Moona Ederveen-Schneider is a cybersecurity expert (and Most Inspiring Woman in Cyber Award winner 2026) with more than 20 years of experience across financial services, risk and cyber resilience. She has held senior roles at Deutsche Bank, JPMorgan Chase, UBS, Nomura and ABN Amro, and previously served as Executive Director EMEA at FS-ISAC.
As the founder of Resilia Connect and author of the Practical Post-Quantum Transition Framework, Moona works with organisations preparing for the security risks created by quantum computing. Her work focuses on post-quantum migration, crypto-agility and helping leaders turn complex technical threats into practical action.
In this exclusive interview conducted by the Cyber Security Speakers Agency, Moona explains why the quantum threat is already taking shape, where organisations go wrong when preparing for post-quantum cryptography, and why businesses need to begin strengthening their security architecture now.
Why does quantum computing remain an underestimated cybersecurity threat for many organisations?
Moona Ederveen-Schneider: “Quantum computing is not simply a future threat. Adversaries are already harvesting encrypted data with the intention of decrypting it once quantum computers become powerful enough.
“Most organisations have not yet started preparing for that transition.
“I developed a practical post-quantum transition framework to explain the issue clearly, cut through market hype and vendor noise, and make the process manageable for organisations and their teams.
“I also run tabletop exercises that teach organisations how to become crypto-agile. I poll participants at the beginning and again at the end of these sessions. The shift in the room is remarkable.
“People often arrive feeling that the challenge is unmanageable. They leave with greater confidence and a clear understanding of what they need to do next.”
How close is the quantum threat, and how urgently should organisations begin preparing?
Moona Ederveen-Schneider: “The UK National Cyber Security Centre says organisations should complete detailed planning by 2028 and be fully migrated by 2035.
“Google has set its own internal migration deadline of 2029, citing faster-than-expected advances in quantum computing. That reflects the wider sentiment I am seeing and the increasingly strong guidance being issued by governments globally.
“Google is one of the organisations building these machines, so its decision deserves serious attention.
“Large organisations typically need at least five years to complete a full cryptographic overhaul, while some may need twice that long. A 2035 deadline is therefore not generous. Organisations need to begin acting now.
“My practical post-quantum transition framework is designed to deliver security improvements from the first day. It provides a clear starting point and a route through the process without overwhelming teams or budgets.
“Organisations are also not preparing for a future threat in isolation. They are building more resilient architectures that can improve protection against current threats, including ransomware, AI-enabled attacks and supply chain compromise.”
What mistakes do organisations make when beginning a post-quantum cryptography migration, and what should they do differently?
Moona Ederveen-Schneider: “The first common mistake is treating post-quantum cryptography migration as a technology project and handing responsibility solely to the security team.
“It is a whole organisational transformation.
“The data that needs protecting sits across HR, legal and finance, not only within what DORA defines as critical business processes.
“The second common mistake is beginning with the cryptographic inventory.
“Contrary to the approach commonly repeated across the industry, I advise organisations to strengthen their data security posture first.
“They must answer a fundamental business question: what are we protecting, and how long does it need to remain secret?
“My practical post-quantum transition framework begins with that question and is designed to deliver security improvements immediately. It can be adapted for organisations and teams of any size.”





