A Field Guide to PQC Migration: Tactics, Techniques, and Procedures

Описание: Mark Carney reveals Santander’s open-source toolkit and OODA loop for large-scale PQC migration.

SANS Emerging Threats Summit 2025

Bank-grade roadmap—see how Santander maps, monitors and modernizes cryptography for Q-day.

Mark Carney, Head of Quantum Tech, Santander Global Tech, shares an agile “OODA loop” for continuous discovery, decision and action. He details CodeQL queries that scan millions of lines for weak ciphers, cryptomon eBPF sensors capturing live TLS/SSH suites, and a GitHub-based cryptographic Bill of Materials that treats standards as code. Regulatory drivers and data-retention math set priorities; Mark shows risk heat-maps aligning crypto fixes with business impact. Open-source tooling links allow teams to replicate the approach and cultivate internal champions who keep momentum.

Key Takeaways
Use CodeQL & eBPF to inventory code and traffic cryptography

GitHub “crypto-as-code” delivers audit trails and rapid updates

OODA loop turns inventory into repeatable improvement cycle

Q-day timing tied to data-lifetimes and compliance mandates

Success depends on cross-functional champions, not just tools

View upcoming Summits: http://www.sans.org/u/DuS

#EmergingThreatsSummit #PQMigration #CryptoModernization