Back in 2019 I was studying, and even once worked on, quantum computers. Q-Day seemed a long way off then. I spoke then about how when Q-Day comes, not only would a lot of our encryption be obsolete but it would already be too late to do anything about it because those encrypted messages will have been, probably already had been, stolen. Back then, nobody had named that type of attack as a "Harvest now decrypt later" attack, but that was what I was going on about.

Now, Q-Day is not too far away. Many people have been describing the problem in a bit more detail, including what your organisation needs to do in order to get ready for it. But how many people have actually been preparing an organisation for Q-Day? Myself and my colleagues have been doing so at one of our clients, so this is the story of why we are doing it, what we did, what we found and how hard it will be to fix it all.