An applied post-quantum cryptography practice.
We exist because most organisations lack the internal expertise to assess their quantum exposure, educate their staff, and implement post-quantum cryptography — while the regulatory clocks are already running.
Four principles
They decide what we recommend, what we publish, and what we refuse to oversell.
Risk asymmetry, not timeline bets
Our recommendations don't rest on certainty about quantum timelines. They rest on the asymmetry of consequences: migrating early costs engineering overhead — recoverable. Migrating late is unrecoverable. That asymmetry is the basis for everything we advise.
Design-level over scanner-deep
Security begins with architecture, not patches. We work upstream of implementation bugs — at primitive selection, hybrid construction, threat modelling, and protocol design — where the decisions that matter are made.
Open methodology, earned trust
We publish our methodology as open guidance and our tooling as open source. The framework is open; the credibility is earned through shipped work, transparent findings, and the certificate behind them.
Point-in-time honesty
A certificate is a map, not a guarantee. Every assessment is explicitly point-in-time, and every certificate carries that disclaimer. The post-quantum landscape moves; an annual renewal keeps your posture current.
Who you work with
A founding team across strategy, audit methodology, research, and partnerships.
Leon Acosta
Founder & CEO
Overall strategy, enterprise engagements, partnerships, and the standards-body and ISO alignment path.
LinkedInKrzysztof Cywiński
Co-founder · Technical Lead
Owns the audit methodology and technical direction. Every engagement is led by a senior cryptographer, not a junior running a scanner.
LinkedInConor Clancy
Co-founder · Head of Content
Owns the research and methodology pipeline — turning what we find in audits into open, citable guidance.
LinkedInPietro Sassanelli
Co-founder · Head of Partnerships
First point of contact for new engagements; owns scoping, qualification, and the client relationship.
LinkedInAnalia Acosta
Project Delivery Manager
Owns delivery — engagement planning, timelines, and client communication — so audits ship on schedule and nothing slips.
David Balbás
Cryptography Advisor
Advises on cryptographic rigour — primitive selection, hybrid constructions, and conformance — grounded in current research.
LinkedInGregory Aillaud
Compliance Advisor
Maps audits to the standards and regulations clients answer to — ISO/IEC 27001, Common Criteria, DORA, and NIS2.
LinkedInKeshav Jha
ISO Standards Expert
Deep ISO/IEC standards expertise — shaping the certification path and translating audit findings into the evidence and controls standards bodies expect.
LinkedInFabricio Acosta
Developer (Trainee)
Supports tooling and audit engineering across the open-source toolkit while training under the senior team.
LinkedInWhy now
Not our track record — the state of the field that makes this urgent.
3
NIST PQC standards finalised — ML-KEM, ML-DSA, SLH-DSA
~65%
of human web traffic already post-quantum encrypted (2026)
2030
CNSA 2.0 preference deadline for many systems
Day 0
“harvest now, decrypt later” is already underway
Let's make you quantum-ready.
Book a discovery call and we'll show you where you stand.