Back to Post-Quantum Phase 01 · Post-Quantum

PHASE 01 — CRYPTO INVENTORY

Every certificate, key, library, protocol, and firmware signer — catalogued with exposure score and HNDL risk.

Duration

4 weeks

Deliverable

Live inventory + risk map

Depth

Code, config, network, hardware

Why it matters

YOU CAN'T MIGRATE WHAT YOU CAN'T SEE

Most organizations discover, partway into a PQC migration, that they don't know where their cryptography lives. Third-party libraries. Firmware. Old code signers. Protocol upgrades that regressed. The inventory isn't a preamble to the migration — it is the first half of it.

What we deliver

A LIVING CRYPTO CBOM

01
Source code scan
AST-level scan of every repo: algorithms, parameters, key sizes, deprecated primitives. Wired into CI so drift is caught.
02
Runtime inventory
Actual TLS handshakes, IKE exchanges, signing operations — observed in production and correlated to the code.
03
Third-party + firmware
Library SBOMs, appliance firmware signers, HSM algorithm lists, vendor questionnaires.
04
HNDL risk map
For each asset: confidentiality half-life, adversary interest, harvest-now-decrypt-later exposure. Your migration priority order.

By the numbers

Weeks

CBOM

Crypto bill of materials

Live

Not a one-time report

START A Q-DAY BRIEFING

A 60-minute executive briefing tailored to your sector, crypto inventory, and regulatory exposure.

Begin intake