About the PQC Migration Framework
The Applied Quantum PQC Migration Framework is an open-access, practitioner-grounded methodology for planning and executing enterprise-wide post-quantum cryptography migration. It was developed by Marin Ivezic and published by Applied Quantum.
The framework is not a theoretical exercise. It was built from direct experience leading real PQC migration programs, including programs generating up to 120,000 tasks in a single enterprise’s integrated master schedule. Of those, approximately 30,000 were direct cryptographic upgrade tasks, each addressing buckets of cryptographic functions numbering in the millions. The other 90,000 were enterprise enablement work: governance, vendor engagement, training, policy, infrastructure modernization, testing, and operational integration. That 1:3 ratio of direct-crypto-to-enablement tasks is one of the framework’s key insights, and one of the reasons PQC migration is far more complex than most organizations anticipate.
The framework provides the complete 8-phase lifecycle from securing executive mandate through sustained crypto-agility, with cross-cutting foundations covering maturity assessment, metrics, regulatory mapping, team structure, SOC implementation (detection, incident response, quantum CTI), and GRC implementation (cascading KRIs, risk appetite, regulatory intelligence, audit). Six sector-specific extensions adapt the methodology for financial services, payments, telecommunications, critical infrastructure / OT, government & defense, and digital assets.
Marin Ivezic
Marin Ivezic is the founder and CEO of Applied Quantum and author of PostQuantum.com. He brings over thirty years of experience at the intersection of cybersecurity, cryptography, and enterprise risk, and over twenty-five years of involvement with quantum technologies.
A former Fortune Global 500 CISO and CTO, Marin has held regional and global leadership positions at IBM, Accenture, PwC, and KPMG. His classical cryptography career spans more than two decades of cryptographic upgrade programs across some of the world’s largest enterprises. His post-quantum work began over a decade ago, advising governments on quantum threats and leading PQC readiness programs with 120,000+ tasks for organizations across financial services, telecommunications, and critical infrastructure.
Marin is the author of Quantum Ready, a practitioner’s guide to organizational quantum readiness; Quantum Sovereignty, on strategic leadership and geopolitics in the quantum era; and Quantum Systems Integration. He is completing a PhD in Quantum Computing.
Applied Quantum
A research-driven professional services firm focused entirely on quantum technologies and post-quantum security, serving financial services, payments, government & defense, telecommunications, critical infrastructure, healthcare/pharma, and digital assets sectors.
PostQuantum.com
Marin’s personal blog on quantum security, with over one million monthly readers. Practitioner-grounded analysis aimed at CISOs, CTOs, security architects, and technology leaders. Every aspect of this framework has been analyzed in depth on PostQuantum.com over the past decade.
Secure Quantum
Applied Quantum’s dedicated quantum security arm, delivering PQC migration programs, quantum risk assessments, SOC and GRC integration for quantum threats, and crypto-agility implementation.
PQCFramework.com
This site, the dedicated companion for the framework, providing direct access to the framework documents, sector extensions, landscape research, and supporting materials.
The PQC Migration Brief
A practitioner newsletter tracking regulatory developments, cryptographic research, and vendor readiness changes that affect PQC migration programs. Every issue applies one editorial filter: does this development change how organizations plan, execute, or govern their migration?