SecureWorld Quantum Cryptography Virtual Conference 2026

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Peruse the many downloadable resources each booth has to offer.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

Quantum cryptography isn’t a distant concept; it’s an active, deployable technology that will define the future of secure communication.

This presentation explores how quantum mechanics is reshaping cybersecurity. We’ll cover the limitations of classical encryption in a post-quantum world, the principles behind Quantum Key Distribution (QKD), and real-world implementations already in use. Attendees will also get a glimpse into the quantum-safe future being built today by governments and enterprises globally.

Security governance for AI systems is stuck in 2015. GRC teams write PDF policies. Engineering teams ignore them. When a developer wants to connect a new tool to their AI agent, the review takes days. By the time the policy doc is updated, the architecture has changed twice.

This session presents a policy-as-code approach to AI governance that gives GRC teams direct control over runtime enforcement without requiring engineering deployments. Using OPA/Rego as the policy engine, governance rules become version-controlled, testable, and hot-reloadable artifacts that enforce at the point of action rather than the point of review.

The talk walks through real implementation: writing Rego policies that map to NIST 800-53 controls, building a policy bundle pipeline so GRC pushes updates without deployments, and separating policy ownership from infrastructure ownership so security teams and engineering teams stop blocking each other.

Key Learnings:

• Why document-based AI governance fails in fast-moving engineering organizations
• Implementing policy-as-code with OPA/Rego for AI agent runtime enforcement
• Mapping Rego policies to NIST 800-53 and ISO 27001 control families
• Building a GRC policy pipeline: version control, testing, hot-reload, and audit trails
• Organizational patterns for separating policy ownership from infrastructure deployment

The emergence of cloud computing resulted in a boom in attention on encryption. Where has encryption benefited cloud computing, and where have hopes been dashed? What are today’s models, and what impact will the latest technologies—confidential computing, privacy preserving encryption, homomorphic encryption, for example—have in the years ahead? This session will provide an overview of cloud encryption dynamics that probably contradicts at least one thing you believe on that topic. Come join this session and learn from someone that’s lived in the trenches and values constructive debate.

Paul Rich is the Executive Director of Data Management & Protection at JPMorgan Chase & Co. From 1998 to 2019, he worked at Microsoft where he worked with encryption technologies and developed new features in Office 365 for protecting customer data. Paul aspires to evangelize unfortunate truths and debunk popular myths regarding encryption and cloud computing.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

Session details to come.

Nation-states are today collecting encrypted organizational communications with one goal: decrypt them when quantum computers arrive. This confirmed strategy—Harvest Now, Decrypt Later—is named in NSA/CISA joint advisories and attributed to nation-state actors including China’s Volt Typhoon and Salt Typhoon groups. Meanwhile, every commercial Quantum Key Distribution system ever independently tested has been defeated through hardware attacks. And in July 2022, a NIST Post-Quantum Cryptography finalist was completely destroyed by a classical laptop attack in 62 minutes.

This session is a practitioner’s field guide to the quantum threat landscape for IT security engineers. No physics background required. We cover six threat domains: HNDL campaigns and which data categories are already at risk; Shor’s and Grover’s algorithms and their precise impact on RSA, ECDH, AES-128, and SHA-256;three physical attacks that defeated commercial QKD hardware with confirmed evidence; implementation vulnerabilities in the surviving NIST PQC standards including timing side-channels in ML-KEM; and a specific week-by-week enterprise migration roadmap based on the 2024 NIST standards.

This session is the result of deep research into published attack papers, hardware demonstrations, and the NIST PQC standardization process—distilled into intelligence that IT security teams can act on immediately.

Session details to come.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

AI agents are new, but the security questions are timeless: who owns the system, what can it access, what actions are allowed, and how do we respond when something goes wrong? As enterprise AI moves from pilots into workflows that retrieve data, call tools, update records, and trigger business actions, this session gives security and governance leaders a practical launch-readiness model covering ownership, risk tiering, data boundaries, identity, tool permissions, human approval, logging, exception handling,
and incident response.

Attendees will leave with a launch-readiness checklist that applies timeless security principles to enterprise AI agents: ownership, least privilege, layered control, human judgment, logging, resilience, and incident response.

AI is changing the economics of cyber risk. Vulnerabilities can now be discovered, prioritized, and exploited faster than many organizations can validate their real exposure. A logs-only view is no longer enough because logs show only what systems report, not everything attackers can reach. The highest-risk gaps often sit in east-west traffic, encrypted sessions, fast-moving cloud and container environments, and unsanctioned AI services operating outside formal oversight. 

Attendees will learn how network telemetry provides the evidence needed to make better security decisions. It helps teams determine which vulnerabilities are truly exploitable, uncover lateral movement and shadow AI usage, and prioritize detection and remediation around the most critical attack paths. The outcome is not just faster action, but measurably lower cyber risk and stronger business resilience.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

Session details to come.

Session details to come.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.