Quantum computing is coming faster than most organizations are ready for. In this episode of Shielded: The Last Line of Cyber Defense, Kevin Reifsteck, Director for Critical Infrastructure Protection at Microsoft, joins Jo Lintzen to unpack how Microsoft is building a coordinated roadmap toward quantum-safe security and why governments and enterprises must start acting now. Kevin explains how Microsoft’s Quantum Safe Program connects engineering, compliance, and policy under one strategy, with a clear commitment to deliver customer-ready capabilities by 2029 and complete the global transition by 2033. He shares how this plan balances scale with flexibility, empowering each product group to define its path while keeping the company aligned to a shared goal. He outlines why post-quantum migration must move beyond “code swaps” to address real-world complexities like data-center encryption, operational technology that runs for decades, and global interoperability. Kevin also highlights the role of government action, appointing accountable leaders, aligning regulations across borders, and prioritizing sectors such as healthcare and finance where long-term data protection is critical.

How Microsoft’s Quantum Safe Program sets 2029 and 2033 milestones for migration readiness.

Why accountability and leadership drive progress more than technology alone.

How to identify and protect systems and data with long-term exposure risk.

Why global alignment through NIST, ISO, and IETF matters for interoperability.

How governments can accelerate national readiness through coordinated action.

Why post-quantum migration must include hardware, policy, and operations - not just software updates.

Practical first steps for organizations to begin their own quantum-safe transition today.

Kevin Reifsteck is the Director for Critical Infrastructure Protection at Microsoft, where he leads global strategy across cybersecurity policy, quantum-safe readiness, and public–private sector collaboration. His work bridges engineering and regulation, helping Microsoft’s product teams align with evolving post-quantum cryptography standards while advising governments on how to prioritize critical systems and national resilience. Before joining Microsoft, Kevin served as Director for Critical Infrastructure Cybersecurity at the National Security Council, The White House, where he shaped U.S. policy for securing essential services and modernizing cyber risk management. Today, Kevin plays a central role in driving Microsoft’s Quantum Safe Program, which sets clear timelines for transitioning products and services to post-quantum cryptography and helping customers worldwide prepare for the quantum era. Known for his strategic clarity and cross-sector insight, he continues to champion global alignment, government readiness, and responsible innovation in securing the foundations of the digital world.

[01:25] Step 1: Set Accountability and Direction –
Every successful migration begins with ownership. Kevin explains how Microsoft anchored its transition by naming accountable leaders and setting measurable goals across its entire product ecosystem. The company’s Quantum Safe Program unites engineering, policy, and compliance within one vision, ensuring that strategy translates into coordinated action. Each product group defines its own plan within shared milestones, creating focus without friction. This balance of central direction and local execution allows a company as large as Microsoft to move with precision. Leadership commitment is the engine that turns post-quantum awareness into measurable progress.

Key Question: Who owns your quantum-safe migration, and what milestones define success?

Microsoft’s roadmap defines clear signposts: customer-facing capabilities by 2029 and full transition across products and services by 2033. These dates are not abstract; they give structure to engineering priorities, regulatory engagement, and customer planning cycles. Kevin shares that transparency in scheduling helps align suppliers, cloud partners, and governments around a shared sense of urgency. It signals that the migration window is already open, and that early action reduces future cost and complexity. By publishing its timelines, Microsoft creates both accountability and confidence within the broader ecosystem. Timelines build trust, and trust accelerates adoption.

Key Question: Have you defined a clear migration timeline that aligns your teams, vendors, and customers?

Governments set the tempo of readiness. Kevin emphasizes that effective policy should create alignment, not administrative drag. Microsoft advocates for each nation to name a responsible authority, establish a post-quantum plan within its national cybersecurity strategy, and allocate the resources to act on it. Awareness programs and sector-specific guidance can turn compliance from a burden into an accelerator, especially for industries like healthcare and energy where expertise is scarce. The key is partnership; policymakers and private industry moving in rhythm toward the same standards and timelines. Well-crafted regulation builds the runway for secure innovation.

Key Question: How can your policy environment encourage rather than slow down quantum-safe adoption?

True migration reaches beyond code. Kevin outlines how large-scale infrastructures rely on encryption embedded deep within hardware, network layers, and operational systems that may run for decades. In cloud environments, encryption depends on specialized chips, data flow, and power efficiency, all of which must adapt to larger keys and new computational demands. In critical infrastructure, replacing or reconfiguring operational technology requires careful planning and years of lead time. Treating PQC as a systemic evolution ensures that migration strengthens, rather than disrupts, core services. Preparation today prevents technical and operational lock-in tomorrow.

Key Question: Which parts of your infrastructure demand more than a code update to achieve quantum resilience?

Some data loses value in weeks; other data must stay confidential for decades. Kevin draws attention to sectors where this matters most: finance, healthcare, and government, where exposure to “harvest-now, decrypt-later” attacks could have generational consequences. The first step is to identify which assets would still cause harm if exposed ten or fifteen years from now. Protecting those systems early not only reduces risk but avoids future regulatory and operational strain. Microsoft’s guidance encourages leaders to focus first on the information and services that define their long-term trust relationship with customers. Longevity determines priority in the quantum transition.

Key Question: Which information or systems in your organization will still matter a decade from now?

Quantum resilience depends on collaboration that crosses borders. Kevin explains how Microsoft works within NIST, ISO, and IETF to ensure that algorithms and protocols mature together, preventing regional fragmentation that could slow the entire ecosystem. When nations align on standards, organizations can innovate confidently, knowing their systems will interoperate securely worldwide. The goal is a consistent framework that supports both national security and commercial continuity. Alignment builds momentum, and momentum ensures no critical infrastructure is left behind. The post-quantum era will reward those who plan globally and execute locally.

Key Question: How well are your systems and partners aligned with emerging global post-quantum standards?

Want exclusive insights on quantum migration?

Stay ahead of the curve. Subscribe to Shielded: The Last Line of Cyber Defense on Apple Podcasts, Spotify, or YouTube Podcasts.

✔ Get insider knowledge from leading cybersecurity experts.

✔ Learn practical steps to future-proof your organization.

✔ Stay updated on regulatory changes and industry trends.

Need help subscribing? Click here for step-by-step instructions.