We designed this guide so you don’t have to read it cover to cover. Different roles need different chapters. Here’s where to start depending on what you’re trying to accomplish.
The Reader’s Legend#
■ THE CISO / SECURITY LEADER “I need to brief my board, justify budget, and understand our compliance exposure.” Start with: Ch 1 (The Quantum Threat) → Ch 2 (What’s Vulnerable) → Ch 4 (Regulatory Landscape) → Ch 6 (Migration Roadmap)
■ THE SECURITY ARCHITECT “I need to design our crypto-agile architecture and plan the migration phases.” Start with: Ch 3 (New Algorithms) → Ch 5 (Crypto Discovery) → Ch 6 (Migration Roadmap) → Ch 7 (Hybrid Mode) → Ch 8 (Protocol Deep Dives)
■ THE NETWORK / SECURITY ENGINEER “I need to know what changes in TLS, IPsec, SSH, and PKI—and what breaks.” Start with: Ch 3 (New Algorithms) → Ch 7 (Hybrid Mode) → Ch 8 (Protocol Deep Dives) → Ch 9 (Day-2 Operations)
■ THE FEDERAL / DoD PROGRAM MANAGER “I need to understand compliance timelines, procurement language, and ATO impact.” Start with: Ch 4 (Regulatory Landscape) → Ch 5 (Crypto Discovery) → Ch 6 (Migration Roadmap) → Appendix (Compliance Checklist)
Chapter Quick Reference#
| Ch | Title | You’ll Walk Away With… | Depth |
|---|---|---|---|
| 1 | The Quantum Threat | Board-ready explanation of why PQC matters now | Conceptual |
| 2 | What’s Vulnerable & What’s Not | Clear map of which algorithms and protocols are at risk | Moderate |
| 3 | The New Algorithms | Plain-language understanding of ML-KEM, ML-DSA, SLH-DSA | Moderate-Technical |
| 4 | The Regulatory Landscape | Consolidated mandate timeline with what’s law vs. policy | Strategic |
| 5 | Cryptographic Discovery | Step-by-step methodology for building your crypto inventory | Hands-On |
| 6 | Building Your Migration Roadmap | Phased migration plan template you can adapt | Strategic-Technical |
| 7 | Hybrid Mode | How to run classical + PQC side by side during transition | Technical |
| 8 | Protocol Deep Dives | What changes in TLS, IPsec, SSH, and PKI specifically | Technical |
| 9 | Day-2 Operations | Monitoring, tuning, and sustaining a PQC environment | Operational |
| App | Appendices | Glossary, algorithm cheat sheet, compliance checklist, links | Reference |
Conventions Used in This Guide#
Throughout this book, you’ll see a few recurring elements designed to help you navigate quickly:
⚠ MANDATE ALERT Highlights specific compliance requirements with dates and sources. If you’re in a regulated environment, don’t skip these.
PLAIN-LANGUAGE SIDEBAR When we need to explain a complex technical concept, these sidebars give you the “tell it to me like I’m briefing the general” version alongside the technical detail.
F5 PERSPECTIVE Clearly marked sections where we show how F5 capabilities map to a specific migration challenge. Vendor-neutral guidance always comes first. Skip these if your stack doesn’t include F5—you won’t miss any core content.