Quantum computing’s promise may still sound futuristic in many corners of government, but for Eddy Zervigon, the more urgent reality is what it means for the cryptography that underpins government and enterprise networks.
In a recent interview with MeriTalk, Zervigon said federal leaders should be paying closer attention to the growing risk that quantum computing will eventually break today’s public key encryption schemes, bringing a decades-long era of trusted cryptography to an end.
“For 50 years, we’ve been governed by three algorithm schemes that have gotten us through the digital age,” Zervigon said. “It’s an incredible run, but unfortunately, it’s coming to an end with the advent of quantum computing.”
That urgency is shaping how Zervigon, CEO of Quantum XChange, talks about the transition to post-quantum cryptography (PQC). His message to federal technology leaders is clear: Don’t wait for a perfect plan. Start now with the biggest data flows and the most exposed parts of the network, and build from there.
Why Q-Day feels closer
Zervigon said the government’s posture on PQC has shifted significantly over the past 18 months, and especially since August 2024, when NIST released its first post-quantum standards. Since then, he said, accelerating research, rapid advances in artificial intelligence (AI), and growing questions about what the United States may be underestimating in quantum have changed the tone of the conversation.
He also pointed to a broader sense that emerging technologies are advancing faster than many expected.
“I think DeepSeek just put it in hyperdrive,” Zervigon said, arguing that AI advances have forced leaders to ask what else they may be underestimating – especially as it relates to quantum.
For Zervigon, “Q-Day” is not just the moment when a cryptographically relevant quantum computer can instantly crack encryption. He defines it more broadly as the point at which such a system can break current encryption schemes at all, even if that process takes weeks or months.
That matters because adversaries are already harvesting sensitive data now, he said, with the expectation that they may be able to decrypt it later once the necessary quantum capability arrives.
“As we know, there’s a lot of harvesting going on of data right now,” Zervigon said. “Once we have a cryptographically relevant quantum computer, they’re going to be able to replay that data and extract the relevant information from that data stream.”
What’s overhyped – and what’s underestimated
When asked what is getting too much attention in the government PQC conversation, Zervigon pointed to the idea that agencies must first map every application and every instance of cryptography before starting the migration.
He argued that the complexity of getting started is being overstated.
Instead, he said, agencies should identify the largest attack surfaces first – especially the network layer where high-value data traverses – and begin protecting those major traffic flows before worrying about every endpoint and application.
“I think what’s being overhyped is the complexity involved in starting this migration,” Zervigon said.
What is being underestimated, he argued, is how manageable early progress can be if agencies take an architectural approach and lean on technologies that fit into existing environments.
“It’s a lot simpler than people think,” he said, especially if post-quantum protections can be integrated into routers, switches, and firewalls without forcing agencies into wholesale rip-and-replace efforts.
Advice for CIOs: Start with the biggest threat vectors
Zervigon did not hesitate on his advice for IT leadership over the next one to two years: “Jump in the water.”
More specifically, he urged leaders to focus first on their biggest threat vectors and biggest data pipes, and to think about how they can protect those flows at the network and data layers now instead of waiting for a perfect long-term migration plan.
He also called for agencies to begin budgeting sooner, accelerate timelines that he suggested are too slow, and push vendors toward interoperability so that the market does not splinter into incompatible approaches.
Zervigon pointed to vocal interest from parts of the Department of Homeland Security, including U.S. Customs and Border Protection, and referenced his Dec. 17, 2025, testimony before the House Homeland Security Committee as evidence that the federal conversation is becoming more concrete.
His broader argument is that agencies do not need complete crypto inventories before they act on obvious risks.
“If you need someone to tell you that the data connection between headquarters and your backup is a vulnerability, you don’t need new encryption. You need a new CISO,” he said.
Where AI fits in
Zervigon said the current focus on AI is both helping and hurting the quantum discussion.
On one hand, he said, AI’s rapid development is consuming leadership attention. On the other, it is underscoring how dangerous it can be to underestimate emerging technologies.
“If we underestimated AI, how much are we underestimating quantum?” he said.
He also warned that AI is already becoming an offensive tool for adversaries, and that the combination of AI and quantum will only raise the stakes.
“AI is the brains, and quantum is the brawn,” Zervigon said.
That is one reason he repeatedly framed PQC as an architectural problem rather than a simple algorithm swap. In his view, agencies need cryptographic architectures that can adapt as threats evolve, instead of assuming any single technical standard will end the problem.
What differentiates Quantum XChange
When asked what sets Quantum XChange apart, Zervigon returned to architecture, standards, and validation.
He said federal CIOs should begin by asking whether the technologies they are evaluating are standards-based and certified. If they are not, he argued, agencies should think carefully before adopting them.
“Is it standards-based? Is it validated? Start from there,” he said.
Zervigon said the deeper shift ahead is that agencies will need to move beyond the long-standing model of keeping key generation and delivery at the endpoint and instead think in terms of a cryptographic management plane that allows them to manage cryptography more dynamically across the enterprise.
What’s next
For all of the urgency in his message, Zervigon closed on an optimistic note.
“We’re seeing a lot of activity, not only interest anymore, but actionable energy from federal civilian, Department of War, and intelligence organizations. So, we’re really excited about those opportunities,” he said.
His bottom line for federal technology leaders is that the great crypto migration does not have to begin with perfection. It has to begin with movement.
“We can start doing this now,” he said. “Why do we need this whole three-to-five years out [view]? We should start doing it now.”