As quantum computing continues to move from theory to reality, organizations with mainframe systems must begin preparing for a new era of cybersecurity. The transition to post-quantum cryptography (PQC) is no longer a distant concern, but an urgent priority that requires planning, coordination, and action across IT and business leaders alike.
To help organizations navigate this shift, SHARE Blueprint (Aug. 20-21) offers a focused, two-day educational experience dedicated to the impact of quantum computing on mainframe environments, held immediately after SHARE’s Pittsburgh conference. Ahead of the event, we spoke with SHARE Blueprint keynote speaker Denise Ruffner, a global leader in quantum technology commercialization and business strategy.
In this Q&A, Ruffner shares her perspective on the most pressing risks organizations face, the immediate steps enterprises should take, and how mainframe environments fit into the broader post-quantum strategy.
From your perspective, what is the most critical risk organizations underestimate as we move toward the post-quantum era?
Denise Ruffner (DR): I've spent more than a decade helping commercialize quantum technology, and one thing I've learned is that large organizations always underestimate how long technology transitions take.
I've seen companies convince themselves they'll move when quantum becomes an immediate threat, but by then they'll already be years behind because cryptography is woven into almost every critical system they own.
When it comes to post-quantum readiness, what actions should enterprises be prioritizing right now, versus planning for later?
DR: The biggest mistake I see is organizations waiting for perfect certainty. You don't need every answer today, but you do need to understand where your cryptography lives, which systems matter most, and what your migration roadmap looks like. I've learned that companies that prepare early always have more options than companies forced to react. It is time that organizations act now.
If an organization could take only a few concrete steps in the next 12-18 months, what would you recommend to build meaningful quantum resilience?
DR: Know what you have. I know that sounds simple, but I've seen organizations discover they don't actually know where all of their cryptography is being used.
Often this is where an external cryptography assessment can help you. Start running pilots, building internal expertise, and learning now, because this transition will reward companies that prepare early — not those that panic late.
What makes mainframe environments uniquely important in the conversation around post-quantum cryptography (PQC)?
DR: Mainframes are where many organizations keep their crown jewels. I've worked with enterprises across banking, healthcare, government, and other industries. When your most critical workloads run on the mainframe, your post-quantum strategy can't treat it as an afterthought. Mainframes should be a priority.
What common assumptions about mainframe cryptography need to be reexamined as quantum capabilities advance?
DR: As quantum capabilities advance, it becomes more important that your mainframe is protected. It will also be important to assess your post-quantum cryptography solution and see when products that improve security are introduced, and understand that the mainframe needs the latest and best post-quantum cryptography.
What skills, roles, or mindset shifts will be most essential for security and infrastructure teams in the post-quantum transition?
DR: The biggest mindset shift is recognizing this isn't a science project — it's a business transformation. Throughout my career, the successful technology adoptions have always been the ones where security, infrastructure, application teams, and executives worked together instead of operating in silos.
How can organizations effectively educate executives and boards about quantum risk without overstating or understating the threat?
DR: I've spent years talking with executives about emerging technologies, and fear is never the best motivator.
I would frame post-quantum security the same way we talked about cloud or AI: a strategic technology transition that requires planning, investment, and leadership — not panic.
What do you hope attendees will walk away with after two days at SHARE Blueprint?
DR: I hope people leave realizing they don't have to become quantum experts. I've seen organizations make tremendous progress simply by asking the questions and taking the first practical steps.
I want each attendee to understand that they need to start now to get their mainframe protected with post-quantum cryptography. I hope that attendees leave with a clear roadmap of their next steps to make this transition.
Denise Ruffner is a business leader in the field of advanced computing technologies and a popular keynote speaker. With a deep understanding of next-generation computing modalities, she has built a career around helping organizations embrace the future of technology to drive innovation and business value.
With over a decade of experience working with quantum computing, Ruffner has a passion for promoting diversity in the quantum workforce, which led her to co-found Diversity in Quantum (DiviQ.org), an organization dedicated to mentoring and supporting diverse talent in the field. She was recently named a Fellow at UC San Diego’s Arthur C. Clarke Center for Human Imagination, recognized for her expertise in neuroscience.