What cyber security topics do Mark Hayward's books cover?

Mark Hayward's 130+ books cover a wide range of cyber security topics including Identity & Access Management (IAM), Incident Response, Wireless Security, IoT Security, OSINT, Governance & Policy, SOC2 Certification, PCI DSS compliance, the Cyber Assessment Framework, and AI standards like ISO 42001.

What formats are the cyber security books available in?

All books are available on Amazon in Kindle eBook format (with many on Kindle Unlimited), paperback, and hardcover editions. Digital versions offer instant download, while physical copies ship worldwide through Amazon.

Are these books suitable for beginners in cyber security?

Yes! The collection includes books for all skill levels. 'Cyber Security for Beginners' is the recommended starting point. From there, readers can progress through intermediate and advanced titles covering specialised topics like ethical hacking, threat detection, and enterprise security.

Mark Hayward is a UK-based cyber security expert with over 23 years of experience and a veteran of the UK Armed Forces. He has served both independently and within prominent organisations, providing cyber security services to local and central government departments. He is the author of 130+ published books on cyber security.

Can I purchase these books outside the United States?

Absolutely. All books are available worldwide through Amazon. Kindle eBooks can be downloaded instantly from any country, and physical copies (paperback and hardcover) ship globally through Amazon's international delivery network.

What is Post-Quantum Cryptography? | Mark Hayward Cyber Security Blog

## The Encryption Problem No One Is Talking About

Most organisations today rely on encryption algorithms like RSA and ECC (Elliptic Curve Cryptography) to protect sensitive data — from banking transactions and government communications to personal emails and passwords. These algorithms are trusted because cracking them would take traditional computers millions of years.

But quantum computers change that equation entirely.

---

## What Is a Quantum Computer?

A quantum computer is not simply a faster version of the computers we use today. It operates on fundamentally different physics.

Traditional computers store information as bits — either a 0 or a 1. Quantum computers use qubits, which can exist as 0, 1, or both simultaneously (a property called superposition). Combined with another quantum property called entanglement, this allows quantum computers to perform certain types of calculations at extraordinary speeds.

The key word there is *certain types*. Quantum computers are not better at everything. But they are dramatically better at the specific type of mathematics that underpins most of today's encryption.

---

## Why Does This Threaten Encryption?

In 1994, mathematician Peter Shor developed an algorithm — now called Shor's Algorithm — that a sufficiently powerful quantum computer could use to factorise large prime numbers at speed. RSA encryption is based on the assumption that factorising large prime numbers is effectively impossible. Shor's Algorithm renders that assumption false.

A powerful enough quantum computer could, in theory, break RSA-2048 encryption in hours rather than millions of years.

We do not yet have a quantum computer large and stable enough to do this. But the consensus among cryptographers and intelligence agencies worldwide is that we will — likely within 10 to 15 years. Some estimates are shorter.

---

## What Is Post-Quantum Cryptography?

Post-quantum cryptography (sometimes called quantum-resistant or quantum-safe cryptography) refers to cryptographic algorithms that are designed to be secure against attacks from both classical and quantum computers.

These algorithms do not rely on factorising large primes or solving discrete logarithm problems — the mathematical tasks that quantum computers excel at breaking. Instead, they use different hard mathematical problems that quantum computers are not known to be able to solve efficiently.

Examples include:

- **Lattice-based cryptography** — based on the difficulty of solving certain problems in high-dimensional geometry

- **Hash-based cryptography** — uses one-way hash functions that are believed to remain secure post-quantum

- **Code-based cryptography** — based on the difficulty of decoding random linear codes

---

## What Is NIST Doing About It?

The US National Institute of Standards and Technology (NIST) has been running a multi-year Post-Quantum Cryptography Standardisation project. In 2024, NIST finalised its first post-quantum cryptographic standards, including:

- **ML-KEM** (Module-Lattice-Based Key Encapsulation Mechanism) — formerly known as KYBER

- **ML-DSA** (Module-Lattice-Based Digital Signature Algorithm) — formerly known as DILITHIUM

- **SLH-DSA** (Stateless Hash-Based Digital Signature Algorithm) — formerly known as SPHINCS+

These are now the recommended standards for organisations looking to begin transitioning to quantum-resistant encryption.

---

## What Is Harvest Now, Decrypt Later?

One of the most pressing reasons organisations need to act *now* — even though large-scale quantum computers do not yet exist — is a threat known as Harvest Now, Decrypt Later.

Adversaries (particularly nation-state actors) are believed to be harvesting encrypted data today, storing it, and waiting for quantum computers capable of decrypting it to become available. If your organisation transmits sensitive data that needs to remain confidential for 10 or more years — government secrets, medical records, financial data, intellectual property — that data may already be at risk.

---

## What Should Organisations Do Right Now?

### 1. Conduct a Cryptographic Inventory

Identify every system, application, and communication channel in your organisation that relies on encryption. What algorithms are in use? Which data is most sensitive and long-lived?

### 2. Prioritise Your Migration

Not everything needs to be migrated at once. Focus first on data with the longest confidentiality requirements and the highest impact if compromised.

### 3. Move to Crypto-Agility

Design your systems so that cryptographic algorithms can be swapped out without redesigning entire systems. This is called crypto-agility, and it is now considered a best practice regardless of the quantum threat.

### 4. Follow NIST Standards

Begin testing and piloting the NIST-approved post-quantum algorithms in non-critical systems now to build familiarity and identify integration challenges before a full migration is required.

### 5. Stay Informed

This space is evolving rapidly. The UK's NCSC and the US CISA both publish guidance on post-quantum readiness. Subscribe to their updates.

---

## The Bottom Line

Post-quantum cryptography is not science fiction — it is an active and urgent area of cyber security policy, research, and planning. The transition away from vulnerable algorithms will be one of the largest infrastructure changes in the history of the internet. Organisations that start planning now will be ahead of the curve. Those that wait may find themselves scrambling under pressure — or worse, holding data that has already been harvested and is waiting to be decrypted.

The quantum clock is ticking. The question is not *if* you need to act. It is *when*.