #PQMigration #CryptoModernization
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
672
Likes
16
Duration
13:45
Published
Jun 2, 2025
Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.