A Crime Against Time | An Interview with Rik Ferguson | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026

PODCAST EPISODE | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026 On Location With Sean Martin And Marco Ciappelli Adversaries are stealing encrypted data today that they cannot read yet, and storing it until a quantum computer can. Sean Martin sat down with Forescout’s Rik Ferguson to talk about “harvest now, decrypt later,” why Q-Day is closer than the comfortable timelines suggest, and what the decisions you make this year have to do with secrets you thought were safe forever. 📺 Watch | 🎙️ Listen | ITSPmagazine.com Somewhere there is a building full of secrets nobody can read yet. That is not a metaphor. The NSA reportedly keeps a facility for storing encrypted data it cannot currently crack, on the assumption that one day it will. It is patient. It is betting on the future. And it is not the only one placing that bet. When Sean Martin sat down with Rik Ferguson at InfoSecurity Europe, the subject was post-quantum cryptography, which sounds like a problem for physicists and a decade away. Ferguson, VP of Security Intelligence at Forescout and a quarter-century veteran of watching threats arrive ahead of schedule, was there to take that comfort away. His keynote title put it politely: post-quantum is a way off, we can wait, can’t we. The honest version is that we can’t. The attack has a name: harvest now, decrypt later. Adversaries steal encrypted data today, knowing it is useless to them, and store it. They are not waiting because they gave up. They are waiting for the key. When a quantum computer can break the encryption we currently trust, every stockpiled file opens at once. NIST pencils that day in around 2035. Google has suggested 2029. IBM’s first fault-tolerant quantum machine is slated for 2029. Pick any date in that window, then look at the equipment your organization is buying this year and ask how long it will still be running. What Ferguson is really describing is a crime against time. Every breach we know how to investigate has a shape. It happened on a date, the intruder moved through the network, and we trace the damage backward from there. Harvest now, decrypt later erases the date. There is no alarm when the data leaves, because nothing visibly breaks. Your first notice that you were robbed a decade ago is the day the contents are used against you. Sean, who likes to pull these conversations back to the business, named the right precedent: Y2K. We remember it as a joke, the planes that never fell out of the sky. It was a non-event precisely because a great many people did an enormous amount of unglamorous work. Ferguson’s warning is that the opposite is happening now. Few people are doing the work, and that is how a non-event turns into an event. There is an unglamorous question underneath all of this: which of your secrets will still matter in ten years? Encrypting everything harder is not the answer, because not everything is worth defending against a decade-late attack. Session tokens decrypted in 2035 are worthless. Clinical trial data, merger plans, sovereign debt strategy, the legal conversations everyone assumed were private forever, those keep their value, and they are worth a stranger’s patience. Ferguson calls the discipline quantum agility: build the systems now so you can swap the locks later. Easy enough in software. Nearly impossible in a medical device still running Windows XP while a regulator finishes signing off the last version. So what do we carry forward, and what do we leave behind? We carry our secrets, whether we want to or not, into a future where the lock on them may not hold. What we have to leave behind is the comfortable belief that encrypted means safe, full stop, forever. Ferguson ends his keynote on an image of a stealth combine harvester, which the AI struggled to draw because nothing like it exists in the training data yet. That is the joke, and also the point. The thing coming for the data is quiet, built to gather, and we have barely pictured it. His next argument, a paper called Assume Autonomy, says it is time to stop assuming breach and start assuming the machines on both sides will run themselves. Sean has already booked the follow-up. Sean’s full conversation with Rik Ferguson is linked below, with the rest of our InfoSecurity Europe coverage. Let’s keep thinking. — Marco Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Journalist | Writer | On Location With Sean Martin And Marco Ciappelli | 🌎 LAX🛸FLR 🌍 About the Host Sean Martin, CISSP, is the co-founder and Director of Operations and Programming at ITSPmagazine, and the host of the Redefining CyberSecurity podcast. An information security and technology veteran of more than thirty years and a multiple-time CISSP, he led engineering and delivery for hundreds of cybersecurity products before turning to journalism and broadcasting. Through Redefining CyberSecurity he keeps pressing one question: if we are selling security insincerely, buying it indiscriminately, and deploying it ineffectively, how do we make it usable, honest, and a real source of business value? He teaches at Pepperdine’s Graziadio Business School and broadcasts from New York City. 🌎 seanmartin.com | LinkedIn: linkedin.com/in/imsmartin About the Guest Rik Ferguson is the Vice President of Security Intelligence at Forescout, where he leads the company’s threat research and intelligence work. A cybersecurity veteran of more than twenty-five years, he spent fifteen years as Vice President of Security Research at Trend Micro before joining Forescout in 2022. He is a founding Special Advisor to Europol’s European Cybercrime Centre (EC3), a Fellow of the Royal Society of Arts, a co-founder of Respect in Security, and a member of the Infosecurity Europe Hall of Fame. A Certified Ethical Hacker, CISSP, and ISSAP, he is also a writer, broadcaster, and futurist known for translating the cutting edge of cybercrime for governments, businesses, and the public. 🔗 LinkedIn: linkedin.com/in/rikferguson More from this event: Full InfoSecurity Europe 2026 coverage: ITSPmagazine InfoSecurity Europe 2026 All ITSPmagazine event coverage: Technology & Cybersecurity Conference Coverage Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.