Table of Contents
Introduction
Quantum computing stands at the intersection of immense promise and intense hype. As someone who had led cybersecurity teams (including serving as an interim CISO for Fortune 500 companies) and was now investing in a quantum computing startup, I found myself navigating two contrasting narratives.
On one hand, I am bullish on the future of quantum technology – convinced that within 15-20 years we’d see commercially viable quantum computers solving real problems. That’s why I am building Boston Photonics.
On the other hand, I had grown skeptical of the doomsday rhetoric vendors were using around the “quantum threat” to security in order to peddle their wares. I’d spent years running emerging tech risk labs to separate fact from fiction, and it was clear that much of the sales pitch around “quantum-safe” solutions is overblown.
I want to introduce what the quantum threat really is, call out the BS in vendor claims, and explain why I still wholeheartedly believe in quantum computing – enough to build a company around it.
The “Quantum Threat” to Encryption – Hype vs. Reality
Ever since Peter Shor discovered in 1994 that a future quantum computer could efficiently crack RSA and other public-key ciphers, security professionals have kept a wary eye on quantum developments. The quantum threat refers to this looming possibility that a sufficiently powerful quantum computer could break the encryption underpinning our digital world.
Ever since early 2000s, vendors were sensationalizing this threat. I sat through countless pitches warning that “quantum computers that can crack RSA are just around the corner” – some even claimed insider knowledge from agencies like the NSA to instill a sense of urgency. Frankly, most of these claims were nonsense. The reality is that no one had built a large-scale quantum computer yet. Not even close! Documents from the Snowden leaks underscored that even the NSA, despite its secretive $79 million research program, was “no closer to success than others in the scientific community” in building a cryptographically useful quantum machine. One internal NSA assessment spoke of “steady progress but little prospect of an immediate breakthrough”. In other words, the sky wasn’t falling next year – despite what some fear-mongering vendors wanted customers to think. Considering the state of the science today, the sky isn’t falling for another 20 years probably.
To be sure, a future quantum computer would be a game-changer for cryptography. The day such a machine “graduates from the lab” and becomes available, virtually all widely used public-key algorithms (RSA, Diffie-Hellman, ECC) would be vulnerable. But that day still appeared fairly distant.
Expert estimates varied wildly – a decade earlier, some had said a working quantum computer was “likely 10 to 100 years in the future,” whereas by now many in the industry see “every reason to be optimistic” yet still feel it “too soon to speculate” on an exact timeline. In a Washington Post interview, MIT’s Seth Lloyd cautioned he didn’t expect the kind of code-breaking quantum computer the NSA wants “within at least five years, [and] maybe much longer” absent a major breakthrough.
My own view is that 15 to 20 years was a reasonable horizon for commercially feasible quantum computers – ambitious but not overnight. This aligned with some industry predictions; indeed, a few engineers were already on record predicting that within two decades we’d have quantum machines powerful enough to break our current encryption schemes. That prospect does demand action (because our encrypted data needs to remain secure for years), but it’s not an excuse for panic or magical solutions.
Unfortunately, many security vendors jumped on the quantum buzz early, offering so-called “quantum-safe” products and implying they alone could save the day. I remember vendors peddling ultra-long encryption keys and proprietary ciphers, or pushing quantum key distribution appliances, all marketed with breathless claims. In reality, a lot of it was classic security snake oil.
One common pitch was that quantum cryptography (like QKD – quantum key distribution) provided “unbreakable” communication guaranteed by physics. In theory QKD is very cool, but in practice it’s nearly useless for most real-world security needs. QKD needs to solve many technical problems before it becomes useful – different types of problems than quantum computers, but at the similar scale of complexity. I expect we’ll have usable QKD only a year or a few before a usable quantum computer. So if someone is selling you a QKD solution today, escort them out of your office.
Let’s break down the reality of the quantum threat as we understand it:
Public-Key Cryptography at Risk: It’s true that if a large-scale quantum computer existed, algorithms like RSA and ECC would fall. Shor’s algorithm (running on a quantum computer) can factor large numbers and solve discrete logarithms exponentially faster than any classical method, rendering those public-key systems insecure. This is the core of the “quantum threat”. But no such quantum computer exists yet, and building one is an incredibly challenging engineering problem. The NSA’s own research had only reached the point of controlling 2 qubits in a prototype setup – a far cry from the thousands of stable qubits needed for breaking RSA.
Symmetric Cryptography Largely Safe: Even in a post-quantum future, not everything breaks. Quantum computers don’t completely upend symmetric ciphers and hash functions. They speed up brute-force searches quadratically (Grover’s algorithm), which is serious but manageable – it means an attacker could, for example, test $$2^{n}$$ possibilities in roughly $$2^{n/2}$$ steps. In practice, that translates to doubling key lengths to restore security (e.g. 128-bit keys would need to go to 256-bit) . So AES and other symmetric algorithms remain effective with some tweaks; it’s the public-key algorithms (RSA, Diffie-Hellman, elliptic curves) that face existential threat from quantum. This nuance often got lost in vendor scare stories that painted all encryption as doomed.
No Instant Crypto-Apocalypse: The day a quantum computer can crack 2048-bit RSA will indeed be a watershed – sometimes dubbed “Q-day.” But that day isn’t this year, and likely not in the very near future. As mentioned, experts were divided on timing, with estimates ranging from a decade to several decades out. The rational response isn’t to buy into every claim of “quantum-proof” products, but rather to start planning a transition to new cryptographic systems in a measured way. An analogy I often use is Y2K: we knew a far-off deadline (year 2000) would break certain systems, so sensible organizations prepared over years. Similarly, quantum-resistant encryption is being developed now so we can migrate in time – there’s no need for panic purchases years too early, but there is a need for serious long-term planning.
Cutting Through the Noise as a CISO
Given my background in cybersecurity, I had the benefit of a BS detector when it came to quantum claims. Since the early 2000s, I’d had vendors try to sell me “unbreakable” encryption and million-bit keys, invoking quantum computing as a boogeyman to justify their exotic solutions. Part of my other job – running emerging tech risk labs for governments, defense agencies, and enterpises – was to actually test and research these kinds of claims. This experience taught me a few valuable lessons:
Extraordinary Claims Need Extraordinary Evidence: If a salesman claimed “we have a secret algorithm that even quantum computers can’t crack,” I know to be skeptical. Often these are just old ciphers with longer keys, or proprietary schemes that hadn’t been vetted by the cryptographic community. More often than not, they turned out to be weaker than standard crypto! As a rule, any proprietary “quantum-safe” algorithm that isn’t openly analyzed by experts is likely snake oil. Established public algorithms, even if quantum-susceptible, are at least well-vetted against classical attacks – I’d take AES-256 over some obscure cipher with wild security claims any day.
Quantum Hype Outpaces Reality: The phrase “quantum computing” sells, and some vendors leaned into it irresponsibly. An example is the Canadian company D-Wave. D-Wave markets itself as the first commercial quantum computer company and has even sold a $10 million machine to Google and NASA. This generated huge buzz – a computer using quantum physics! And indeed, D-Wave’s device does use quantum effects (quantum annealing) for specialized optimization problems. But here’s the kicker: it can’t run Shor’s algorithm and can’t factor numbers to break encryption. Their computer, by its design, cannot run Shor’s algorithm. Not all “quantum computers” are the same. In other words, D-Wave by design poses zero threat to RSA. Again, if someone is selling you quantum-safe solution based on D-Wave news, walk them out.
Stay Informed by Research, Not Rumors: One advantage I had by running a tech risk lab was direct access to scientists and up-to-date research. We collaborated with academics and attended conferences where actual quantum progress (and setbacks) were discussed candidly. This helped immunize me against the steady stream of rumors (“The NSA must already have a secret quantum computer!“) that vendors sometimes invoked. In truth, if any group was ahead in the quantum race circa, it might have been classified government labs – but even they hadn’t gotten over the fundamental hurdles, according to the evidence we saw. The physics challenges (qubit stability, error correction, scaling) were (and remain) enormous. Whenever I hear a claim, I’d ask: What published evidence or peer-reviewed result supports that? If the answer is none, I comfortably tune out the noise.
Prepare, Don’t Panic: My mantra for quantum risk management is “plan for the eventual threat, but ignore the sensational timelines.” The smart players in industry and government are indeed already starting to prepare. Knowing that mitigating all of the crypto in their organization could take a decade or more. There is active research into post-quantum cryptography (PQC) – encryption algorithms designed to resist quantum attacks. In fact, academic conferences like PQCrypto (running since 2006) and standards bodies like ETSI were hosting workshops on “Quantum-Safe Cryptography” to spur development of these next-gen algorithms. The idea is to replace vulnerable public-key systems with lattice-based cryptosystems, hash-based signatures, code-based encryption (like the venerable McEliece scheme), and other math that quantum algorithms (so far) can’t crack. This field is still relatively niche, but growing fast. In coming years we can expect to see quantum-safe algorithms vetted by the cryptographic community and proposed as standards by the likes of ETSI and NIST. As a CISO, you should be aware of PQC and even experiment with early implementations – not because quantum computers were coming tomorrow, but because upgrading cryptography across a large enterprise or government can take many years. Migration needs to start soon, and that means doing the R&D now. But importantly, I would advise against buying into any single vendor’s “quantum-safe” product prematurely. The real solutions would come from open standards.
In summary, cutting through the noise meant staying grounded in science and engineering realities. The quantum threat is real in theory – one day, cryptography as we know it will need to change – but it’s not an existential crisis unfolding overnight.
Why I’m Still Bullish on Quantum Computing
Given all the caveats above, one might wonder why I’m investing my own time and money into a quantum computing venture (my company, Boston Photonics). The answer is simple: the long-term potential of quantum technology is astounding, and I firmly believe it will pay off on roughly the 15- to 20-year timeline I envision. Being a realist about the current limitations does not make me any less of an optimist about the future breakthroughs. In fact, my experience in cybersecurity has taught me that disruptive tech does eventually deliver, if you’re willing to sift through the hype and stay the course.
Here’s why I’m bullish on quantum tech:
Technical Progress is Steady (if not Spectacular): Every year, scientists are hitting new milestones. It’s reminiscent of the early days of classical computing – the first transistors and microchips were rudimentary, but they improved on an exponential curve. While we don’t yet have a quantum “Moore’s Law,” the trajectory is clear. Governments and industry giants are investing heavily in research. The NSA’s focus on quantum may have been secret until Snowden exposed it, but it underscores that multiple nations and companies are in this race. No one knows whether the breakthrough will come in 5, 10, or 20 years, but betting against human ingenuity in the long run would be foolish. I liken it to the space race – it took years of R&D to achieve a moon landing, but once the foundational tech was figured out, progress accelerated. I see quantum computing on a similar path: a slow start, then a rapid advance. That’s why I’m investing now – to be at the forefront when the technology really takes off.
Early Commercial Uses Exist Today: A common misconception is that quantum tech has no practical use until a universal quantum computer arrives. Not true! There are quantum technologies already generating value in the nearer term. One example is quantum sensing. By exploiting quantum properties, sensors can achieve extraordinary sensitivity – for instance, magnetometers based on quantum effects can detect minute changes in magnetic fields useful in medical imaging or navigation. Quantum clocks (ultra-precise timekeeping) and quantum gravimeters are other examples. These may not grab headlines like code-cracking computers, but they represent a quantum-enabled revenue stream even today. Another area is quantum randomness: devices that use quantum processes to generate true random numbers (for cryptography and lotteries) are commercially sold. Quantum key distribution (QKD), while not a broad solution for all, is finding niche uses securing high-stakes fiber optic links (for example, banking or government data centers between cities) where cost is no object. My company’s strategy is to leverage some of these adjacent quantum technologies (sensing, communications) to build products now, establishing expertise and market presence, while we develop more complex quantum computing capabilities for the future. It’s a way to have a foot in today’s market and the future one simultaneously.
The “Quantum Advantage” Will Transform Industries: The ultimate promise of quantum computing isn’t just breaking cryptography – that’s almost a side effect (and as a security person, I plan to neutralize that with post-quantum crypto anyway). The positive applications are what excite me. Quantum computers could revolutionize drug discovery by simulating molecular interactions at a level of complexity impossible for classical computers. They could optimize logistics and supply chains, tackle climate modeling, enable new materials science breakthroughs – the list goes on. These use cases remain speculative, but so were the uses of classical computers in the 1940s. We have early evidence of quantum algorithms offering exponential speedups for certain problems (Shor’s algorithm for factoring, Grover’s for search). As a technologist, I’m energized by how quantum computing might unlock solutions to problems we’ve deemed intractable. Yes, there’s a lot of work to be done – we may need error-corrected quantum systems with millions of qubits. But if and when we get them, the impact could be as profound as the digital revolution, perhaps more. I want to be part of making that happen.
Timing and Risk Appetite: From an entrepreneurial perspective, this feels like the right time to dive into quantum. It’s early enough that breakthroughs can still come from startups (not just Big Tech), yet the field has matured past pure theory – we’re now engineering prototypes. There’s a saying in investing: “Be early, but not too early.” I’d argue quantum tech is at that inflection point. Being a bull on quantum computing doesn’t mean I believe in overnight miracles; it means I anticipate a gradual, hard-earned rise that will justify the investments made now. Could I be wrong on the 15-year timeframe? Absolutely – we might hit unforeseen roadblocks and take longer. But even if it takes 20 or 30 years, the journey will spawn valuable innovations (and businesses) along the way. To me, the risk of not engaging with quantum tech is greater – I don’t want to wake up in a decade to find that we missed the quantum boat because we were too cynical early on.
In short, my enthusiasm for quantum computing is tempered by realism, but it is unshakably present. I often say I’m a skeptic in the short term, and an optimist in the long term. Skepticism helps cut through the BS (so we don’t chase every shiny claim), while optimism fuels the persistence needed to achieve big technological leaps.
Conclusion
I’m struck by how dualistic my mindset is, and I suspect I’m not alone. On one side, I’m calling out the hype: the quantum threat to cybersecurity is real but exaggerated in the near term, and many vendor claims are opportunistic noise. I’ve seen first-hand that a lot of what’s sold as “quantum-safe” security is more about marketing than about mature technology. There’s no quantum magic around the corner that only a select few insiders know about – if anything, the insiders (researchers) are generally more measured in their predictions than the marketers are. I take comfort in facts like these: the NSA hasn’t cracked the world’s encryption yet with a quantum computer (we’d know if they had, trust me); D-Wave’s much-touted machine can’t break your VPN; and your encrypted emails aren’t suddenly readable by some kid in a garage with a quantum laptop. We will have to upgrade our cryptography in anticipation of future quantum computers, but we can do that methodically by following the science – adopting post-quantum algorithms that experts are already working on, rather than falling for fear-based solutions.
On the other side, I’m genuinely excited – excited enough to stake my career on it – about what quantum computing will become. The bullish side of me sees a revolution in the making. It sees quantum technologies bringing new capabilities (in computing power, sensing, communication) that were previously unimaginable. It sees a future where, yes, we have to reinvent our security tools (and we will – cryptography has reinvented itself before and survived), but also a future where we solve complex problems faster and better than ever before. In a way, being a security professional prepared me to appreciate quantum computing’s impact: it taught me how fundamental certain computations (like factoring primes) are to our current systems, and thus how earth-shattering it will be when those computations become easy for quantum machines. That’s simultaneously scary (for security) and thrilling (for everything else we can do with that power).
In short, quantum computing is worth the investment and the effort, even as I remain clear-eyed about the timelines and skeptical of grandiose claims. I often find myself in meetings switching hats – from the CISO hat, saying “Calm down, the quantum apocalypse isn’t here yet,” to the innovator hat, saying “Gear up, because quantum supremacy (when it eventually arrives) will change the world.” This balance of caution and optimism is, I believe, the healthiest way to approach any emerging technology.
