The Entropy Podcast
Hosted by Francis Gorman, The Entropy Podcast brings together intelligence community veterans, post-quantum cryptography pioneers, CISOs, business leaders, and frontline practitioners for unfiltered conversations on the threats, complexity, and geopolitics shaping our world.
Past guests include former senior CIA officers, leading cryptographers, digital forensics experts, and security and technology leaders from across financial services, critical infrastructure, and government, voices rarely heard together in one place.
Each episode goes beyond headlines to explore how cyber risk, emerging technology, and geopolitical instability are reshaping the way organisations operate, compete, and defend themselves. Expect candid insight on quantum risk, nation-state threats, AI, espionage, financial crime, business resilience, and the human dimensions of leadership.
Designed for CISOs, board members, founders, technologists, policy thinkers, and the professionally curious, Entropy sits at the intersection of business, technology, and cybersecurity a space for genuine conversations with unique minds, the kind that don’t fit neatly into a press release.
The name Entropy reflects the growing complexity and unpredictability of the systems we depend on, and the discipline required to lead through them.
Disclaimer: The views and opinions expressed on The Entropy Podcast are those of the host and guests in their personal capacity and do not represent the views, positions, or policies of their respective employers, affiliated organisations, or any government body. Guest appearances do not constitute endorsement by the host, and the host’s commentary does not constitute endorsement of guests’ views. Content is provided for informational and educational purposes only and does not constitute professional, legal, financial, or security advice.
One of the topics I cover a lot on this show is post quantum readiness, I believe awareness of this emerging technology is key for a safer world into the future. To support this awareness I have built a free resource to help you explore the world of quantum and learn as you go. You can find it here: www.postquantumready.com
Buy Our Swag:
We now have some slick new swag you can purchase through our Esty store.
https://theentropypodcast.etsy.com
Watch and Subscribe
You can also watch full episodes and exclusive content on our YouTube channel:
www.youtube.com/@TheEntropyPodcast
Achievements
The Entropy Podcast delivered strong chart performance throughout 2025, demonstrating consistent international reach and listener engagement.
- Regularly ranked within the Top 20 Technology podcasts in Ireland.
- Achieved a Top 25 placement in the United States Technology charts, holding the position for one week.
- Charted internationally across multiple markets, including Israel, Belgium, and the United Kingdom.
This performance reflects sustained global interest and growing recognition across key podcast markets.
Audio Quality Notice
Some episodes may feature minor variations in audio quality due to remote recording environments and external factors. We continuously strive to deliver the highest possible audio standards and appreciate your understanding.
The Entropy Podcast
Harvest Now, Litigate Later Quantum Exposure with Darren Bender
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode of the Entropy Podcast, Francis Gorman sits down with Darren Bender, a Texas-based attorney, chief legal officer, and co-founder working at the intersection of law, IT, and post-quantum cryptography.
The conversation explores a question many boards, legal teams, and security leaders are only beginning to face: when quantum computers threaten today’s encryption, who becomes liable for doing nothing?
Darren breaks down post-quantum negligence in practical terms, explaining why “we didn’t know” may not be a credible defence for much longer. From Harvest Now, Decrypt Later attacks to board minutes, data shelf life, migration timelines, DORA compliance, procurement decisions, and third-party liability, this episode reframes quantum readiness as more than a technical challenge.
It is a governance issue. A legal exposure issue. A fiduciary duty issue. And potentially, a future courtroom issue.
Key Takeaways
- Post-quantum cryptography is no longer just a cybersecurity concern; it is becoming a boardroom and legal risk conversation.
- Organisations may need to show how they assessed quantum risk, prioritised critical data, and documented informed decisions.
- Board minutes, governance records, risk assessments, cryptographic inventories, and migration plans could become central evidence in future litigation.
- “Cryptographic procrastination” may become difficult to defend if organisations knew about the risk but chose not to act.
- The Mosca theorem helps boards think about whether their data shelf life plus migration time exceeds the timeline for a cryptographically relevant quantum computer.
- The Learned Hand formula offers a legal lens for comparing the burden of prevention against the probability and magnitude of future harm.
- Financial services, healthcare, energy, and critical infrastructure may be among the first sectors exposed to post-quantum liability.
- DORA and similar regulatory frameworks may create either a defensive treasure trove or a litigation minefield, depending on the quality of the paper trail.
- Supply-chain liability will be complex, with SaaS providers, cloud providers, HSM vendors, certificate authorities, and customers all potentially pulled into the same dispute.
- Procurement teams should start asking not just whether vendors are secure today, but whether they can support post-quantum migration tomorrow.
Soundbytes
“Quantum risk is moving from the server room to the boardroom.”
“Harvest Now, Decrypt Later may become Harvest Now, Litigate Later.”
“The question is not just whether encryption breaks. It is who knew, who acted, and who documented the decision.”
“In a future lawsuit, the paper trail may matter as much as the technology.”
“Cryptographic procrastination is not a strategy.”
“Doing nothing may be the most expensive decision a board ever makes.”
“Post-quantum readiness is not a light switch. It is a long fuse with a big boom at the end.”
“If your data still has value when quantum arrives, your risk clock has already started.”
“DORA can be a treasure trove or a minefield. It depends what your records show.”
“Your vendors may hold the keys, but your organisation may still hold the liability.”
“Quantum readiness is no longer just about algorithms. It is about governance, accountability, and foreseeable harm.”
“The courtroom may become the place where quantum risk finally gets priced.”