Sandbox Access

Bits of Cyber, Bytes of Life

recent posts

  • The Quantum Dawn: Understanding Quantum Computing and the Foundations of Modern Cryptography

    A few weeks ago, I was in a meeting at work where we were discussing quantum resistant cryptographic algorithms and how quickly this area of technology is evolving. The discussing included a mix of people with different backgrounds, security engineers, IT specialists, project managers, and a few architects. Conversations like that tend to become pretty technical pretty quickly.

    After the meeting wrapped up, one of my colleagues (who doesn’t work directly in cybersecurity) came over and asked a simple question.

    So what exactly is quantum computing?

    I gave him a simple and short explanation, the kind your give when someone just wants the high level idea. But the conversation stuck with me afterward. Quantum computing is a term we hear constantly in the tech world. It shows up in news articles, industry conferences, research papers, and of course in vendor marketing. Most people generally understand that it refers to extremely powerful computers capable of solving problems traditional machines cannot.

    But what I realized during that conversation is that very few people actually understand the basic principles behind it. The term has become familiar, but the concepts behind it are still a bit mysterious to many professionals.

    To make the topic easier to follow (and to write), I decided to split into three parts:

    • Post 1 (This article) – A practical introduction to quantum computing and the fundamentals of modern cryptography.
    • Post 2 – Why quantum computing has the potential to break many of the cryptographic algorithms we rely on today.
    • Part3 – The emerging world of quantum resistant cryptography and how organizations can begin preparing for the transition.

    I am not an expert on the topic but as a cybersecurity professional I am aware of it. I will do my best to help navigate IT generalists and non IT professionals on the above three points.

    A New Frontier in Computing

    Every few decades, computing goes through a major shift.

    • The invention of the transistor made modern computing possible.
    • The internet connected the world.
    • Cloud computing changed how infrastructure is built and operated.
    • AI has begun transforming how we interact with data

    Quantum computing could very well be the next major shift.

    Unlike improvements in the processor speed or storage capacity, quantum computing represents an entirely different approach to computation. Instead of simply building faster versions of the computers we already have, researchers are designing machines that operate using the principles of quantum mechanics.

    For certain types of problems, these machines could perform calculations that would take classical computers thousands or even millions of years . That potential is exciting for fields such as medicine, chemistry, logistics, etc. But it also raises serious questions in another area, cybersecurity.

    Many of the encryption systems that are used on a daily basis and that protect our digital infrastructure rely on mathematical problems that are extremely difficult for classical computers to solve. Quantum computing could change that assumption.

    Understanding Quantum Computing

    Traditional computer process information using bits. A bit represents one of two values (or states), 0 or 1. Every file, image, website, or application running on your laptop ultimately boils down to long sequences of these zeros and ones, and therefore the nomenclature of binary values or binary computing.

    Quantum computers use a different unit of information known as qubit, short of quantum bit. What makes a qubit unique is that it can exist in multiple states at the same time, this is a property of quantum physics and is known as superposition. For example, if we stay in our binary computing, a qubit can be in a superposition of 0 AND 1, allowing quantum computers to process a vast number of possibilities at once.

    This is a strange concept to digest at first, but a common analogy is a spinning coin. When a coin is resting on a table, it is clearly heads or tails. But when it is spinning, it is not very clear one or the other, it exists in a mixture of both possibilities until it lands. Qubits behave in a similar way. Instead of representing only 0 or 1, they can represent a combination of both states simultaneously.

    Another important property of quantum systems is entanglement. When qubits become “entangled”, the state of one qubit becomes directly related to the state of another one. Changing one affects the other instantly, even if they are physically separated. As an example that is easy to digest I recommend you to check “Quantum Computing Explained Through the Spider-verse“, a post in Medium.com that is fun where Riany Mello, the post author explains it really well.

    These two properties, superposition and entanglement allow quantum computers to process information in ways that classical computers cannot. Instead of evaluation possible solutions one at a time, quantum systems can explore many possibilities simultaneously and therefore make these machines exponentially more powerful processing wise than our regular computers.

    How Quantum Computers Actually Work

    Building a quantum computer is far from simple. Unlike traditional processors, qubits are extremely sensitive to their environment. Even small disturbances such as temperature changes, electromagnetic interference, or vibrations can disrupt their quantum state.

    To maintain stability, many quantum systems operate at temperatures extremely close to absolute zero (approx -273.15 °C and -459.6°F). The processors are often housed in large cryogenic chambers that look more like scientific instruments. At the moment there are different technologies explored to implement qubits:

    • Super conducting circuits
    • Trapped ions
    • Photonic quantum systems

    Inside the processor, operations known as quantum gates manipulate qubits in a controlled way. These gates adjust the probability states of qubits and guide the system toward the correct computational result. However, because quantum states are fragile, researchers must also deal with quantum error correction, which is an entire field of study on its own.

    Today’s quantum machines are still considered experimental, but progress has been steady. Each year brings improvements in stability, qubit counts, and overall performance.

    Why Cryptography Matters?

    To understand why cybersecurity professionals are paying a close attention to quantum computing, we need to take a step back and look at how cryptography works.

    Cryptography is what protects information when it travels across networks or is stored digitally. Without it, activities such as online banking, secure messaging, and digital identity would not be possible. Most modern cryptographic systems fall into two main categories: Symmetric Encryption, and Asymmetric Encryption.

    Symmetric Encryption uses the same secret key to both encrypt and decrypt information. Examples include algorithms like:

    These algorithms are extremely efficient and are commonly used to encrypt large amounts of data. Their security relies on the size of the key space. For instance, AES-256 has 2^256 possible keys (this number is as large as the total number of atoms in the observable universe), making brute force attacks practically impossible with current computing power.

    Asymmetric Encryption or Public Key Cryptography works differently:

    Instead of one shared key that both encrypts and decrypts messages like in symmetric encryption, Asymmetric encryption uses two keys:

    • A public key, which anyone can use to encrypt information
    • A private key, which only the owner possesses to decrypt it

    The system makes it possible for two parties to communicate securely even if they have never exchanges secrets before. Some of the most widely used Public Key algorithms include:

    These algorithms rely on mathematical problems that are easy to compute in one direction but extremely difficult to reverse. For example, multiplying two large prime numbers together is straightforward, but determining the original primes from the resulting number (factoring) becomes incredibly difficult as the numbers grow larger.

    This asymmetry form the basis of much of the internet’s security infrastructure.

    The Assumption Behind Modern Encryption

    Modern Cryptography is built on an important assumption: certain mathematical problems are computationally impractical to solve.

    With today’s computers, breaking strong encryption through brute force (attempting every possible key combination) would require an unrealistic amount of time that is often measures in thousands or million of years. As long as this assumption holds, encrypted data remains secure.

    But what happens if a new type of computer is developed that can solve these problems far more efficiently? That is the possibility ys why the cybersecurity community is watching the progress of quantum computing so closely.

    Where Cryptography Shows Up in Everyday Tech

    Cryptography is deeply embedded in modern digital systems, often in ways that we rarely think about. Cryptography protects:

    • Secure web connections via HTTPS
    • Online banking transactions
    • Messaging applications with end-to-end encryption
    • Digital signatures used in software updates
    • Blockchain transactions and cryptocurrency wallets
    • many more

    In various ways, the trust that we place in digital systems is built directly on cryptographic algorithms. This is why understanding how those algorithms works, and where their limits may lie, is essential to continue on this “trusted” state.

    Preparing for next post:

    Quantum computing represents both an extraordinary technological breakthrough and a potential challenge to existing security models. In this first post, we covered the foundational concepts:

    • What quantum computing is
    • How quantum computers differ from classical systems
    • How modern cryptography protects digital communications

    In the next post, I will cover one step further and we will examine how certain quantum algorithms (specially Shor’s algorithms and Grover’s algorithms) could potentially weaken or break many of the cryptographic systems currently used across the internet.

    Understanding that risk is the first step toward preparing for the post-quantum cryptographic world that researchers and security teams are already beginning to design.

    Final thoughts

    Cryptography has protected the digital world for decades by relying on mathematical problems that are extremely difficult to solve. Quantum computing introduces a new computational model that may eventually change the balance of the equation. The challenge now is not quite simply understanding the technology, but ensuring that the systems we build today remain secure in the decades ahead.

    References and further reading

    National Institute of Standards and Technology (NIST)
    Post-Quantum Cryptography Project
    https://csrc.nist.gov/projects/post-quantum-cryptographyIBM Quantum
    What is Quantum Computing?
    https://www.ibm.com/quantum/what-is-quantum-computingGoogle Quantum AI
    Quantum Computing Overview
    https://quantumai.google/Microsoft Azure Quantum
    Introduction to Quantum Computing
    https://learn.microsoft.com/en-us/azure/quantum/overviewCloudflare
    The State of Post-Quantum Cryptography
    https://www.cloudflare.com/learning/ssl/what-is-post-quantum-cryptography/Scott Aaronson
    Quantum Computing Since Democritus (Book)Nielsen, M. & Chuang, I.
    Quantum Computation and Quantum Information (Cambridge University Press)Shor, P. (1994)
    Algorithms for Quantum Computation: Discrete Logarithms and Factoring
    https://arxiv.org/abs/quant-ph/9508027Grover, L. (1996)
    A Fast Quantum Mechanical Algorithm for Database Search
    https://arxiv.org/abs/quant-ph/9605043NSA Cybersecurity Directorate
    Quantum Computing and Post-Quantum Cryptography
    https://www.nsa.gov/what-we-do/cybersecurity/post-quantum-cybersecurity-resources/

  • The Human Firewall, Why People Are the Strongest & Weakest Link in Cybersecurity

    When people think of cybersecurity, they often imagine complex firewalls, encryption, and cutting-edge technologies guarding systems. And while those tools and algorithms are essential for cybersecurity professionals, the truth is that most cyber incidents don’t starts with a machine failing, they start with a human mistake.

    A single click on a convincing email, a password reused across accounts, or a moment of distraction on a busy morning (typically while multi-tasking) can open the door to an attacker. That’s why, as we celebrate Cybersecurity Awareness Month, it is worth reflecting on a simple truth: people can be the strongest defense, BUT ALSO the weakest link.

    The Moment It Clicked for Me

    At the beginning of my career, I was focused purely on the technical side of things. I wanted to build systems that couldn’t fail, applications that were robust, and code that was bulletproof. Then, as I advanced on my cybersecurity journey, I learned an important lesson: technology is predictable people are not.

    I still remember an incident early on when a colleague received what looked like a legitimate email from her manager. It even mentioned a real project she was working on. Without hesitation, she opened the attachment, and in seconds, alarms went off across our monitoring systems.

    She wasn’t careless, she was busy, multitasking, and simply trying to get work done. That single moment showed me that cybersecurity is not just about patches or firewalls. It is about awareness, behavior, and culture.

    Everyday Scenarios That Catch Professionals Off Guard

    You don’t have to work in IT to face cyber risks. They happen quietly, in the middle of an ordinary day:

    • You’re running between meetings, open an email labeled “Updated Calendar Invite,” and click before noticing the sender’s address looks off.
    • A coworker or your manager messages you on social media asking for a quick password reset link or to share some internal only/confidential info…except it’s not actually your coworker.
    • Your phone’s battery drained so you decided to connect with your laptop to an airport or coffeshop Wi-Fi to finish an important report or email, unaware that someone nearby is intercepting network traffic.

    As you can see, none of these moments involve advanced hacking. They simply rely on our routines, habits, and trust, the exact same qualities that make us good at our jobs.

    Turning Awareness Into Action

    Over time, I realized that awareness by itself is not enough. It is what people do with that awareness that really matters. Organizations that succeed at this don’t just remind employees to “stay vigilant” once a year with compliance training, they make security a part of the company culture.

    Some do it through gamification, turning security best practices into friendly competitions or team challenges. Others run phishing simulations, harmless exercises that mimic real world attacks to help employees spot warning signs before the real ones hit.

    And this is where leadership matters. When managers recognize and celebrate good security habits, like someone reporting a suspicious email or spotting a fake login page. Recognition sends a powerful message, cybersecurity is not just an IT task, it’s everyone’s responsibility.

    I have seen departments compete to see who reports the most phishing attempts or earn recognition in company newsletters for their vigilance. Small gestures like that turn awareness into motivation. When people feel ownership, they stop being passive participants and start acting as part of the defense.

    Five Habits That Strengthen Your “Human Firewall”

    You don’t need to be technical to protect yourself and your organization. A few small habits go a long way:

    1. Pause before clicking. If something feels off, trust your gut.
    2. Use multi-factor authentication (MFA) everywhere you can. It blocks most unauthorized logins.
    3. Keep your software up to date. Those updates often close critical security holes or vulnerabilities.
    4. Use strong, unique passwords. Don’t use the same passwords for many systems and keep work and personal passwords completely different. A password manager makes this way simpler, check this post from WIRED for some option.
    5. Report anything suspicious. Even if you’re not sure, that one report might stop a major incident.

    Each small action may seem minor, but together they create a powerful safety net.

    To close, as you can see Cybersecurity is far from being just about technology, it is about people making thoughtful choices every day. Every click, every login, every moment of caution adds up to a safer environment for everyone.

    So on this 2025 Cybersecurity Awareness Month I invite you to take a moment to reflect:
    What is one simple habit on your daily routine that you can strengthen today to protect yourself, your team, and your organization?

    After all, every company already has a Firewall, it’s made of people. And the stronger the human firewall becomes, the safer we all are.

    If you would like to continue reading about Cybersecurity awareness from a professional and not super technical angle. I invite you to check “Cybe Crisis” book by Dr. Eric Cole who is an adviser of Bill Gates.

  • Book Review – Cyber Crisis by Dr. Eric Cole

    To celebrate the start of this year’s  Cybersecurity Awareness Month and mark the very first post on this new site, I’d like to reshare an article I originally published on October 17, 2021. It highlights a book by Dr. Eric Cole. It is a simple, accessible read designed for all audiences, yet still highly relevant today. The book emphasizes that cybersecurity is a shared responsibility, connecting every individual, and underlines the importance of making informed, risk-based decisions to strengthen our collective security awareness.

    I hope you find it as relevant and insightful today as when it was first shared.

    Original Post:

    I was getting ready to go on vacation for a couple of weeks back in early August and while listening to Dr. Eric Cole’s ”Life of a CISO” podcast (which by the way I totally recommend specially for those in Infosec management and executive positions or those who aspire to get into these type of roles) I came to know that he was releasing his much anticipated ”Cyber Crisis” book. I did not hesitate and ordered a hard copy of it to take it with me to the beach.

    ree
    Cover of ‘Cyber Crisis’ by Eric Cole.

    Cyber Crisis is a security book for everyone, from non-security readers to experienced IT professionals. It is an easy read, it does not go deep in any technical concepts but in my opinion it addresses the main goal of raising cybersecurity awareness. For those not in the security field this book is a complete eye opener, with facts and examples it shows you how “cybersecurity is a silent killer. Most people are completely unaware that it’s happening until it is too late”. The book talks about how we are all targets for cyber-criminals and how it is our responsibility to make security oriented decisions when our information (personal, business, family, etc.) is at stake.

    For seasoned IT Security professional this book is still a must read. Most (if not all) of the concepts covered on this book will be well known to you. But this book brings you back to the baseline, it reminds you that in order to solve complex security problems we have to never forget the basic of security. With all our busy lives and the struggles of the day-to-day specific security and the specific complexities that each of the organizations we are working with/for represent. The challenges sometimes we tend to focus 

    I really like how this book over emphasizes on the fact that we need to ask the right questions. Cyber Security is not the government’s responsibility, or the security team of your companies responsibility it is OUR responsibility of users of the internet. We are all targets and its huge mistake to think otherwise (comparing your assets with a large multi-million dollar assets just doesn’t make sense). But in reality as an attacker you know that the success probabilities to attack a firm that invests millions on security are way lower than attacking a company that invests only thousands of dollars, or even worse an individual that only invests a couple of hundred dollars in security. We are all exposed and the only true is that sooner or later we‘ll be the target and it is better to be prepared with some of the best practices outline in the book.

    Next time you add some value to your business or personal applications/network as yourself the follow questions:

    • What is the value I am getting
    • What is the security risk / exposure I am getting for adding this value
    • Is it worth it?

    Just by asking ourselves these three simple questions we are going to start making risk based decisions that will improve our security posture.

    The book has the following nine chapters:

    1. We are all Targets
    2. We Live in Cyberspace
    3. The Haskers are here
    4. Mobile Weaknesses
    5. Your Life, Hanging in the Cloud
    6. They’re in your Business
    7. National Infrastructure Attack
    8. Cyberspace: A Place with No Borders
    9. Surviving the Cyber Crisis

    All of them touching the topics of discussion in layman terms but a from crucial angle, becoming an eye-opener and bringing awareness in all areas touched.

    In sumary this is a fantastic book written by an authority in the Information Security word. Dr Eric Cole’s put this book in a way that is going to be easy to digest to all audiences. The way in which he brings cyber security awareness is just fantastic. All the security information given in this book will be applicable to your role at your workplace, your business, and with your home and personal life.