How prepared are organizations for a world where today's encrypted communications could be quietly stored and cracked years from now? In this episode of Tech Talks Daily, I sat down with Nate Jenniges, Senior Vice President and General Manager at BlackBerry, to talk about why the conversation around quantum computing is moving from academic curiosity to operational reality.
For many leaders, quantum threats still feel distant, something for researchers and cryptographers to worry about. But as Nate explained, governments and adversaries are already capturing encrypted data today with the expectation that it can be decrypted later when quantum capabilities mature.
This idea of "harvest now, decrypt later" attacks completely changes the timeline for security planning. If sensitive information needs to remain confidential for five, ten, or even twenty years, the exposure may already have started. That means the challenge is no longer theoretical. It is becoming a strategic issue that boards, CISOs, and government leaders must begin addressing right now.
One of the most interesting parts of our conversation focused on something many people rarely think about. Metadata. While encryption protects the content of a message or phone call, the surrounding patterns often reveal just as much. Who spoke to whom, how often, from where, and at what time can tell a surprisingly detailed story. With modern analytics and AI tools, these patterns can expose command structures, business relationships, or crisis response activity even if the message itself remains encrypted.
Nate explained why this is becoming a frontline issue in the emerging post-quantum era. As organizations integrate AI into communication platforms, new forms of metadata are emerging from model interactions, system queries, and inference activities. That means protecting communications requires a broader view than simply upgrading encryption algorithms.
We also explored how governments and highly regulated sectors are preparing for this shift. BlackBerry today operates in a very different space than many people remember, focusing on identity-verified, mission-critical communications used by governments and institutions that cannot afford uncertainty. These systems are designed to operate during the moments that matter most, whether that involves cyber incident response, national security coordination, or emergency response to climate-related events.
Another theme that stood out was the leadership challenge behind quantum readiness. Nate believes organizations should avoid treating quantum as a separate security initiative. Instead, it should be integrated into the technology refresh cycles that companies already manage, including hardware updates, software upgrades, and certificate renewals. The organizations that begin asking the right questions today will avoid scrambling later when regulatory expectations tighten and deadlines arrive.
By the end of our conversation, one message became very clear. The first real defense in the post-quantum era may not come from stronger encryption alone. It may come from understanding and controlling the communication patterns and metadata that surround every digital interaction.
As quantum computing research accelerates and governments begin setting deadlines for post-quantum security readiness, the question becomes increasingly hard to ignore. Are organizations truly prepared for the communications challenges that the next decade may bring?
Useful Links
[00:00:04] Quantum computing has been talked about for years, but what happens when it stops being theoretical and starts reshaping the very foundations of digital trust? Well, today we're going to be stepping into a conversation that feels urgent, grounded and indeed very real.
[00:00:22] Because while many organisations are still debating timelines, adversaries are already capturing encrypted data and doing so with the hope of decrypting it later when the technology is ready. So that phrase, harvest now, decrypt later, is no longer something confined to research labs. It's actually influencing boardroom discussions and operational planning right now. So my guest today is going to be joining me from BlackBerry.
[00:00:52] And if you think you know BlackBerry, you might be surprised because the company today is focused almost exclusively on mission-critical identity verified communications and doing so for governments across the G7 and G20, as well as regulated industries from finance, healthcare and critical national infrastructure.
[00:01:13] These are environments where reliability, resilience and trust, they're non-negotiable in these areas, especially during cyber incidents, climate emergencies or national security events. So my guest today, I'm hoping it will help us all get a better understanding of why quantum readiness is no longer confined to a future initiative, but a present day responsibility.
[00:01:39] So today we'll explore why upgrading encryption alone will not be enough and how metadata is becoming the frontline defence in the post-quantum era and why leaders who understand their communications patterns today will be far better prepared for what's waiting ahead. So if you're a CISO, a board member or anyone interested in protecting sensitive data that must remain confidential for years to come,
[00:02:08] I'm hoping today's conversation will give you clarity and the direction that you need. But enough scenes setting from me. Let me officially introduce you to my guest right now. So thank you for joining me on the podcast today. Can you tell everyone listening a little about who you are and what you do? Hi, Neil. Great to be here. I'm Nathan Jenigas, Senior Vice President and General Manager of our BlackBerry Secure Communications Business. I lead our product strategy and execution.
[00:02:38] So our engineering teams, operations, support services teams. I've been in the technology industry for 25 years. Before BlackBerry, I was at McAfee, Dell and Motorola. So I've been in mobile and communications and technology and cybersecurity my entire career. And today I'm deeply focused with my teams around the two forces that we see, AI and the quantum computing and what that means for organizations.
[00:03:05] And there are most sensitive communications because really the window to act is, I think it's narrowing faster than most people realize. And I'm glad you mentioned quantum computing. Now, I go to enough tech conferences to know there's a lot of concern around what could happen if the cryptography that we all take for granted gets hacked or compromised by the quantum computers there.
[00:03:29] So I'm curious, when you're looking at the pace of quantum research and investment indeed around the world, how real is this threat of harvest now, decrypt later attacks for governments and regulated industries right now? Because we hear so many big stories around it. And why should leaders be thinking about this as maybe an operational issue rather than some distant research topic that may or may not happen? Yeah, I don't believe it's hypothetical.
[00:03:57] I talked to a lot of the top governments in the world and I know they don't believe it's hypothetical. They know adversaries are actively capturing your crypto data today. So if you're protecting any kind of communications or records that you need to stay confidential, say in five, 10 years from now, your exposure has already started. That's why it's not an operational issue. And you look at the investment that's happening. I saw like there was $33 billion in global quantum R&D last year.
[00:04:27] That means we've got major race happening across nation states. And if some of the consensus, you know, this could happen in the early 2030s where we start to break this. And you're seeing the governments react already. And the reason you can't wait, you can't just think it's some operational thing is a lot of the things that you really need to secure tend to be legacy systems and supply chains and stuff. That's just not a quick patch. Right.
[00:04:57] You need to be able to start planning now. As I said, we've read the horror stories. We kind of know or should know what's waiting for us on the horizon. It's been talked about so much. So from your vantage point at BlackBerry, what does true quantum readiness, what does that actually look like in practice beyond just upgrading encryption algorithms? And where are you seeing organizations possibly misunderstanding the scale of the shift ahead?
[00:05:24] Because you must get to speak with so many business leaders around the world. I'm curious what you're seeing here. Yeah. The biggest thing I see and the biggest misconception is that I run into is that people think it can just, it's just a software update. I'll wait, let all the standards finalize, I'll apply the upgrade and I'll be done. And that's not even remotely true.
[00:05:46] This is a multi-year transformation that touches everything from your architecture to your governance, to your supply chain, your operations. And I think you have to start with knowing what you actually have. We've been talking to customers about a cryptographic bill of materials, right? An inventory of every algorithm, T certificate, you know, protocol and vendor dependency that you have. And I went through this exercise with my own products and the analysis was illuminating.
[00:06:14] I too originally had the view a few years ago of, oh, well, we'll just update the crypto libraries in our products and we're fine. And yet when I really dug in with our engineers and we started putting together that inventory just within our software products alone. And the number of places that we had to rewire and rethink things as it comes to PQC was astoundingly large. And that's just within our software. And I've had these conversations with governments across the world.
[00:06:44] I've had it with Canada, Malaysia, and they're seeing the same thing and starting to think, how do we, how do we start that inventory of what's going on? So that's probably the biggest thing I see that people are missing. And before you join me on the podcast today, I was doing a little research on you guys. And one of the things that I learned is you've spoken about metadata becoming a frontline defense in the post-quantum era.
[00:07:08] So can you tell me a bit more about why controlling communication patterns and protecting metadata could matter as much or even more than the encryption itself? Something I'd not even thought about until I read this. Yeah. If people aren't familiar, when we say metadata, essentially whenever you make a conversation, you make a phone call, you send a message on whether it's the public telephony networks, or even a lot of some of the private apps that you might get off of an app store.
[00:07:38] You leave behind traces of what was going on. Who were you talking to? How often? At what hour? From which devices? And this, with the power of AI, tells an adversary a great deal about your potential intentions, your command structure, your operational state. But especially when there's a crisis, those patterns can be very revealing. Sometimes you don't need to know what was actually in the call or in the message.
[00:08:06] If it's, you know, all of a sudden you see two companies suddenly talking repeatedly over a week at two o'clock in the morning, you might wonder something's going on. Right. Yeah. And this problem is getting worse. I will tell you also, as organizations weave AI into their communications, it's generating new forms of metadata. Interaction patterns with these AIs, the model queries, the inference trails, and all of that, that a lot of people aren't thinking about yet either.
[00:08:34] So we see the ability to control that data. We're getting a lot of requests for sovereign architectures of communication systems where that metadata is not even observable. It's stuck inside of their own system where they can't get access from other adversaries.
[00:08:54] And for G7 and indeed G20 governments and highly regulated sectors from finance to healthcare, if we'd put all these into a melting pot, how does quantum risk change the way that they think about mission critical communications during a cyber attack, climate crisis, or even national security events? Because it feels like there's a lot of vulnerabilities here.
[00:09:18] Yeah, the core insight that we talk to customers about is you cannot build trust during a crisis. It already has to be there. When you're in the middle of an incident, you need absolute certainty that the person on the other end is who you say they say they are, that your exchanges aren't observable and that your infrastructure does exactly what it needs to do. Quantum risk changes this confidence. You can play some things.
[00:09:45] You know, the identity verification has to be continuous. You can't just log in and then say, yep, that's the right person. They haven't logged in or out in 90 days. It's still the same person. You have to have those metadata controls built in to the system. And you need a full end-to-end communication system that's capable of handling those crisis situations. And we saw this.
[00:10:08] One of the things we're proud about is last year, we were the secure communications provider for the 47th ASEAN Summit in Malaysia, where we deployed our products that actually helped enable the safety and coordination of all the events of all of the heads of state at the event. And that deployment doesn't happen unless you've had these kind of similar conversations with the customer, right?
[00:10:33] Of where you're going, what your quantum plan is, how you do all of this security of the communication systems. People we must feel sorry for and certainly spare a thought for are the CISOs that could be listening around the world are already being kept awake at night by juggling AI risk, regulatory pressure that keeps on coming, and geopolitical tension. Throw that into the mix as well.
[00:11:01] So where does quantum fit into that priority list this year in 2026? And how should leaders balance investment between those present-day threats and what everyone's talking about and the future cryptographic disruption that's waiting on the horizon and will get here much quicker than many realize? Yeah. When I think about this, I don't try to think that quantum is a separate priority. I think it intersects with a lot of the things that are going on in the world today.
[00:11:31] And honestly, the most useful question I always ask any executive team, right, is a simple one. Do you actually know where your most sensitive data is? Do you know what it is? Do you know what would happen if that data was decrypted in four to five years? I'd say the vast majority of people I talk to have no idea. They just, they kind of have a blank face.
[00:11:54] So the practical advice I give to a lot of CISOs and other customers I talk to is don't try to create a separate quantum program. Align it to the work you're already doing. You've got a lot of things where you're doing, you're always doing hardware refreshes, certificate renewals, software upgrades. Those cycles keep coming regardless. Integrate your PQC plans into those. And the cost and disruptionally manageable. Make sure you're asking your vendors, you know, what their PQC plans are, right?
[00:12:24] Start understanding what is coming in your systems over the coming years. If you wait until 2029 and treat it as an emergency program, I can guarantee you, you'll pay a significant premium then. There's a big warning sign there. And assuming we're heading to this world where quantum computing could weaken traditional trust models, how are you at BlackBerry approaching identity verified communications?
[00:12:52] And also for everybody listening, what can enterprises learn from the way that governments are already preparing? We have a perspective, right? That trust is between the people and their organizations. And that has to persist regardless of all of this underlying technology. So we continue to think about this from the trust layer down from the human down through it, not from the cryptography up.
[00:13:17] In practice with our BlackBerry SecuSuite product, that means we don't just encrypt the content of the communications, but we also encrypt the surrounding metadata. We have a very unique ways of ensuring that there's a continuous identity verification. Ways inside of the product of identify when we suspect that the security of the communications is broken.
[00:13:41] For example, the screen can turn red if suddenly someone is joining that chat that isn't actually authorized. You know, the signal problem wouldn't have happened inside of our platform. So we see that we've built a strong architecture that holds regardless of the quantum computing, and we're certainly incorporating all of that in there. We work with the vast majority of the G20 governments.
[00:14:09] And we see this as a leadership challenge, not a technology one. The ones that are doing it well, they're already asking the hard questions of their vendors. They're treating this readiness the same way they would any other major operational transformation. And of course, regulatory scrutiny is increasing across not just Europe, but North America and indeed parts of Asia right now.
[00:14:33] So I'm curious, how are you seeing compliance requirements maybe shaping quantum readiness strategies in the future? And are we heading towards a new baseline expectation for secure communications in critical infrastructure? What are you seeing here? Yeah, the compliance landscape is always an interesting one to try to navigate around the world.
[00:14:59] And we do see regulators moving from, let's say, guidance to towards mandates. And expectations are shifting. Instead of just, you know, checking a box, you know, you've got FIPS 130, 140 dash encryption. They're now going, show us your plan. Show us your inventory. Show us your evidence that you can actually migrate to PQC. And that's a fundamentally different conversation that we're starting to have.
[00:15:26] I find it interesting to see the amount of coordination that's happening across the world from the EU, US, UK, Australia, Malaysia, all setting deadlines where they expect vendors to have this implemented in their products. And what we see is evolving is the need in this world as we get to AI and post-quantum is organizations realizing that communication is a weak link.
[00:15:56] And how they protect those communications, especially the critical communications, who they communicate with. And we see this kind of forming into a market at this point where it's not just another, it's a nice to have IT software decision to something where governments, especially see it as a strategic resilience requirement in the future.
[00:16:21] And one of the things I always try and do at the end of every episode here is give everybody listening a valuable takeaway. And let's assume we do have multiple boards and teams listening around the world. So any advice that you would offer those people listening about what those concrete first steps should they be taking to ensure that their communication infrastructure, including metadata governance, all these things remain resilient as quantum computing reshapes the security landscapes over the next few years.
[00:16:50] I mean, say in 2030s, a few years ago, seemed like a long time away, but we're getting much, much closer to that now. So probably getting a little bit nervous. So what should they be thinking about? What should they be doing next as their first steps? Yeah, the first steps that similar to what I've experienced with my own journey with our own products over the past few years is start with understanding the data that you need to protect. What's most important?
[00:17:17] You're not going to solve all of this in a year or two. It's going to take a long time to get through all of the different systems. So really understand what's most important of all of the data that you need to be able to protect. Start making plans and understanding what your vendors' plans are around those things. So if it's specific vendors and specific data, understand their roadmaps and plans.
[00:17:45] And again, fold it into the decisions you're already making. Don't treat this as something else that you have to do. It just needs to be part of good software planning as you're going through the next few years. Fantastic advice. Love that. No need to reinvent the wheel. Bring it into what you're already working on. And I also like to offer my guests an opportunity to take a stand on my virtual soapbox.
[00:18:11] If you've been reading Reddit, LinkedIn or wherever you find your latest tech news, I suspect you see a lot of myths and misconceptions about quantum computing and quantum threats. So what would you say people most misunderstand about your industry? Or are there any myths or misconception in your job or field of expertise that we can finally lay to rest today? The floor is yours. I'll allow you to step up on the soapbox and cleanse yourself of all those things you see.
[00:18:40] Well, the biggest thing that I love to see is when people just say, well, it says it's secure and encrypted. That's good enough. Yeah. We get a lot of that around the world. People don't tend to understand all of the stuff that's actually not encrypted that goes along with all of this communications.
[00:19:05] Certainly the top levels of our governments and all of our spy agencies around the world understand this, and they've understood it for a long time since many of them are the ones that took advantage of that. But the number of places in the world where I get the, oh, we're using WhatsApp for that. And you just kind of go for that? Really? That's quite startling because they say, well, it says it's all encrypted. Oh. Yes.
[00:19:34] And it is, I will not illuminate what those are, but I will tell you there's some fascinating things that are done over WhatsApp in the world today. There really are. And here in the UK, there's been quite a few of those that were leaked as well from high-ranking politicians, et cetera. So there is a podcast for another day. And for anybody listening wanting to learn more about anything we talked about today, where should they go? Where would you like to point them? And where can they keep up to speed with no announcements from you and your team?
[00:20:05] Yeah, for listeners first, I would say 2026 is the year this stops being a topic for a future conversation. The mandates are real. The technology is real. The investment is real. It is accelerating quickly. AI is accelerating things even faster now as it comes to the software related to this. So organizations really do need to start paying attention to this and start putting it into their plans.
[00:20:33] The best place, obviously, is BlackBerry.com. We recently published a predictions piece on where the secure communications market is heading in 2026 and beyond. And that has a lot of the points that we've discussed today as well. You can also follow us on BlackBerry. We're posting a lot of things around quantum and AI and other technologies on there. Or, you know, follow me on LinkedIn. Always happy to have another conversation. Awesome. And I think the message is clear there.
[00:21:03] That first real defense in post-quantum era will not come from just more stronger encryption, but from managing and protecting things like the metadata that surrounds every single exchange. And I said we've seen many leaks and communications over the last few years already. But, I mean, I will add links to everything that you mentioned there. The website, the socials, and indeed the prediction piece. I'll find that and add a link. I urge anyone listening to go check that out. And also, let me know what you think.
[00:21:31] Go to techtalksnetwork.com. You'll find a blog post associated to this episode and links and so much more. But more than anything, just thank you for starting this conversation today. All right. Thank you, Neil. If there's one message I hope you all take away from today, it's this. Quantum risk is not a separate project to be parked into another research folder.
[00:21:56] It should be intersecting with the decisions you're already making around identity. Around identity, infrastructure, vendor selection, and data governance. Because as Nate shared with us today, you cannot build trust during a crisis. You've missed the boat then. It has to exist before the crisis begins. Proactive rather than reactive.
[00:22:20] And in a world where encrypted data is being captured today, and that big wake-up call that we said right at the very beginning of the show today, in a world where encrypted data is already being captured right now, hoping to be used for future decryption, that clock is already ticking. So that practical first step is relatively simple, even if execution takes time. If you've got a pen and paper handy, please, write down.
[00:22:49] Do you know where your most sensitive data lives? Do you understand how long that data needs to stay confidential? That should give you a good starting point. And if you want to continue this conversation, remember, head over to blackberry.com, check out their latest predictions on secure communications in 2026 and beyond. I will add links in the show notes so you can explore further and connect with Nate directly on anything we talked about. And as always, you've heard from me. You've heard from Nate.
[00:23:18] I want to hear your perspective. How are you already factoring quantum readiness into your operational planning? Or have you been guilty, like many, of still thinking like, hey, this is something for the next decade? We've got bigger things to worry about at the moment. Let me know your thoughts, whatever it is. Techtalksnetwork.com. All the links are there. You can leave me a message or an audio message as well. But that's it for today. I look forward to hearing from you.
[00:23:45] And hopefully I'll get to speak with you again tomorrow in our next episode. Speak with you then. Bye for now.